Updating the translation for the 1.16.0 release

18 files changed, 39722 insertions, 26830 deletions

diff --git a/src/man/po/br.po b/src/man/po/br.po
index 468eb93ed..96e149475 100644
--- a/src/man/po/br.po
+++ b/src/man/po/br.po
@@ -6,9 +6,9 @@
 # Fulup <fulup.jakez@gmail.com>, 2012
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.12.90\n"
+"Project-Id-Version: sssd-docs 1.15.3\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2017-07-25 11:51+0200\n"
+"POT-Creation-Date: 2017-10-20 16:15+0200\n"
 "PO-Revision-Date: 2014-12-14 11:51-0500\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Breton (http://www.transifex.com/projects/p/sssd/language/"
@@ -30,7 +30,8 @@ msgstr ""
 #: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
 #: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
 #: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5
-#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-kcm.8.xml:5
+#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-session-recording.5.xml:5
+#: sssd-kcm.8.xml:5 sssd-systemtap.5.xml:5
 msgid "SSSD Manual pages"
 msgstr "Dornlevr SSSD"
 
@@ -75,7 +76,8 @@ msgstr ""
 #: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31
 #: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
 #: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30
-#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-kcm.8.xml:21
+#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-session-recording.5.xml:21
+#: sssd-kcm.8.xml:21 sssd-systemtap.5.xml:21
 msgid "DESCRIPTION"
 msgstr "DESKRIVADUR"
 
@@ -90,8 +92,8 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "DIBARZHIOÙ"
 
@@ -135,7 +137,8 @@ msgstr "sssd.conf"
 #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
 #: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11
 #: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
-#: sssd-files.5.xml:11 sssd-secrets.5.xml:11
+#: sssd-files.5.xml:11 sssd-secrets.5.xml:11 sssd-session-recording.5.xml:11
+#: sssd-systemtap.5.xml:11
 msgid "5"
 msgstr "5"
 
@@ -143,7 +146,8 @@ msgstr "5"
 #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
 #: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12
 #: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
-#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-kcm.8.xml:12
+#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-session-recording.5.xml:12
+#: sssd-kcm.8.xml:12 sssd-systemtap.5.xml:12
 msgid "File Formats and Conventions"
 msgstr ""
 
@@ -294,11 +298,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:813
-#: sssd.conf.5.xml:1422 sssd-ldap.5.xml:1695 sssd-ldap.5.xml:1792
-#: sssd-ldap.5.xml:1854 sssd-ldap.5.xml:2411 sssd-ldap.5.xml:2476
-#: sssd-ldap.5.xml:2494 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:284 sssd-secrets.5.xml:297
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
+#: sssd.conf.5.xml:1467 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1881 sssd-ldap.5.xml:2447 sssd-ldap.5.xml:2512
+#: sssd-ldap.5.xml:2530 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
+#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr "Dre ziouer : true"
 
@@ -315,17 +319,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:697
-#: sssd.conf.5.xml:1376 sssd.conf.5.xml:2691 sssd-ldap.5.xml:708
-#: sssd-ldap.5.xml:1569 sssd-ldap.5.xml:1588 sssd-ldap.5.xml:1764
-#: sssd-ldap.5.xml:2181 sssd-ipa.5.xml:144 sssd-ipa.5.xml:231
-#: sssd-ipa.5.xml:496 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
+#: sssd.conf.5.xml:1400 sssd.conf.5.xml:2865 sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:1596 sssd-ldap.5.xml:1615 sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:2217 sssd-ipa.5.xml:145 sssd-ipa.5.xml:232
+#: sssd-ipa.5.xml:540 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
 #: sssd-krb5.5.xml:471
 msgid "Default: false"
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2219
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2255
+#: sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:210
+#: sssd-systemtap.5.xml:248 sssd-systemtap.5.xml:304
 msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
@@ -348,8 +354,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1328 sssd.conf.5.xml:2707
-#: sssd-ldap.5.xml:1440 include/ldap_id_mapping.xml:264
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1352 sssd.conf.5.xml:2881
+#: sssd-ldap.5.xml:1467 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr ""
 
@@ -364,7 +370,7 @@ msgid "The [sssd] section"
 msgstr "Ar rann [sssd]"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:2796
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:2970
 msgid "Section parameters"
 msgstr "Arventennoù ar rann"
 
@@ -412,19 +418,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:589
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
 msgid "reconnection_retries (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:592
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:597
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
 msgid "Default: 3"
 msgstr "Dre ziouer : 3"
 
@@ -444,7 +450,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2508
 msgid "re_expression (string)"
 msgstr "re_expression (neudennad)"
 
@@ -464,12 +470,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2391
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2559
 msgid "full_name_format (string)"
 msgstr "full_name_format (neudennad)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2394
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2562
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -477,39 +483,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2405
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2573
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2574
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2577
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2412
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2580
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2418
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2586
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2421
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2589
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2402
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2570
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -633,11 +639,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1132 sssd-ldap.5.xml:679
-#: sssd-ldap.5.xml:1528 sssd-ldap.5.xml:1540 sssd-ldap.5.xml:1622
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1156 sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:1555 sssd-ldap.5.xml:1567 sssd-ldap.5.xml:1649
 #: sssd-ad.5.xml:667 sssd-ad.5.xml:742 sssd-krb5.5.xml:410 sssd-krb5.5.xml:556
-#: sssd-secrets.5.xml:272 sssd-secrets.5.xml:310 sssd-secrets.5.xml:323
-#: sssd-secrets.5.xml:337 sssd-secrets.5.xml:348
+#: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
+#: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415
 #: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
 msgid "Default: not set"
 msgstr ""
@@ -673,10 +679,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:448
-#, fuzzy
-#| msgid "re_expression (string)"
 msgid "certificate_verification (string)"
-msgstr "re_expression (neudennad)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:456
@@ -810,8 +814,24 @@ msgid ""
 "be looked up in a random order for each parent domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:563
+msgid ""
+"Please, note that when this option is set the output format of all commands "
+"is always fully-qualified even when using short names for input.  In case "
+"the administrator wants the output not fully-qualified, the full_name_format "
+"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
+"However, keep in mind that during login, login applications often "
+"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
+"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
+"shortname is returned for a qualified input (while trying to reach a user "
+"which exists in multiple domains) might re-route the login attempt into the "
+"domain which users shortnames, making this workaround totally not "
+"recommended in cases where usernames may overlap between domains."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563 sssd.conf.5.xml:1340 sssd.conf.5.xml:2757
+#: sssd.conf.5.xml:587 sssd.conf.5.xml:1364 sssd.conf.5.xml:2931
 #: sssd-ad.5.xml:148 sssd-ad.5.xml:286 sssd-ad.5.xml:300
 msgid "Default: Not set"
 msgstr ""
@@ -828,12 +848,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:574
+#: sssd.conf.5.xml:598
 msgid "SERVICES SECTIONS"
 msgstr "RANNOÙ SERVIJOÙ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:600
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -842,22 +862,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:607
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:609
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:626
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:605
+#: sssd.conf.5.xml:629
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -867,17 +887,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:614
+#: sssd.conf.5.xml:638
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:643
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:646
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -887,18 +907,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:631 sssd.conf.5.xml:663 sssd.conf.5.xml:944
-#: sssd.conf.5.xml:1198 sssd-ldap.5.xml:1267
+#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
+#: sssd.conf.5.xml:1222 sssd-ldap.5.xml:1294
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:660
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:663
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -906,24 +926,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:670
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:673
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:678
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:681
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -931,12 +951,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:692
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:695
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -948,58 +968,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685 sssd.conf.5.xml:956 sssd.conf.5.xml:1514
+#: sssd.conf.5.xml:709 sssd.conf.5.xml:980 sssd.conf.5.xml:1559
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:690
+#: sssd.conf.5.xml:714
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:717
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:729
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:731
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:712
+#: sssd.conf.5.xml:736
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715
+#: sssd.conf.5.xml:739
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:719
+#: sssd.conf.5.xml:743
 msgid "Default: 120"
 msgstr "Dre ziouer : 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:748
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
+#: sssd.conf.5.xml:751
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1007,7 +1027,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:733
+#: sssd.conf.5.xml:757
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1017,7 +1037,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:767
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1026,17 +1046,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:775 sssd.conf.5.xml:1421
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:780
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:783
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1044,34 +1064,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:765 sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:789 sssd.conf.5.xml:1445
 msgid "Default: 15"
 msgstr "Dre ziouer : 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:770
+#: sssd.conf.5.xml:794
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:773
+#: sssd.conf.5.xml:797
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778 sssd.conf.5.xml:1186 sssd.conf.5.xml:2641 sssd.8.xml:79
+#: sssd.conf.5.xml:802 sssd.conf.5.xml:1210 sssd.conf.5.xml:2815 sssd.8.xml:79
 msgid "Default: 0"
 msgstr "Dre ziouer : 0"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:807
 msgid "filter_users, filter_groups (string)"
 msgstr "filter_users, filter_groups (neudennad)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:786
+#: sssd.conf.5.xml:810
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1080,7 +1100,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:817
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1089,41 +1109,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:801
+#: sssd.conf.5.xml:825
 msgid "Default: root"
 msgstr "Dre zoiuer : root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:830
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:833
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:820
+#: sssd.conf.5.xml:844
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:847
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:852
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:834
+#: sssd.conf.5.xml:858
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1131,23 +1151,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1265 sssd.conf.5.xml:1284
+#: sssd.conf.5.xml:856 sssd.conf.5.xml:1289 sssd.conf.5.xml:1308
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:862
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:868
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:871
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1155,47 +1175,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:877
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:883
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:886
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:889
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:869
+#: sssd.conf.5.xml:893
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:898
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:879
+#: sssd.conf.5.xml:903
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:906
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1203,105 +1223,105 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:913
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:892
+#: sssd.conf.5.xml:916
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:920
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:925
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:904
+#: sssd.conf.5.xml:928
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:909
+#: sssd.conf.5.xml:933
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:936
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:940
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:945
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:948
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:954
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:937 sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:961 sssd.conf.5.xml:1215
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1218
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:973
 msgid "memcache_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:952
+#: sssd.conf.5.xml:976
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:983
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:967 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:991 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:994
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1312,96 +1332,96 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1007
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1012
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:993
+#: sssd.conf.5.xml:1017
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:996
+#: sssd.conf.5.xml:1020
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1025 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1004
+#: sssd.conf.5.xml:1028
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1012
+#: sssd.conf.5.xml:1036
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1038
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1043
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1022
+#: sssd.conf.5.xml:1046
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027 sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1051 sssd.conf.5.xml:1064
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1057
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1060
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1070
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1073
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1078
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1409,122 +1429,122 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1084 sssd.conf.5.xml:1182
 msgid "Default: 5"
 msgstr "Dre zoiuer : 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1090
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1093
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1098
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1101
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1104
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1108
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1111
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.8.xml:63
+#: sssd.conf.5.xml:1115 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1121
 msgid "pam_response_filter (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1124
 msgid ""
-"A comma separated list of strings which allows to remove (filter) data send "
+"A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
-"responses send to pam_sss e.g. messages displayed to the user or environment "
+"responses sent to pam_sss e.g. messages displayed to the user or environment "
 "variables which should be set by pam_sss."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1132
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1139
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1116
-msgid "Do not sent any environment variables to any service."
+#: sssd.conf.5.xml:1140
+msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1143
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
-msgid "Do not sent environment variable var_name to any service."
+#: sssd.conf.5.xml:1144
+msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1148
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1125
-msgid "Do not sent environment variable var_name to service."
+#: sssd.conf.5.xml:1149
+msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1137
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1159
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1165
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1168
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1532,7 +1552,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1174
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1541,17 +1561,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1188
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1167 sssd.conf.5.xml:1866
+#: sssd.conf.5.xml:1191 sssd.conf.5.xml:2010
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1194
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1559,26 +1579,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1869
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2013
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1205
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1227
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1206
+#: sssd.conf.5.xml:1230
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1588,74 +1608,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1240
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1220
+#: sssd.conf.5.xml:1244
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1251
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1254
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1258
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1238
+#: sssd.conf.5.xml:1262
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1242
+#: sssd.conf.5.xml:1266
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1246 sssd.conf.5.xml:1271 sssd.conf.5.xml:1290
-#: sssd.conf.5.xml:1663 sssd.conf.5.xml:2577 sssd-ldap.5.xml:1823
+#: sssd.conf.5.xml:1270 sssd.conf.5.xml:1295 sssd.conf.5.xml:1314
+#: sssd.conf.5.xml:1807 sssd.conf.5.xml:2751 sssd-ldap.5.xml:1850
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1275
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1254
+#: sssd.conf.5.xml:1278
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1283
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:1291
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1663,19 +1683,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1276
+#: sssd.conf.5.xml:1300
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1303
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1310
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1683,12 +1703,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1319
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1322
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1696,60 +1716,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1304 sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1078
-#: sssd-ldap.5.xml:1369 sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1896
+#: sssd.conf.5.xml:1328 sssd-ldap.5.xml:1078 sssd-ldap.5.xml:1105
+#: sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1417 sssd-ldap.5.xml:1923
 #: include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1309
-#, fuzzy
-#| msgid "full_name_format (string)"
+#: sssd.conf.5.xml:1333
 msgid "pam_cert_db_path (string)"
-msgstr "full_name_format (neudennad)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1312
+#: sssd.conf.5.xml:1336
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1340
 msgid "Default: /etc/pki/nssdb (NSS version)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1345
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1348
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1357
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1360
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1349
+#: sssd.conf.5.xml:1373
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1351
+#: sssd.conf.5.xml:1375
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1760,34 +1778,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1392
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1371
+#: sssd.conf.5.xml:1395
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1407
+msgid "sudo_threshold (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1410
+msgid ""
+"Maximum number of expired rules that can be refreshed at once. If number of "
+"expired rules is below threshold, those rules are refreshed with "
+"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
+"<quote>full refresh</quote> of sudo rules is triggered instead. This "
+"threshold number also applies to IPA sudo command and command group searches."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1429
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1431
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1390
+#: sssd.conf.5.xml:1435
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1393
+#: sssd.conf.5.xml:1438
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1795,68 +1828,68 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1409
+#: sssd.conf.5.xml:1454
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1411
+#: sssd.conf.5.xml:1456
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1415
+#: sssd.conf.5.xml:1460
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1463
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1427
+#: sssd.conf.5.xml:1472
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430
+#: sssd.conf.5.xml:1475
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1434
+#: sssd.conf.5.xml:1479
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1484
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1487
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1447
+#: sssd.conf.5.xml:1492
 msgid "Default: /etc/pki/nssdb"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1455
+#: sssd.conf.5.xml:1500
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1457
+#: sssd.conf.5.xml:1502
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1867,7 +1900,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1466
+#: sssd.conf.5.xml:1511
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1878,24 +1911,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1519
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1525
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1484 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1529 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1487
+#: sssd.conf.5.xml:1532
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1903,12 +1936,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1538
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1497
+#: sssd.conf.5.xml:1542
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -1917,29 +1950,150 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
+#: sssd.conf.5.xml:1551
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1554
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1567
+msgid "Session recording configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1569
+msgid ""
+"Session recording works in conjunction with <citerefentry> "
+"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>, a part of tlog package, to log what users see and type when "
+"they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
+"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1582
+msgid "These options can be used to configure session recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1586 sssd-session-recording.5.xml:64
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "scope (string)"
+msgstr "re_expression (neudennad)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:71
+msgid "\"none\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:74
+msgid "No users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1601 sssd-session-recording.5.xml:79
+msgid "\"some\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1604 sssd-session-recording.5.xml:82
+msgid ""
+"Users/groups specified by <replaceable>users</replaceable> and "
+"<replaceable>groups</replaceable> options are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1613 sssd-session-recording.5.xml:91
+msgid "\"all\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1616 sssd-session-recording.5.xml:94
+msgid "All users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1589 sssd-session-recording.5.xml:67
+msgid ""
+"One of the following strings specifying the scope of session recording: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:101
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: \"none\""
+msgstr "Dre ziouer : 3"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1628 sssd-session-recording.5.xml:106
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "users (string)"
+msgstr "re_expression (neudennad)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1631 sssd-session-recording.5.xml:109
+msgid ""
+"A comma-separated list of users which should have session recording enabled. "
+"Matches user names as returned by NSS. I.e. after the possible space "
+"replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1637 sssd-session-recording.5.xml:115
+msgid "Default: Empty. Matches no users."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1642 sssd-session-recording.5.xml:120
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "groups (string)"
+msgstr "re_expression (neudennad)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1645 sssd-session-recording.5.xml:123
+msgid ""
+"A comma-separated list of groups, members of which should have session "
+"recording enabled. Matches group names as returned by NSS. I.e. after the "
+"possible space replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1651 sssd-session-recording.5.xml:129
+msgid ""
+"NOTE: using this option (having it set to anything) has a considerable "
+"performance cost, because each uncached request for a user requires "
+"retrieving and matching the groups the user is member of."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:136
+msgid "Default: Empty. Matches no groups."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1668
 msgid "DOMAIN SECTIONS"
 msgstr "RANNOÙ DOMANI"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1531
+#: sssd.conf.5.xml:1675
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1534
+#: sssd.conf.5.xml:1678
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -1948,14 +2102,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1542
+#: sssd.conf.5.xml:1686
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546
+#: sssd.conf.5.xml:1690
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -1964,40 +2118,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1698
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1702
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1562
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd.conf.5.xml:1706
 msgid "Default: posix"
-msgstr "Dre ziouer : 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1568
+#: sssd.conf.5.xml:1712
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1715
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1720
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2006,46 +2158,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1727
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1731
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1737
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596
+#: sssd.conf.5.xml:1740
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1744
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603
+#: sssd.conf.5.xml:1747
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1821 sssd.conf.5.xml:1988
+#: sssd.conf.5.xml:1750 sssd.conf.5.xml:1965 sssd.conf.5.xml:2132
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1609
+#: sssd.conf.5.xml:1753
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2057,14 +2209,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1766
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1771
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2073,39 +2225,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:1779
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1643
+#: sssd.conf.5.xml:1787
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1650
+#: sssd.conf.5.xml:1794
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1651
+#: sssd.conf.5.xml:1795
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1798
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1799
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1790
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2114,19 +2266,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1813
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672
+#: sssd.conf.5.xml:1816
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1820
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2137,151 +2289,151 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1689
+#: sssd.conf.5.xml:1833
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1695
+#: sssd.conf.5.xml:1839
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1698
+#: sssd.conf.5.xml:1842
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1702 sssd.conf.5.xml:1715 sssd.conf.5.xml:1728
-#: sssd.conf.5.xml:1741 sssd.conf.5.xml:1754 sssd.conf.5.xml:1768
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1846 sssd.conf.5.xml:1859 sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1885 sssd.conf.5.xml:1898 sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1926
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1708
+#: sssd.conf.5.xml:1852
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1711
+#: sssd.conf.5.xml:1855
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1721
+#: sssd.conf.5.xml:1865
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1868
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1878
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1881
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1891
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1750
+#: sssd.conf.5.xml:1894
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1760
+#: sssd.conf.5.xml:1904
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1763
+#: sssd.conf.5.xml:1907
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1774
+#: sssd.conf.5.xml:1918
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1921
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1932
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1791
+#: sssd.conf.5.xml:1935
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1796
+#: sssd.conf.5.xml:1940
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1944
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1804 sssd-ldap.5.xml:746 sssd-ipa.5.xml:247
+#: sssd.conf.5.xml:1948 sssd-ldap.5.xml:746 sssd-ipa.5.xml:248
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1810
+#: sssd.conf.5.xml:1954
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1957
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1961
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1827
+#: sssd.conf.5.xml:1971
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1830
+#: sssd.conf.5.xml:1974
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2289,24 +2441,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1981
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1986
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1992
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1995
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2315,17 +2467,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1858
+#: sssd.conf.5.xml:2002
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:2007
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1874
+#: sssd.conf.5.xml:2018
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2334,33 +2486,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1881
+#: sssd.conf.5.xml:2025
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:2031
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2034
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1894
+#: sssd.conf.5.xml:2038
 msgid "<quote>proxy</quote>: Support a legacy NSS provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897 sssd.conf.5.xml:2034
+#: sssd.conf.5.xml:2041 sssd.conf.5.xml:2178
 msgid "<quote>local</quote>: SSSD internal provider for local users"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:2045
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2368,8 +2520,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1909 sssd.conf.5.xml:2014 sssd.conf.5.xml:2069
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2053 sssd.conf.5.xml:2158 sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2378,8 +2530,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1918 sssd.conf.5.xml:2023 sssd.conf.5.xml:2078
-#: sssd.conf.5.xml:2141
+#: sssd.conf.5.xml:2062 sssd.conf.5.xml:2167 sssd.conf.5.xml:2222
+#: sssd.conf.5.xml:2285
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2387,19 +2539,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2073
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:2076
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2081
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2408,7 +2560,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1945
+#: sssd.conf.5.xml:2089
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2416,22 +2568,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1952
+#: sssd.conf.5.xml:2096
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2102
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1961
+#: sssd.conf.5.xml:2105
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2108
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2443,7 +2595,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1982
+#: sssd.conf.5.xml:2126
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2451,19 +2603,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1993
+#: sssd.conf.5.xml:2137
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1996
+#: sssd.conf.5.xml:2140
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000 sssd.conf.5.xml:2062
+#: sssd.conf.5.xml:2144 sssd.conf.5.xml:2206
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2471,7 +2623,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2007
+#: sssd.conf.5.xml:2151
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2479,30 +2631,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2175
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2182
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2041
+#: sssd.conf.5.xml:2185
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2191
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2194
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2510,19 +2662,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
+#: sssd.conf.5.xml:2200
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059
+#: sssd.conf.5.xml:2203
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2086
+#: sssd.conf.5.xml:2230
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2531,7 +2683,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2093
+#: sssd.conf.5.xml:2237
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -2539,29 +2691,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2244
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2247
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2108
+#: sssd.conf.5.xml:2252
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2111
+#: sssd.conf.5.xml:2255
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2116
+#: sssd.conf.5.xml:2260
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2569,7 +2721,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2124
+#: sssd.conf.5.xml:2268
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2577,35 +2729,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2149
+#: sssd.conf.5.xml:2293
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2153
+#: sssd.conf.5.xml:2297
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2300
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2163
+#: sssd.conf.5.xml:2307
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2166
+#: sssd.conf.5.xml:2310
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2314
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2613,32 +2765,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2178
+#: sssd.conf.5.xml:2322
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2326
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2186
+#: sssd.conf.5.xml:2330
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189 sssd.conf.5.xml:2267 sssd.conf.5.xml:2308
-#: sssd.conf.5.xml:2333
+#: sssd.conf.5.xml:2333 sssd.conf.5.xml:2411 sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2501
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2337
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2649,12 +2801,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2210
+#: sssd.conf.5.xml:2354
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2357
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -2662,7 +2814,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2219
+#: sssd.conf.5.xml:2363
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2670,31 +2822,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2227
+#: sssd.conf.5.xml:2371
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2230
+#: sssd.conf.5.xml:2374
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2380
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2383
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2245
+#: sssd.conf.5.xml:2389
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2702,7 +2854,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2254
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2711,23 +2863,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2263
+#: sssd.conf.5.xml:2407
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2417
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "session_provider (string)"
+msgstr "re_expression (neudennad)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2420
+msgid ""
+"The provider which configures and manages user session related tasks. The "
+"only user session task currently provided is the integration with Fleet "
+"Commander, which works only with IPA.  Supported session providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2427
+msgid "<quote>ipa</quote> to allow performing user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2431
+msgid ""
+"<quote>none</quote> does not perform any kind of user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2435
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can perform "
+"session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2442
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2445
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2449
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2735,7 +2920,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2288
+#: sssd.conf.5.xml:2456
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2743,7 +2928,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2296
+#: sssd.conf.5.xml:2464
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2751,24 +2936,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2305
+#: sssd.conf.5.xml:2473
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2483
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2486
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2322
+#: sssd.conf.5.xml:2490
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2776,12 +2961,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2330
+#: sssd.conf.5.xml:2498
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2343
+#: sssd.conf.5.xml:2511
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -2791,7 +2976,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2520
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2800,29 +2985,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2525
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2528
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2363
+#: sssd.conf.5.xml:2531
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2366
+#: sssd.conf.5.xml:2534
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2371
+#: sssd.conf.5.xml:2539
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2830,7 +3015,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2377
+#: sssd.conf.5.xml:2545
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2838,137 +3023,145 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2384
+#: sssd.conf.5.xml:2552
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2431
+#: sssd.conf.5.xml:2599
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2437
+#: sssd.conf.5.xml:2605
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2440
+#: sssd.conf.5.xml:2608
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2444
+#: sssd.conf.5.xml:2612
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2447
+#: sssd.conf.5.xml:2615
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2450
+#: sssd.conf.5.xml:2618
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2621
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2456
+#: sssd.conf.5.xml:2624
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2459
+#: sssd.conf.5.xml:2627
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2633
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2468
+#: sssd.conf.5.xml:2636
+msgid ""
+"Defines the amount of time (in seconds) to wait for a reply from the "
+"internal fail over service before assuming that the service is unreachable. "
+"If this timeout is reached, the domain will continue to operate in offline "
+"mode."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2643
 msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
+"Please see the section <quote>FAILOVER</quote> for more information about "
+"the service resolution."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2474 sssd-ldap.5.xml:1251 sssd-ldap.5.xml:1293
-#: sssd-ldap.5.xml:1311 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2648 sssd-ldap.5.xml:1278 sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1338 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2654
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2483
+#: sssd.conf.5.xml:2657
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2661
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2493
+#: sssd.conf.5.xml:2667
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2496
+#: sssd.conf.5.xml:2670
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2502
+#: sssd.conf.5.xml:2676
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2510
+#: sssd.conf.5.xml:2684
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2513
+#: sssd.conf.5.xml:2687
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2519
+#: sssd.conf.5.xml:2693
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2695
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2525
+#: sssd.conf.5.xml:2699
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2528
+#: sssd.conf.5.xml:2702
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -2976,7 +3169,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2505
+#: sssd.conf.5.xml:2679
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -2984,17 +3177,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2540
+#: sssd.conf.5.xml:2714
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2546
+#: sssd.conf.5.xml:2720
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2549
+#: sssd.conf.5.xml:2723
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3002,34 +3195,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2729
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2558
+#: sssd.conf.5.xml:2732
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2561 sssd-ldap.5.xml:1084
+#: sssd.conf.5.xml:2735 sssd-ldap.5.xml:1111
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2564
+#: sssd.conf.5.xml:2738
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2567
+#: sssd.conf.5.xml:2741
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2573
+#: sssd.conf.5.xml:2747
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3037,32 +3230,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2571 sssd-secrets.5.xml:381
+#: sssd.conf.5.xml:2745 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2580
+#: sssd.conf.5.xml:2754
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2587
+#: sssd.conf.5.xml:2761
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2772
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2599
+#: sssd.conf.5.xml:2773
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2764
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3072,34 +3265,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:2778
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:2782
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2613
+#: sssd.conf.5.xml:2787
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2616
+#: sssd.conf.5.xml:2790
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2622
+#: sssd.conf.5.xml:2796
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2625
+#: sssd.conf.5.xml:2799
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3107,12 +3300,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2805
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2635
+#: sssd.conf.5.xml:2809
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3120,7 +3313,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1670
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3128,29 +3321,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2653
+#: sssd.conf.5.xml:2827
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2656
+#: sssd.conf.5.xml:2830
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2659
+#: sssd.conf.5.xml:2833
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2841
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2670
+#: sssd.conf.5.xml:2844
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3158,12 +3351,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2680
+#: sssd.conf.5.xml:2854
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2683
+#: sssd.conf.5.xml:2857
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3172,12 +3365,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2697
+#: sssd.conf.5.xml:2871
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2700
+#: sssd.conf.5.xml:2874
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3185,19 +3378,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2823
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2890
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2892
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3214,7 +3407,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2738
+#: sssd.conf.5.xml:2912
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3222,21 +3415,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2744
-#, fuzzy
-#| msgid "Section parameters"
+#: sssd.conf.5.xml:2918
 msgid "Application domain parameters"
-msgstr "Arventennoù ar rann"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2746
-#, fuzzy
-#| msgid "full_name_format (string)"
+#: sssd.conf.5.xml:2920
 msgid "inherit_from (string)"
-msgstr "full_name_format (neudennad)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2749
+#: sssd.conf.5.xml:2923
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3245,18 +3434,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2937
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
-"through the NSS responder. In addition, the application domains also "
-"requests the telephoneNumber attribute, stores it as the phone attribute in "
-"the cache and makes the phone attribute reachable through the D-Bus "
-"interface."
+"through the NSS responder. In addition, the application domain also requests "
+"the telephoneNumber attribute, stores it as the phone attribute in the cache "
+"and makes the phone attribute reachable through the D-Bus interface."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:2771
+#: sssd.conf.5.xml:2945
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3276,12 +3464,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2963
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2791
+#: sssd.conf.5.xml:2965
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3289,73 +3477,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2798
+#: sssd.conf.5.xml:2972
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2975
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2805
+#: sssd.conf.5.xml:2979
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2810
+#: sssd.conf.5.xml:2984
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2987
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2992
 msgid "Default: <filename>/home</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2823
+#: sssd.conf.5.xml:2997
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:3000
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830 sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:3004 sssd.conf.5.xml:3016
 msgid "Default: TRUE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2835
+#: sssd.conf.5.xml:3009
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2838
+#: sssd.conf.5.xml:3012
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2847
+#: sssd.conf.5.xml:3021
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2850
+#: sssd.conf.5.xml:3024
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3363,17 +3551,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2858
+#: sssd.conf.5.xml:3032
 msgid "Default: 077"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:3037
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2866
+#: sssd.conf.5.xml:3040
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3382,17 +3570,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2876
+#: sssd.conf.5.xml:3050
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2881
+#: sssd.conf.5.xml:3055
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2884
+#: sssd.conf.5.xml:3058
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3400,17 +3588,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2891
+#: sssd.conf.5.xml:3065
 msgid "Default: <filename>/var/mail</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:3070
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2899
+#: sssd.conf.5.xml:3073
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3418,88 +3606,85 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2905
+#: sssd.conf.5.xml:3079
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2915
-#, fuzzy
-#| msgid "DOMAIN SECTIONS"
+#: sssd.conf.5.xml:3089
 msgid "TRUSTED DOMAIN SECTION"
-msgstr "RANNOÙ DOMANI"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:3091
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
 "<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
-"replaceable>]</quote>.  Currently supported options in the trusted domain "
-"section are:"
+"replaceable>]</quote>.  Where DOMAIN_NAME is the actual joined-to base "
+"domain. Please refer to examples below for explanation.  Currently supported "
+"options in the trusted domain section are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2922
+#: sssd.conf.5.xml:3098
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:3099
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2924
+#: sssd.conf.5.xml:3100
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2925
+#: sssd.conf.5.xml:3101
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:3102
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2927
+#: sssd.conf.5.xml:3103
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2928
+#: sssd.conf.5.xml:3104
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2929
+#: sssd.conf.5.xml:3105
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2930
+#: sssd.conf.5.xml:3106
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2932
+#: sssd.conf.5.xml:3108
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2938 sssd-ldap.5.xml:2662 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:673 sssd-ad.5.xml:1018 sssd-krb5.5.xml:570
-#: sss_rpcidmapd.5.xml:98 sssd-files.5.xml:71
-msgid "EXAMPLE"
+#: sssd.conf.5.xml:3114 idmap_sss.8.xml:43
+msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2944
+#: sssd.conf.5.xml:3120
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3529,14 +3714,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2940
+#: sssd.conf.5.xml:3116
 msgid ""
-"The following example shows a typical SSSD config. It does not describe "
+"1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 "id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:3153
+#, no-wrap
+msgid ""
+"[domain/ipa.com/child.ad.com]\n"
+"use_fully_qualified_names = false\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3147
+msgid ""
+"2. The following example shows configuration of IPA AD trust where the AD "
+"forest consists of two domains in a parent-child structure.  Suppose IPA "
+"domain (ipa.com) has trust with AD domain(ad.com).  ad.com has child domain "
+"(child.ad.com). To enable shortnames in the child domain the following "
+"configuration should be used.  <placeholder type=\"programlisting\" id=\"0\"/"
+">"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
 msgid "sssd-ldap"
@@ -3577,7 +3781,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:75 sssd-ad.5.xml:99
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
-#: sssd-secrets.5.xml:94 sssd-kcm.8.xml:141
+#: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
 msgstr ""
 
@@ -3597,7 +3801,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:197
+#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:264
 msgid "The format of the URI must match the format defined in RFC 2732:"
 msgstr ""
 
@@ -3877,16 +4081,14 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:893
+#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:920
 msgid "Default: gidNumber"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:303
-#, fuzzy
-#| msgid "filter_users, filter_groups (string)"
 msgid "ldap_user_primary_group (string)"
-msgstr "filter_users, filter_groups (neudennad)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:306
@@ -3957,7 +4159,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:919
+#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:946
 msgid ""
 "Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
 "IPA"
@@ -3976,7 +4178,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:961
 msgid "Default: objectSid for ActiveDirectory, not set for other servers."
 msgstr ""
 
@@ -3986,14 +4188,14 @@ msgid "ldap_user_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:944 sssd-ldap.5.xml:1167
+#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:971 sssd-ldap.5.xml:1194
 msgid ""
 "The LDAP attribute that contains timestamp of the last modification of the "
 "parent object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:948 sssd-ldap.5.xml:1174
+#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:975 sssd-ldap.5.xml:1201
 msgid "Default: modifyTimestamp"
 msgstr ""
 
@@ -4388,8 +4590,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1199
-#: sssd-ldap.5.xml:2240 sssd-ipa.5.xml:544
+#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1152 sssd-ldap.5.xml:1226
+#: sssd-ldap.5.xml:2276 sssd-ipa.5.xml:588
 msgid "Default: cn"
 msgstr ""
 
@@ -4476,134 +4678,165 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:833
-msgid "ldap_user_certificate (string)"
+msgid "ldap_user_authorized_rhost (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:836
+msgid ""
+"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
+"presence of the rhost attribute in the user's LDAP entry to determine access "
+"privilege. Similarly to host verification process."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:843
+msgid ""
+"An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
+"explicit allow (rhost) and finally for allow_all (*)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:848
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>rhost</quote> in order for the "
+"ldap_user_authorized_rhost option to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:855
+#, fuzzy
+#| msgid "Default: root"
+msgid "Default: rhost"
+msgstr "Dre zoiuer : root"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:861
+msgid "ldap_user_certificate (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
 msgid "Name of the LDAP attribute containing the X509 certificate of the user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:840
-msgid "Default: no set in the general case, userCertificate;binary for IPA"
+#: sssd-ldap.5.xml:868
+msgid "Default: userCertificate;binary"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:847
-#, fuzzy
-#| msgid "full_name_format (string)"
+#: sssd-ldap.5.xml:874
 msgid "ldap_user_email (string)"
-msgstr "full_name_format (neudennad)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:850
+#: sssd-ldap.5.xml:877
 msgid "Name of the LDAP attribute containing the email address of the user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-ldap.5.xml:881
 msgid "Default: mail"
-msgstr "Dre ziouer : 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:860
+#: sssd-ldap.5.xml:887
 msgid "ldap_group_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:890
 msgid "The object class of a group entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:893
 msgid "Default: posixGroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:872
+#: sssd-ldap.5.xml:899
 msgid "ldap_group_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:875
+#: sssd-ldap.5.xml:902
 msgid "The LDAP attribute that corresponds to the group name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:879
+#: sssd-ldap.5.xml:906
 msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:886
+#: sssd-ldap.5.xml:913
 msgid "ldap_group_gid_number (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:916
 msgid "The LDAP attribute that corresponds to the group's id."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:926
 msgid "ldap_group_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:902
+#: sssd-ldap.5.xml:929
 msgid "The LDAP attribute that contains the names of the group's members."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:933
 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:939
 msgid "ldap_group_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:942
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:953
 msgid "ldap_group_objectsid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:929
+#: sssd-ldap.5.xml:956
 msgid ""
 "The LDAP attribute that contains the objectSID of an LDAP group object. This "
 "is usually only necessary for ActiveDirectory servers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:968
 msgid "ldap_group_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:981
 msgid "ldap_group_type (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:957
+#: sssd-ldap.5.xml:984
 msgid ""
 "The LDAP attribute that contains an integer value indicating the type of the "
 "group and maybe other flags."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:962
+#: sssd-ldap.5.xml:989
 msgid ""
 "This attribute is currently only used by the AD provider to determine if a "
 "group is a domain local groups and has to be filtered out for trusted "
@@ -4611,34 +4844,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:968
+#: sssd-ldap.5.xml:995
 msgid "Default: groupType in the AD provider, otherwise not set"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:975
+#: sssd-ldap.5.xml:1002
 msgid "ldap_group_external_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:978
+#: sssd-ldap.5.xml:1005
 msgid ""
 "The LDAP attribute that references group members that are defined in an "
 "external domain. At the moment, only IPA's external members are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:1011
 msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1018
 msgid "ldap_group_nesting_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1021
 msgid ""
 "If ldap_schema is set to a schema format that supports nested groups (e.g. "
 "RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -4646,7 +4879,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
+#: sssd-ldap.5.xml:1028
 msgid ""
 "Note: This option specifies the guaranteed level of nested groups to be "
 "processed for any lookup. However, nested groups beyond this limit "
@@ -4656,7 +4889,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1037
 msgid ""
 "If ldap_group_nesting_level is set to 0 then no nested groups are processed "
 "at all. However, when connected to Active-Directory Server 2008 and later "
@@ -4666,17 +4899,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1046
 msgid "Default: 2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1025
+#: sssd-ldap.5.xml:1052
 msgid "ldap_groups_use_matching_rule_in_chain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1028
+#: sssd-ldap.5.xml:1055
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which may speed up group lookup operations on deployments with "
@@ -4684,14 +4917,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1034
+#: sssd-ldap.5.xml:1061
 msgid ""
 "In most common cases, it is best to leave this option disabled. It generally "
 "only provides a performance increase on very complex nestings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039 sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1093
 msgid ""
 "If this option is enabled, SSSD will use it if it detects that the server "
 "supports it during initial connection. So \"True\" here essentially means "
@@ -4699,7 +4932,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1072
+#: sssd-ldap.5.xml:1072 sssd-ldap.5.xml:1099
 msgid ""
 "Note: This feature is currently known to work only with Active Directory "
 "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4708,12 +4941,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1057
+#: sssd-ldap.5.xml:1084
 msgid "ldap_initgroups_use_matching_rule_in_chain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1087
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which might speed up initgroups operations (most notably when "
@@ -4721,168 +4954,168 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1114
 msgid ""
 "This options enables or disables use of Token-Groups attribute when "
 "performing initgroup for users from Active Directory Server 2008 and later."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1092
+#: sssd-ldap.5.xml:1119
 msgid "Default: True for AD and IPA otherwise False."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1125
 msgid "ldap_netgroup_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1101
+#: sssd-ldap.5.xml:1128
 msgid "The object class of a netgroup entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1104
+#: sssd-ldap.5.xml:1131
 msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1108
+#: sssd-ldap.5.xml:1135
 msgid "Default: nisNetgroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1114
+#: sssd-ldap.5.xml:1141
 msgid "ldap_netgroup_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1117
+#: sssd-ldap.5.xml:1144
 msgid "The LDAP attribute that corresponds to the netgroup name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1121
+#: sssd-ldap.5.xml:1148
 msgid "In IPA provider, ipa_netgroup_name should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1131
+#: sssd-ldap.5.xml:1158
 msgid "ldap_netgroup_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1134
+#: sssd-ldap.5.xml:1161
 msgid "The LDAP attribute that contains the names of the netgroup's members."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1165
 msgid "In IPA provider, ipa_netgroup_member should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1142
+#: sssd-ldap.5.xml:1169
 msgid "Default: memberNisNetgroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1175
 msgid "ldap_netgroup_triple (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1178
 msgid ""
 "The LDAP attribute that contains the (host, user, domain) netgroup triples."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1155 sssd-ldap.5.xml:1171
+#: sssd-ldap.5.xml:1182 sssd-ldap.5.xml:1198
 msgid "This option is not available in IPA provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1158
+#: sssd-ldap.5.xml:1185
 msgid "Default: nisNetgroupTriple"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1191
 msgid "ldap_netgroup_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1207
 msgid "ldap_service_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1210
 msgid "The object class of a service entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1186
+#: sssd-ldap.5.xml:1213
 msgid "Default: ipService"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1192
+#: sssd-ldap.5.xml:1219
 msgid "ldap_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1195
+#: sssd-ldap.5.xml:1222
 msgid ""
 "The LDAP attribute that contains the name of service attributes and their "
 "aliases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1205
+#: sssd-ldap.5.xml:1232
 msgid "ldap_service_port (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1235
 msgid "The LDAP attribute that contains the port managed by this service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1239
 msgid "Default: ipServicePort"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1245
 msgid "ldap_service_proto (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1248
 msgid ""
 "The LDAP attribute that contains the protocols understood by this service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1252
 msgid "Default: ipServiceProtocol"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1231
+#: sssd-ldap.5.xml:1258
 msgid "ldap_service_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1236
+#: sssd-ldap.5.xml:1263
 msgid "ldap_search_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1266
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches are allowed to run "
 "before they are cancelled and cached results are returned (and offline mode "
@@ -4890,7 +5123,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1245
+#: sssd-ldap.5.xml:1272
 msgid ""
 "Note: this option is subject to change in future versions of the SSSD. It "
 "will likely be replaced at some point by a series of timeouts for specific "
@@ -4898,12 +5131,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1257
+#: sssd-ldap.5.xml:1284
 msgid "ldap_enumeration_search_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1260
+#: sssd-ldap.5.xml:1287
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches for user and group "
 "enumerations are allowed to run before they are cancelled and cached results "
@@ -4911,12 +5144,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1273
+#: sssd-ldap.5.xml:1300
 msgid "ldap_network_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1303
 msgid ""
 "Specifies the timeout (in seconds) after which the <citerefentry> "
 "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4927,12 +5160,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1326
 msgid "ldap_opt_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1329
 msgid ""
 "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
 "will abort if no response is received. Also controls the timeout when "
@@ -4941,12 +5174,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1344
 msgid "ldap_connection_expire_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1347
 msgid ""
 "Specifies a timeout (in seconds) that a connection to an LDAP server will be "
 "maintained. After this time, the connection will be re-established. If used "
@@ -4955,34 +5188,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1328 sssd-ldap.5.xml:2397
+#: sssd-ldap.5.xml:1355 sssd-ldap.5.xml:2433
 msgid "Default: 900 (15 minutes)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1361
 msgid "ldap_page_size (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1364
 msgid ""
 "Specify the number of records to retrieve from LDAP in a single request. "
 "Some LDAP servers enforce a maximum limit per-request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1342
+#: sssd-ldap.5.xml:1369
 msgid "Default: 1000"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1375
 msgid "ldap_disable_paging (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1378
 msgid ""
 "Disable the LDAP paging control. This option should be used if the LDAP "
 "server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4990,14 +5223,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1384
 msgid ""
 "Example: OpenLDAP servers with the paging control module installed on the "
 "server but not enabled will report it in the RootDSE but be unable to use it."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1363
+#: sssd-ldap.5.xml:1390
 msgid ""
 "Example: 389 DS has a bug where it can only support a one paging control at "
 "a time on a single connection. On busy clients, this can result in some "
@@ -5005,17 +5238,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1375
+#: sssd-ldap.5.xml:1402
 msgid "ldap_disable_range_retrieval (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1378
+#: sssd-ldap.5.xml:1405
 msgid "Disable Active Directory range retrieval."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1381
+#: sssd-ldap.5.xml:1408
 msgid ""
 "Active Directory limits the number of members to be retrieved in a single "
 "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -5025,12 +5258,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1396
+#: sssd-ldap.5.xml:1423
 msgid "ldap_sasl_minssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1426
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -5038,17 +5271,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1432
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1439
 msgid "ldap_deref_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1415
+#: sssd-ldap.5.xml:1442
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -5056,13 +5289,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1448
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1452
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -5071,7 +5304,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1433
+#: sssd-ldap.5.xml:1460
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -5079,26 +5312,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1473
 msgid "ldap_tls_reqcert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1449
+#: sssd-ldap.5.xml:1476
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1482
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1486
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5106,7 +5339,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466
+#: sssd-ldap.5.xml:1493
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5114,7 +5347,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1472
+#: sssd-ldap.5.xml:1499
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -5122,41 +5355,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1478
+#: sssd-ldap.5.xml:1505
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1509
 msgid "Default: hard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1515
 msgid "ldap_tls_cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1518
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1496 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1523 sssd-ldap.5.xml:1541 sssd-ldap.5.xml:1582
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1530
 msgid "ldap_tls_cacertdir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1533
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -5165,32 +5398,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1548
 msgid "ldap_tls_cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1524
+#: sssd-ldap.5.xml:1551
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1534
+#: sssd-ldap.5.xml:1561
 msgid "ldap_tls_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1564
 msgid "Specifies the file that contains the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1573
 msgid "ldap_tls_cipher_suite (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1576
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -5198,24 +5431,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1589
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1565
+#: sssd-ldap.5.xml:1592
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem class="
 "\"protocol\">tls</systemitem> to protect the channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1602
 msgid "ldap_id_mapping (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1605
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -5223,17 +5456,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1584
+#: sssd-ldap.5.xml:1611
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1621
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1624
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -5244,29 +5477,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1636
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1642
 msgid "ldap_sasl_mech (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1645
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
 "supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1655
 msgid "ldap_sasl_authid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1658
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI is used, this "
 "represents the Kerberos principal used for authentication to the directory.  "
@@ -5275,17 +5508,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1666
 msgid "Default: host/hostname@REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1672
 msgid "ldap_sasl_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1648
+#: sssd-ldap.5.xml:1675
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -5293,49 +5526,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1681
 msgid "Default: the value of krb5_realm."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1687
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1663
+#: sssd-ldap.5.xml:1690
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1668
+#: sssd-ldap.5.xml:1695
 msgid "Default: false;"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1701
 msgid "ldap_krb5_keytab (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1677
+#: sssd-ldap.5.xml:1704
 msgid "Specify the keytab to use when using SASL/GSSAPI."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1680
+#: sssd-ldap.5.xml:1707
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1686
+#: sssd-ldap.5.xml:1713
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1689
+#: sssd-ldap.5.xml:1716
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -5343,27 +5576,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1728
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1704
+#: sssd-ldap.5.xml:1731
 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1708 sssd-ad.5.xml:914
+#: sssd-ldap.5.xml:1735 sssd-ad.5.xml:914
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1714 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1741 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1717
+#: sssd-ldap.5.xml:1744
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -5375,7 +5608,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1756 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -5383,7 +5616,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1761 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -5391,39 +5624,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1743 sssd-ipa.5.xml:418 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1770 sssd-ipa.5.xml:432 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1746
+#: sssd-ldap.5.xml:1773
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1749
+#: sssd-ldap.5.xml:1776
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1755 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1782 sssd-krb5.5.xml:462
 msgid "krb5_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1785
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1770 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1797 sssd-krb5.5.xml:477
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1773 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1800 sssd-krb5.5.xml:480
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -5433,7 +5666,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1811 sssd-krb5.5.xml:491
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -5441,26 +5674,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1825
 msgid "ldap_pwd_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1828
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1806
+#: sssd-ldap.5.xml:1833
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1811
+#: sssd-ldap.5.xml:1838
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -5468,7 +5701,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1817
+#: sssd-ldap.5.xml:1844
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5476,31 +5709,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1826
+#: sssd-ldap.5.xml:1853
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1861
 msgid "ldap_referrals (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1864
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1868
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1873
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5509,56 +5742,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1887
 msgid "ldap_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1890
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1894
 msgid "Default: ldap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1900
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1876
+#: sssd-ldap.5.xml:1903
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1881
+#: sssd-ldap.5.xml:1908
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1887
+#: sssd-ldap.5.xml:1914
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1890
+#: sssd-ldap.5.xml:1917
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1902
+#: sssd-ldap.5.xml:1929
 msgid "ldap_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1932
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -5574,12 +5807,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1952
 msgid "Example:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1928
+#: sssd-ldap.5.xml:1955
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -5588,14 +5821,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1959
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1964
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -5604,24 +5837,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1945 sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:1972 sssd-ldap.5.xml:2029
 msgid "Default: Empty"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1951
+#: sssd-ldap.5.xml:1978
 msgid "ldap_account_expire_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1981
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1958
+#: sssd-ldap.5.xml:1985
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5629,19 +5862,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1965
+#: sssd-ldap.5.xml:1992
 msgid "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1995
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1973
+#: sssd-ldap.5.xml:2000
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5650,7 +5883,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:2007
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5658,7 +5891,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1986
+#: sssd-ldap.5.xml:2013
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5667,7 +5900,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2022
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -5675,22 +5908,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2035
 msgid "ldap_access_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2011
+#: sssd-ldap.5.xml:2038
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2042
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2045
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5700,14 +5933,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2028
+#: sssd-ldap.5.xml:2055
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2062
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5720,12 +5953,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2052
+#: sssd-ldap.5.xml:2079
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2056
+#: sssd-ldap.5.xml:2083
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5735,7 +5968,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2093
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5745,49 +5978,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2101
 msgid ""
 "Note If user password is expired no explicit message is prompted by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2105
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2083
+#: sssd-ldap.5.xml:2110
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2115
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2092
+#: sssd-ldap.5.xml:2119
+msgid ""
+"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
+"remote host can access"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2123
+msgid ""
+"Please note, rhost field in pam is set by application, it is better to check "
+"what the application sends to pam, before enabling this access control option"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2128
 msgid "Default: filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2095
+#: sssd-ldap.5.xml:2131
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2102
+#: sssd-ldap.5.xml:2138
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2105
+#: sssd-ldap.5.xml:2141
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -5796,74 +6043,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2113
+#: sssd-ldap.5.xml:2149
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2152
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2122
+#: sssd-ldap.5.xml:2158
 msgid "ldap_deref (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2125
+#: sssd-ldap.5.xml:2161
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2130
+#: sssd-ldap.5.xml:2166
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2134
+#: sssd-ldap.5.xml:2170
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2139
+#: sssd-ldap.5.xml:2175
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2144
+#: sssd-ldap.5.xml:2180
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2149
+#: sssd-ldap.5.xml:2185
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2157
+#: sssd-ldap.5.xml:2193
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2196
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2200
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -5874,7 +6121,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2175
+#: sssd-ldap.5.xml:2211
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -5882,24 +6129,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187 sssd-ifp.5.xml:136
-msgid "wildcart_limit (integer)"
+#: sssd-ldap.5.xml:2223 sssd-ifp.5.xml:136
+msgid "wildcard_limit (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2226
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2194
+#: sssd-ldap.5.xml:2230
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2234
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
@@ -5914,12 +6161,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2244
 msgid "SUDO OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2210
+#: sssd-ldap.5.xml:2246
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5927,208 +6174,208 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2221
+#: sssd-ldap.5.xml:2257
 msgid "ldap_sudorule_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2260
 msgid "The object class of a sudo rule entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2227
+#: sssd-ldap.5.xml:2263
 msgid "Default: sudoRole"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2233
+#: sssd-ldap.5.xml:2269
 msgid "ldap_sudorule_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2272
 msgid "The LDAP attribute that corresponds to the sudo rule name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2246
+#: sssd-ldap.5.xml:2282
 msgid "ldap_sudorule_command (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2249
+#: sssd-ldap.5.xml:2285
 msgid "The LDAP attribute that corresponds to the command name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2253
+#: sssd-ldap.5.xml:2289
 msgid "Default: sudoCommand"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2259
+#: sssd-ldap.5.xml:2295
 msgid "ldap_sudorule_host (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2262
+#: sssd-ldap.5.xml:2298
 msgid ""
 "The LDAP attribute that corresponds to the host name (or host IP address, "
 "host IP network, or host netgroup)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2303
 msgid "Default: sudoHost"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2273
+#: sssd-ldap.5.xml:2309
 msgid "ldap_sudorule_user (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2276
+#: sssd-ldap.5.xml:2312
 msgid ""
 "The LDAP attribute that corresponds to the user name (or UID, group name or "
 "user's netgroup)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2316
 msgid "Default: sudoUser"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2286
+#: sssd-ldap.5.xml:2322
 msgid "ldap_sudorule_option (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2289
+#: sssd-ldap.5.xml:2325
 msgid "The LDAP attribute that corresponds to the sudo options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2329
 msgid "Default: sudoOption"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2335
 msgid "ldap_sudorule_runasuser (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2302
+#: sssd-ldap.5.xml:2338
 msgid ""
 "The LDAP attribute that corresponds to the user name that commands may be "
 "run as."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2306
+#: sssd-ldap.5.xml:2342
 msgid "Default: sudoRunAsUser"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2312
+#: sssd-ldap.5.xml:2348
 msgid "ldap_sudorule_runasgroup (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2351
 msgid ""
 "The LDAP attribute that corresponds to the group name or group GID that "
 "commands may be run as."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2319
+#: sssd-ldap.5.xml:2355
 msgid "Default: sudoRunAsGroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2361
 msgid "ldap_sudorule_notbefore (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2328
+#: sssd-ldap.5.xml:2364
 msgid ""
 "The LDAP attribute that corresponds to the start date/time for when the sudo "
 "rule is valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2332
+#: sssd-ldap.5.xml:2368
 msgid "Default: sudoNotBefore"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2338
+#: sssd-ldap.5.xml:2374
 msgid "ldap_sudorule_notafter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2341
+#: sssd-ldap.5.xml:2377
 msgid ""
 "The LDAP attribute that corresponds to the expiration date/time, after which "
 "the sudo rule will no longer be valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2346
+#: sssd-ldap.5.xml:2382
 msgid "Default: sudoNotAfter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2352
+#: sssd-ldap.5.xml:2388
 msgid "ldap_sudorule_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2391
 msgid "The LDAP attribute that corresponds to the ordering index of the rule."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2359
+#: sssd-ldap.5.xml:2395
 msgid "Default: sudoOrder"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2365
+#: sssd-ldap.5.xml:2401
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2368
+#: sssd-ldap.5.xml:2404
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2373
+#: sssd-ldap.5.xml:2409
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2378
+#: sssd-ldap.5.xml:2414
 msgid "Default: 21600 (6 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2420
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387
+#: sssd-ldap.5.xml:2423
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest USN "
@@ -6136,101 +6383,101 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2429
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2403
+#: sssd-ldap.5.xml:2439
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2406
+#: sssd-ldap.5.xml:2442
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2417
+#: sssd-ldap.5.xml:2453
 msgid "ldap_sudo_hostnames (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2420
+#: sssd-ldap.5.xml:2456
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2425
+#: sssd-ldap.5.xml:2461
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2430 sssd-ldap.5.xml:2453 sssd-ldap.5.xml:2471
-#: sssd-ldap.5.xml:2489
+#: sssd-ldap.5.xml:2466 sssd-ldap.5.xml:2489 sssd-ldap.5.xml:2507
+#: sssd-ldap.5.xml:2525
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2435 sssd-ldap.5.xml:2458
+#: sssd-ldap.5.xml:2471 sssd-ldap.5.xml:2494
 msgid "Default: not specified"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2477
 msgid "ldap_sudo_ip (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2444
+#: sssd-ldap.5.xml:2480
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2449
+#: sssd-ldap.5.xml:2485
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2464
+#: sssd-ldap.5.xml:2500
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2467
+#: sssd-ldap.5.xml:2503
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2482
+#: sssd-ldap.5.xml:2518
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2485
+#: sssd-ldap.5.xml:2521
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2501
+#: sssd-ldap.5.xml:2537
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -6239,111 +6486,111 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2547
 msgid "AUTOFS OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2513
+#: sssd-ldap.5.xml:2549
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2555
 msgid "ldap_autofs_map_master_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2522
+#: sssd-ldap.5.xml:2558
 msgid "The name of the automount master map in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2525
+#: sssd-ldap.5.xml:2561
 msgid "Default: auto.master"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2532
+#: sssd-ldap.5.xml:2568
 msgid "ldap_autofs_map_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2535
+#: sssd-ldap.5.xml:2571
 msgid "The object class of an automount map entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2538
+#: sssd-ldap.5.xml:2574
 msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2546
+#: sssd-ldap.5.xml:2582
 msgid "ldap_autofs_map_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2549
+#: sssd-ldap.5.xml:2585
 msgid "The name of an automount map entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2552
+#: sssd-ldap.5.xml:2588
 msgid ""
 "Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2596
 msgid "ldap_autofs_entry_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2563
+#: sssd-ldap.5.xml:2599
 msgid ""
 "The object class of an automount entry in LDAP. The entry usually "
 "corresponds to a mount point."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2568
+#: sssd-ldap.5.xml:2604
 msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2576
+#: sssd-ldap.5.xml:2612
 msgid "ldap_autofs_entry_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2579 sssd-ldap.5.xml:2594
+#: sssd-ldap.5.xml:2615 sssd-ldap.5.xml:2630
 msgid ""
 "The key of an automount entry in LDAP. The entry usually corresponds to a "
 "mount point."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2583
+#: sssd-ldap.5.xml:2619
 msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2627
 msgid "ldap_autofs_entry_value (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2598
+#: sssd-ldap.5.xml:2634
 msgid ""
 "Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
 "automountInformation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2517
+#: sssd-ldap.5.xml:2553
 msgid ""
 "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
 "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -6352,56 +6599,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2609
+#: sssd-ldap.5.xml:2645
 msgid "ADVANCED OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2616
+#: sssd-ldap.5.xml:2652
 msgid "ldap_netgroup_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2621
+#: sssd-ldap.5.xml:2657
 msgid "ldap_user_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2626
+#: sssd-ldap.5.xml:2662
 msgid "ldap_group_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2631
+#: sssd-ldap.5.xml:2667
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2633
+#: sssd-ldap.5.xml:2669
 msgid ""
-"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
+"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
 "memberships, even with no GID mapping. It is recommended to disable this "
 "feature, if group names are not being displayed correctly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2640
+#: sssd-ldap.5.xml:2676
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2642
+#: sssd-ldap.5.xml:2678
 msgid "ldap_sudo_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2647
+#: sssd-ldap.5.xml:2683
 msgid "ldap_autofs_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2611
+#: sssd-ldap.5.xml:2647
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -6409,8 +6656,15 @@ msgid ""
 "\"variablelist\" id=\"1\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2698 sssd-simple.5.xml:131 sssd-ipa.5.xml:717
+#: sssd-ad.5.xml:1018 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+msgid "EXAMPLE"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2664
+#: sssd-ldap.5.xml:2700
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -6418,7 +6672,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2670
+#: sssd-ldap.5.xml:2706
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -6431,26 +6685,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2669 sssd-ldap.5.xml:2687 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:681 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 include/ldap_id_mapping.xml:105
+#: sssd-ldap.5.xml:2705 sssd-ldap.5.xml:2723 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2681
+#: sssd-ldap.5.xml:2717
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2683
+#: sssd-ldap.5.xml:2719
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2688
+#: sssd-ldap.5.xml:2724
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -6466,13 +6721,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2703 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2739 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1041 sssd.8.xml:195 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2705
+#: sssd-ldap.5.xml:2741
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -6973,9 +7228,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:45
 msgid ""
-"The rules are process by priority while the number '0' (zero)  indicates the "
-"highest priority. The higher the number the lower is the priority. A missing "
-"value indicates the lowest priority."
+"The rules are processed by priority while the number '0' (zero)  indicates "
+"the highest priority. The higher the number the lower is the priority. A "
+"missing value indicates the lowest priority."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
@@ -7059,7 +7314,7 @@ msgstr ""
 #: sss-certmap.5.xml:112
 msgid ""
 "This option can be used to specify which key usage values the certificate "
-"should have. The following value can be used in a comma separate list:"
+"should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
@@ -7436,7 +7691,7 @@ msgid ""
 "exception is the proxy provider which is not of relevance here). Because of "
 "this the mapping rule is based on LDAP search filter syntax with templates "
 "to add certificate content to the filter. It is expected that the filter "
-"will only contain the specific data needed for the mapping an that the "
+"will only contain the specific data needed for the mapping and that the "
 "caller will embed it in another filter to do the actual search. Because of "
 "this the filter string should start and stop with '(' and ')' respectively."
 msgstr ""
@@ -7456,8 +7711,8 @@ msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
 "is that the user specific data in LDAP might change for various reasons "
-"would would break the mapping. On the other hand it would be hard to break "
-"the mapping on purpose for a specific user."
+"would break the mapping. On the other hand it would be hard to break the "
+"mapping on purpose for a specific user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -7551,7 +7806,7 @@ msgstr ""
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
-"represent the first part of the principal before the '@' sign."
+"represents the first part of the principal before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7569,8 +7824,8 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:459
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by pkinit. The 'short_name' component represent the first part of the "
+"This template will add the Kerberos principal which is given by the SAN used "
+"by pkinit. The 'short_name' component represents the first part of the "
 "principal before the '@' sign."
 msgstr ""
 
@@ -7589,9 +7844,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:473
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by AD. The 'short_name' component represent the first part of the "
-"principal before the '@' sign."
+"This template will add the Kerberos principal which is given by the SAN used "
+"by AD. The 'short_name' component represent the first part of the principal "
+"before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -7604,7 +7859,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
-"represent the first part of the address before the '@' sign."
+"represents the first part of the address before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7624,7 +7879,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
-"component represent the first part of the name before the first '.' sign."
+"component represents the first part of the name before the first '.' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7740,7 +7995,7 @@ msgstr ""
 #: sss-certmap.5.xml:367
 msgid ""
 "The templates to add certificate data to the search filter are based on "
-"Python-style formatting strings. They consists of a keyword in curly braces "
+"Python-style formatting strings. They consist of a keyword in curly braces "
 "with an optional sub-component specifier separated by a '.' or an optional "
 "conversion/formatting option separated by a '!'.  Allowed values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -7748,10 +8003,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sss-certmap.5.xml:590
-#, fuzzy
-#| msgid "DOMAIN SECTIONS"
 msgid "DOMAIN LIST"
-msgstr "RANNOÙ DOMANI"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:592
@@ -7862,16 +8115,17 @@ msgstr ""
 #: sssd-ipa.5.xml:113
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
+"fully qualified name used in the IPA domain to identify this host.  The "
+"hostname must be fully qualified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121 sssd-ad.5.xml:843
+#: sssd-ipa.5.xml:122 sssd-ad.5.xml:843
 msgid "dyndns_update (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:125
 msgid ""
 "Optional. This option tells SSSD to automatically update the DNS server "
 "built into FreeIPA with the IP address of this client. The update is secured "
@@ -7881,14 +8135,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:133 sssd-ad.5.xml:857
+#: sssd-ipa.5.xml:134 sssd-ad.5.xml:857
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:139
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_update</"
@@ -7896,12 +8150,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:150 sssd-ad.5.xml:868
+#: sssd-ipa.5.xml:151 sssd-ad.5.xml:868
 msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:153 sssd-ad.5.xml:871
+#: sssd-ipa.5.xml:154 sssd-ad.5.xml:871
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -7909,7 +8163,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:159
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
@@ -7917,17 +8171,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:164
+#: sssd-ipa.5.xml:165
 msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:170 sssd-ad.5.xml:882
+#: sssd-ipa.5.xml:171 sssd-ad.5.xml:882
 msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173 sssd-ad.5.xml:885
+#: sssd-ipa.5.xml:174 sssd-ad.5.xml:885
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -7936,7 +8190,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180
+#: sssd-ipa.5.xml:181
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -7944,24 +8198,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:186
+#: sssd-ipa.5.xml:187
 msgid ""
 "Default: Use the IP addresses of the interface which is used for IPA LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:190 sssd-ad.5.xml:896
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:896
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196 sssd-ad.5.xml:947
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:947
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199 sssd-ad.5.xml:950
+#: sssd-ipa.5.xml:200 sssd-ad.5.xml:950
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -7969,24 +8223,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:205 sssd-ad.5.xml:956
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:956
 msgid "Default: GSS-TSIG"
-msgstr "Dre ziouer : 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:212
 msgid "ipa_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:197
+#: sssd-ipa.5.xml:215 sssd-ad.5.xml:197
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:218
+#: sssd-ipa.5.xml:219
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, then the SSSD will first attempt location "
@@ -7998,12 +8250,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:237 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:238 sssd-ad.5.xml:902
 msgid "dyndns_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:240
+#: sssd-ipa.5.xml:241
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -8011,234 +8263,278 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:920
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:920
 msgid "dyndns_update_ptr (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:923
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:923
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:261
+#: sssd-ipa.5.xml:262
 msgid ""
 "This option should be False in most IPA deployments as the IPA server "
 "generates the PTR records automatically when forward records are changed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:268
 msgid "Default: False (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273 sssd-ad.5.xml:934
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:934
 msgid "dyndns_force_tcp (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276 sssd-ad.5.xml:937
+#: sssd-ipa.5.xml:277 sssd-ad.5.xml:937
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:941
+#: sssd-ipa.5.xml:281 sssd-ad.5.xml:941
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:286 sssd-ad.5.xml:962
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:962
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:289 sssd-ad.5.xml:965
+#: sssd-ipa.5.xml:290 sssd-ad.5.xml:965
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:294 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:295 sssd-ad.5.xml:970
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:299 sssd-ad.5.xml:975
+#: sssd-ipa.5.xml:300 sssd-ad.5.xml:975
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:304 sssd-ad.5.xml:980
+#: sssd-ipa.5.xml:305 sssd-ad.5.xml:980
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:310
-msgid "ipa_hbac_search_base (string)"
+#: sssd-ipa.5.xml:311
+msgid "ipa_deskprofile_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Optional. Use the given string as search base for HBAC related objects."
+#: sssd-ipa.5.xml:314
+msgid ""
+"Optional. Use the given string as search base for Desktop Profile related "
+"objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:317
+#: sssd-ipa.5.xml:318 sssd-ipa.5.xml:331
 msgid "Default: Use base DN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:324
+msgid "ipa_hbac_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:327
+msgid "Optional. Use the given string as search base for HBAC related objects."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:337
 msgid "ipa_host_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:326
+#: sssd-ipa.5.xml:340
 msgid "Optional. Use the given string as search base for host objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:330 sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 sssd-ipa.5.xml:387
-#: sssd-ipa.5.xml:406
+#: sssd-ipa.5.xml:344 sssd-ipa.5.xml:363 sssd-ipa.5.xml:382 sssd-ipa.5.xml:401
+#: sssd-ipa.5.xml:420
 msgid ""
 "See <quote>ldap_search_base</quote> for information about configuring "
 "multiple search bases."
 msgstr ""
 
 #. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:335 sssd-ipa.5.xml:354 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 include/ldap_search_bases.xml:27
 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:356
 msgid "ipa_selinux_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:345
+#: sssd-ipa.5.xml:359
 msgid "Optional. Use the given string as search base for SELinux user maps."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:375
 msgid "ipa_subdomains_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364
+#: sssd-ipa.5.xml:378
 msgid "Optional. Use the given string as search base for trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:373
+#: sssd-ipa.5.xml:387
 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:380
+#: sssd-ipa.5.xml:394
 msgid "ipa_master_domain_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:383
+#: sssd-ipa.5.xml:397
 msgid "Optional. Use the given string as search base for master domain object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:406
 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:399
+#: sssd-ipa.5.xml:413
 msgid "ipa_views_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:402
+#: sssd-ipa.5.xml:416
 msgid "Optional. Use the given string as search base for views containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:411
+#: sssd-ipa.5.xml:425
 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:435
 msgid ""
 "The name of the Kerberos realm. This is optional and defaults to the value "
 "of <quote>ipa_domain</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:425
+#: sssd-ipa.5.xml:439
 msgid ""
 "The name of the Kerberos realm has a special meaning in IPA - it is "
 "converted into the base DN to use for performing LDAP operations."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:433 sssd-ad.5.xml:989
+#: sssd-ipa.5.xml:447 sssd-ad.5.xml:989
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:436 sssd-ad.5.xml:992
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:992
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:440 sssd-ad.5.xml:996
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:996
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:444 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1000
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:465
+msgid "ipa_deskprofile_refresh (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:468
 msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server. This will reduce the latency and load on the IPA server if there "
+"are many desktop profiles requests made in a short period."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ipa.5.xml:477 sssd-ad.5.xml:408
+#: sssd-ipa.5.xml:475 sssd-ipa.5.xml:505 sssd-ipa.5.xml:521 sssd-ad.5.xml:408
 msgid "Default: 5 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:481
+msgid "ipa_deskprofile_request_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:484
+msgid ""
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server in case the last request did not return any rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:489
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: 60 (minutes)"
+msgstr "Dre ziouer : true"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:495
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:498
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:511
 msgid "ipa_hbac_selinux (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:470
+#: sssd-ipa.5.xml:514
 msgid ""
 "The amount of time between lookups of the SELinux maps against the IPA "
 "server. This will reduce the latency and load on the IPA server if there are "
@@ -8246,192 +8542,192 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:527
 msgid "ipa_server_mode (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:486
+#: sssd-ipa.5.xml:530
 msgid ""
 "This option will be set by the IPA installer (ipa-server-install) "
 "automatically and denotes if SSSD is running on an IPA server or not."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:535
 msgid ""
 "On an IPA server SSSD will lookup users and groups from trusted domains "
 "directly while on a client it will ask an IPA server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:502
+#: sssd-ipa.5.xml:546
 msgid "ipa_automount_location (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:505
+#: sssd-ipa.5.xml:549
 msgid "The automounter location this IPA client will be using"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508
+#: sssd-ipa.5.xml:552
 msgid "Default: The location named \"default\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:516
+#: sssd-ipa.5.xml:560
 msgid "VIEWS AND OVERRIDES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:525
+#: sssd-ipa.5.xml:569
 msgid "ipa_view_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:572
 msgid "Objectclass of the view container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:575
 msgid "Default: nsContainer"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:537
+#: sssd-ipa.5.xml:581
 msgid "ipa_view_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:540
+#: sssd-ipa.5.xml:584
 msgid "Name of the attribute holding the name of the view."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:550
+#: sssd-ipa.5.xml:594
 msgid "ipa_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:597
 msgid "Objectclass of the override objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:556
+#: sssd-ipa.5.xml:600
 msgid "Default: ipaOverrideAnchor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:606
 msgid "ipa_anchor_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:565
+#: sssd-ipa.5.xml:609
 msgid ""
 "Name of the attribute containing the reference to the original object in a "
 "remote domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:613
 msgid "Default: ipaAnchorUUID"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:619
 msgid "ipa_user_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:578
+#: sssd-ipa.5.xml:622
 msgid ""
 "Name of the objectclass for user overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:583
+#: sssd-ipa.5.xml:627
 msgid "User overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:586
+#: sssd-ipa.5.xml:630
 msgid "ldap_user_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:589
+#: sssd-ipa.5.xml:633
 msgid "ldap_user_uid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:592
+#: sssd-ipa.5.xml:636
 msgid "ldap_user_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:595
+#: sssd-ipa.5.xml:639
 msgid "ldap_user_gecos"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:598
+#: sssd-ipa.5.xml:642
 msgid "ldap_user_home_directory"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:601
+#: sssd-ipa.5.xml:645
 msgid "ldap_user_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:604
+#: sssd-ipa.5.xml:648
 msgid "ldap_user_ssh_public_key"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:653
 msgid "Default: ipaUserOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:615
+#: sssd-ipa.5.xml:659
 msgid "ipa_group_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:618
+#: sssd-ipa.5.xml:662
 msgid ""
 "Name of the objectclass for group overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:623
+#: sssd-ipa.5.xml:667
 msgid "Group overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:626
+#: sssd-ipa.5.xml:670
 msgid "ldap_group_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:629
+#: sssd-ipa.5.xml:673
 msgid "ldap_group_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
+#: sssd-ipa.5.xml:678
 msgid "Default: ipaGroupOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:518
+#: sssd-ipa.5.xml:562
 msgid ""
 "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
 "later version. Since all paths and objectclasses are fixed on the server "
@@ -8441,19 +8737,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:646
+#: sssd-ipa.5.xml:690
 msgid "SUBDOMAINS PROVIDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:692
 msgid ""
 "The IPA subdomains provider behaves slightly differently if it is configured "
 "explicitly or implicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:652
+#: sssd-ipa.5.xml:696
 msgid ""
 "If the option 'subdomains_provider = ipa' is found in the domain section of "
 "sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -8461,7 +8757,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:658
+#: sssd-ipa.5.xml:702
 msgid ""
 "If the option 'subdomains_provider' is not set in the domain section of sssd."
 "conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -8473,7 +8769,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:675
+#: sssd-ipa.5.xml:719
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -8481,7 +8777,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:682
+#: sssd-ipa.5.xml:726
 #, no-wrap
 msgid ""
 "[domain/example.com]\n"
@@ -8622,10 +8918,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:127
-#, fuzzy
-#| msgid "full_name_format (string)"
 msgid "ad_enabled_domains (string)"
-msgstr "full_name_format (neudennad)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:130
@@ -9359,10 +9653,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:819
-#, fuzzy
-#| msgid "Default: 3"
 msgid "Default: 30 days"
-msgstr "Dre ziouer : 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:825
@@ -9373,10 +9665,10 @@ msgstr ""
 #: sssd-ad.5.xml:828
 msgid ""
 "This option should only be used to test the machine account renewal task. "
-"The option expect 2 integers seperated by a colon (':'). The first integer "
+"The option expects 2 integers separated by a colon (':'). The first integer "
 "defines the interval in seconds how often the task is run. The second "
-"specifies the inital timeout in seconds before the task is run for the first "
-"time after startup."
+"specifies the initial timeout in seconds before the task is run for the "
+"first time after startup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -9480,8 +9772,8 @@ msgid ""
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
+#. type: Content of: <reference><refentry><refmeta><refentrytitle>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
 msgid "sssd-sudo"
 msgstr ""
 
@@ -9804,12 +10096,12 @@ msgid "Run in the foreground, don't become a daemon."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117 sss_debuglevel.8.xml:42
+#: sssd.8.xml:117
 msgid "<option>-c</option>,<option>--config</option>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121 sss_debuglevel.8.xml:46
+#: sssd.8.xml:121
 msgid ""
 "Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
 "conf</filename>. For reference on the config file syntax and options, "
@@ -9992,19 +10284,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_override.8.xml:21
-#, fuzzy
-#| msgid ""
-#| "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-#| "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-#| "arg>"
 msgid ""
 "<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</"
 "replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
 "arg>"
 msgstr ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:32
@@ -10243,10 +10527,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sss_override.8.xml:261 sssctl.8.xml:50
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "COMMON OPTIONS"
-msgstr "DIBARZHIOÙ"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:263 sssctl.8.xml:52
@@ -10255,14 +10537,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:268 sssctl.8.xml:57
-#, fuzzy
-#| msgid ""
-#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-#| "replaceable>"
 msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
 msgstr ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_useradd.8.xml:10 sss_useradd.8.xml:15
@@ -11454,16 +11730,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:186
-#, fuzzy
-#| msgid ""
-#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-#| "replaceable>"
 msgid ""
 "<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
 "replaceable>"
 msgstr ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:191
@@ -11472,14 +11742,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:197
-#, fuzzy
-#| msgid ""
-#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-#| "replaceable>"
 msgid "<option>-R</option>,<option>--sudo-rules</option>"
 msgstr ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:201
@@ -11507,7 +11771,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_debuglevel.8.xml:16
-msgid "change debug level while SSSD is running"
+msgid "[DEPRECATED] change debug level while SSSD is running"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
@@ -11521,14 +11785,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_debuglevel.8.xml:32
 msgid ""
-"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
-"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
-"running."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_debuglevel.8.xml:59
-msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl "
+"debug-level command. Please refer to the <command>sssctl</command> man page "
+"for more information on sssctl usage."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
@@ -11925,7 +12184,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><title>
-#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:182 include/seealso.xml:2
+#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:180 include/seealso.xml:2
 msgid "SEE ALSO"
 msgstr "GWELET IVEZ"
 
@@ -12098,7 +12357,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: idmap_sss.8.xml:16
-msgid "SSSSD's idmap_sss Backend for Winbind"
+msgid "SSSD's idmap_sss Backend for Winbind"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
@@ -12110,10 +12369,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: idmap_sss.8.xml:29
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "IDMAP OPTIONS"
-msgstr "DIBARZHIOÙ"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: idmap_sss.8.xml:33
@@ -12127,11 +12384,6 @@ msgid ""
 "authoritative."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><title>
-#: idmap_sss.8.xml:43
-msgid "EXAMPLES"
-msgstr ""
-
 #. type: Content of: <reference><refentry><refsect1><para>
 #: idmap_sss.8.xml:45
 msgid ""
@@ -12163,19 +12415,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sssctl.8.xml:21
-#, fuzzy
-#| msgid ""
-#| "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-#| "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-#| "arg>"
 msgid ""
 "<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</"
 "replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
 "arg>"
 msgstr ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssctl.8.xml:32
@@ -12305,20 +12549,53 @@ msgid ""
 "nested."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:69
+msgid "secrets"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:70
+msgid "secrets for general usage"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:73
+msgid "kcm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:75
+msgid ""
+"used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:61
+msgid ""
+"Since the secrets responder can be used both externally to store general "
+"secrets, as described in the rest of this man page, but also internally by "
+"other SSSD components to store their secret material, some configuration "
+"options, like quotas can be configured per <quote>hive</quote> in a "
+"configuration subsection named after the hive. The currently supported hives "
+"are: <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:63
+#: sssd-secrets.5.xml:89
 msgid "USING THE SECRETS RESPONDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:65
+#: sssd-secrets.5.xml:91
 msgid ""
 "The UNIX socket the SSSD responder listens on is located at <filename>/var/"
 "run/secrets.socket</filename>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:84 sssd-kcm.8.xml:132
+#: sssd-secrets.5.xml:110
 #, no-wrap
 msgid ""
 "systemctl start sssd-secrets.socket\n"
@@ -12328,7 +12605,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:69
+#: sssd-secrets.5.xml:95
 msgid ""
 "The secrets responder is socket-activated by <citerefentry> "
 "<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </"
@@ -12343,7 +12620,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:96
+#: sssd-secrets.5.xml:122
 msgid ""
 "The generic SSSD responder options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the secrets responder.  Please refer "
@@ -12352,20 +12629,27 @@ msgid ""
 "there are some secrets-specific options as well."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:132
+msgid ""
+"The secrets responder is configured with a global <quote>[secrets]</quote> "
+"section and an optional per-user <quote>[secrets/users/$uid]</quote> section "
+"in <filename>sssd.conf</filename>. Please note that some options, notably as "
+"the provider type, can only be specified in the per-user subsections."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:107
-#, fuzzy
-#| msgid "re_expression (string)"
+#: sssd-secrets.5.xml:141
 msgid "provider (string)"
-msgstr "re_expression (neudennad)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:120
+#: sssd-secrets.5.xml:157
 msgid "local"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:123
+#: sssd-secrets.5.xml:160
 msgid ""
 "The secrets are stored in a local database, encrypted at rest with a master "
 "key. The local provider does not have any additional config options at the "
@@ -12373,153 +12657,190 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:131
+#: sssd-secrets.5.xml:168
 msgid "proxy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:134
+#: sssd-secrets.5.xml:171
 msgid ""
 "The secrets responder forwards the requests to a Custodia server. The proxy "
 "provider supports several additional options (see below)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:110
+#: sssd-secrets.5.xml:144
 msgid ""
 "This option specifies where should the secrets be stored. The secrets "
-"responder can configure a per-user subsections that define which provider "
-"store the secrets for this particular user. The per-user subsections should "
-"contain all options for that user's provider. If a per-user section does not "
-"exist, the global settings from the secret responder's section are used.  "
-"The following providers are supported: <placeholder type=\"variablelist\" id="
-"\"0\"/>"
+"responder can configure a per-user subsections (e.g. <quote>[secrets/"
+"users/123]</quote> - see bottom of this manual page for a full example using "
+"Custodia for a particular user) that define which provider store the secrets "
+"for this particular user. The per-user subsections should contain all "
+"options for that user's provider. Please note that currently the global "
+"provider is always local, the proxy provider can only be specified in a per-"
+"user section. The following providers are supported: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:143
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-secrets.5.xml:180
 msgid "Default: local"
-msgstr "Dre ziouer : 3"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:186
+msgid ""
+"The following options affect only the secrets <quote>hive</quote> and "
+"therefore should be set in a per-hive subsection. Setting the option to 0 "
+"means \"unlimited\"."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:148
+#: sssd-secrets.5.xml:192
 msgid "containers_nest_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:151
+#: sssd-secrets.5.xml:195
 msgid "This option specifies the maximum allowed number of nested containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:155
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-secrets.5.xml:199
 msgid "Default: 4"
-msgstr "Dre ziouer : 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:160
+#: sssd-secrets.5.xml:204
 msgid "max_secrets (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:163
-msgid "This option specifies the maximum number of secrets that can be stored."
+#: sssd-secrets.5.xml:207
+msgid ""
+"This option specifies the maximum number of secrets that can be stored in "
+"the hive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:167
-#, fuzzy
-#| msgid "Default: 120"
-msgid "Default: 1024"
-msgstr "Dre ziouer : 120"
+#: sssd-secrets.5.xml:211
+msgid "Default: 1024 (secrets hive), 256 (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:216
+msgid "max_uid_secrets (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:219
+msgid ""
+"This option specifies the maximum number of secrets that can be stored per-"
+"UID in the hive."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:223
+msgid "Default: 256 (secrets hive), 64 (kcm hive)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:172
+#: sssd-secrets.5.xml:228
 msgid "max_payload_size (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:175
+#: sssd-secrets.5.xml:231
 msgid ""
 "This option specifies the maximum payload size allowed for a secret payload "
 "in kilobytes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:179
-#, fuzzy
-#| msgid "Default: 15"
-msgid "Default: 16"
-msgstr "Dre ziouer : 15"
+#: sssd-secrets.5.xml:235
+msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-secrets.5.xml:244
+#, no-wrap
+msgid ""
+"[secrets/secrets]\n"
+"max_payload_size = 128\n"
+"\n"
+"[secrets/kcm]\n"
+"max_payload_size = 256\n"
+"            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:241
+msgid ""
+"For example, to adjust quotas differently for both the <quote>secrets</"
+"quote> and the <quote>kcm</quote> hives, configure the following: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:185
+#: sssd-secrets.5.xml:252
 msgid ""
 "The following options are only applicable for configurations that use the "
 "<quote>proxy</quote> provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:190
-#, fuzzy
-#| msgid "re_expression (string)"
+#: sssd-secrets.5.xml:257
 msgid "proxy_url (string)"
-msgstr "re_expression (neudennad)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:193
+#: sssd-secrets.5.xml:260
 msgid ""
 "The URL the Custodia server is listening on. At the moment, http and https "
 "protocols are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:200
+#: sssd-secrets.5.xml:267
 msgid "http[s]://&lt;host&gt;[:port]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:203
+#: sssd-secrets.5.xml:270
 msgid "Example: http://localhost:8080"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:208
-#, fuzzy
-#| msgid "re_expression (string)"
+#: sssd-secrets.5.xml:275
 msgid "auth_type (string)"
-msgstr "re_expression (neudennad)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:211
+#: sssd-secrets.5.xml:278
 msgid ""
 "The method to use when authenticating to a Custodia server. The following "
 "authentication methods are supported:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:216
+#: sssd-secrets.5.xml:283
 msgid "basic_auth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:219
+#: sssd-secrets.5.xml:286
 msgid ""
 "Authenticate with a username and a password as set in the <quote>username</"
 "quote> and <quote>password</quote> options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:226
+#: sssd-secrets.5.xml:293
 msgid "header"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:229
+#: sssd-secrets.5.xml:296
 msgid ""
 "Authenticate with HTTP header value as defined in the "
 "<quote>auth_header_name</quote> and <quote>auth_header_value</quote> "
@@ -12527,14 +12848,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:240
-#, fuzzy
-#| msgid "full_name_format (string)"
+#: sssd-secrets.5.xml:307
 msgid "auth_header_name (string)"
-msgstr "full_name_format (neudennad)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:243
+#: sssd-secrets.5.xml:310
 msgid ""
 "If set, the secrets responder would put a header with this name into the "
 "HTTP request with the value defined in the <quote>auth_header_value</quote> "
@@ -12542,85 +12861,81 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:248
+#: sssd-secrets.5.xml:315
 msgid "Example: MYSECRETNAME"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:253
+#: sssd-secrets.5.xml:320
 msgid "auth_header_value (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:256
+#: sssd-secrets.5.xml:323
 msgid ""
 "The value sssd-secrets would use for the <quote>auth_header_name</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:260
+#: sssd-secrets.5.xml:327
 msgid "Example: mysecret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:265
+#: sssd-secrets.5.xml:332
 msgid "forward_headers (list of strings)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:268
+#: sssd-secrets.5.xml:335
 msgid ""
 "The list of HTTP headers to forward to the Custodia server together with the "
 "request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:277
+#: sssd-secrets.5.xml:344
 msgid "verify_peer (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:280
+#: sssd-secrets.5.xml:347
 msgid ""
 "Whether peer's certificate should be verified and valid if HTTPS protocol is "
 "used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:289
+#: sssd-secrets.5.xml:356
 msgid "verify_host (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:292
+#: sssd-secrets.5.xml:359
 msgid ""
 "Whether peer's hostname must match with hostname in its certificate if HTTPS "
 "protocol is used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:302
-#, fuzzy
-#| msgid "full_name_format (string)"
+#: sssd-secrets.5.xml:369
 msgid "capath (string)"
-msgstr "full_name_format (neudennad)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:305
+#: sssd-secrets.5.xml:372
 msgid ""
 "Path to directory containing stored certificate authority certificates. "
 "System default path is used if this option is not set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:315
-#, fuzzy
-#| msgid "full_name_format (string)"
+#: sssd-secrets.5.xml:382
 msgid "cacert (string)"
-msgstr "full_name_format (neudennad)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:318
+#: sssd-secrets.5.xml:385
 msgid ""
 "Path to file containing server's certificate authority certificate. If this "
 "option is not set then the CA's certificate is looked up in <quote>capath</"
@@ -12628,14 +12943,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:328
-#, fuzzy
-#| msgid "full_name_format (string)"
+#: sssd-secrets.5.xml:395
 msgid "cert (string)"
-msgstr "full_name_format (neudennad)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:331
+#: sssd-secrets.5.xml:398
 msgid ""
 "Path to file containing client's certificate if required by the server. This "
 "file may also contain private key or the private key may be in separate file "
@@ -12643,22 +12956,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:342
+#: sssd-secrets.5.xml:409
 msgid "key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:345
+#: sssd-secrets.5.xml:412
 msgid "Path to file containing client's private key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:355
+#: sssd-secrets.5.xml:422
 msgid "USING THE REST API"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:357
+#: sssd-secrets.5.xml:424
 msgid ""
 "This section lists the available commands and includes examples using the "
 "<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> "
@@ -12673,19 +12986,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:374
+#: sssd-secrets.5.xml:441
 msgid "Listing secrets"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:377
+#: sssd-secrets.5.xml:444
 msgid ""
 "To list the available secrets, send a HTTP GET request with a trailing slash "
 "appended to the container path."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:383
+#: sssd-secrets.5.xml:450
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12695,19 +13008,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:391
+#: sssd-secrets.5.xml:458
 msgid "Retrieving a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:394
+#: sssd-secrets.5.xml:461
 msgid ""
 "To read a value of a single secret, send a HTTP GET request without a "
 "trailing slash. The last portion of the URI is the name of the secret."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:401
+#: sssd-secrets.5.xml:468
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12717,7 +13030,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:406
+#: sssd-secrets.5.xml:473
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -12727,19 +13040,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:399
+#: sssd-secrets.5.xml:466
 msgid ""
 "Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
 "\"programlisting\" id=\"1\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:414
+#: sssd-secrets.5.xml:481
 msgid "Setting a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:417
+#: sssd-secrets.5.xml:484
 msgid ""
 "To set a secret using the <quote>application/json</quote> type, send a HTTP "
 "PUT request with a JSON payload that includes type and value. The type "
@@ -12748,14 +13061,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:425
+#: sssd-secrets.5.xml:492
 msgid ""
 "The <quote>application/json</quote> type just sends the secret as the "
 "message payload."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:434
+#: sssd-secrets.5.xml:501
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12766,7 +13079,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:440
+#: sssd-secrets.5.xml:507
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -12777,7 +13090,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:429
+#: sssd-secrets.5.xml:496
 msgid ""
 "The following example sets a secret named 'foo' to a value of 'foosecret' "
 "and a secret named 'bar' to a value of 'barsecret' using a different Content "
@@ -12786,12 +13099,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:449
+#: sssd-secrets.5.xml:516
 msgid "Creating a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:452
+#: sssd-secrets.5.xml:519
 msgid ""
 "Containers provide an additional namespace for this user's secrets. To "
 "create a container, send a HTTP POST request, whose URI ends with the "
@@ -12799,7 +13112,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:462
+#: sssd-secrets.5.xml:529
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12809,14 +13122,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:459
+#: sssd-secrets.5.xml:526
 msgid ""
 "The following example creates a container named 'mycontainer': <placeholder "
 "type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:471
+#: sssd-secrets.5.xml:538
 #, no-wrap
 msgid ""
 "http://localhost/secrets/mycontainer/mysecret\n"
@@ -12824,26 +13137,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:468
+#: sssd-secrets.5.xml:535
 msgid ""
 "To manipulate secrets under this container, just nest the secrets underneath "
 "the container path: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:477
+#: sssd-secrets.5.xml:544
 msgid "Deleting a secret or a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:480
+#: sssd-secrets.5.xml:547
 msgid ""
 "To delete a secret or a container, send a HTTP DELETE request with a path to "
 "the secret or the container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:486
+#: sssd-secrets.5.xml:553
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12853,19 +13166,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:484
+#: sssd-secrets.5.xml:551
 msgid ""
 "The following example deletes a secret named 'foo'.  <placeholder type="
 "\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:496
+#: sssd-secrets.5.xml:563
 msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:498
+#: sssd-secrets.5.xml:565
 msgid ""
 "For testing the proxy provider, you need to set up a Custodia server to "
 "proxy requests to. Please always consult the Custodia documentation, the "
@@ -12873,7 +13186,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:509
+#: sssd-secrets.5.xml:576
 #, no-wrap
 msgid ""
 "[global]\n"
@@ -12903,7 +13216,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:503
+#: sssd-secrets.5.xml:570
 msgid ""
 "This configuration will set up a Custodia server listening on http://"
 "localhost:8080, allowing anyone with header named MYSECRETNAME set to "
@@ -12913,14 +13226,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:535
+#: sssd-secrets.5.xml:602
 msgid ""
 "Then run the <replaceable>custodia</replaceable> command, pointing it at the "
 "config file as a command line argument."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:539
+#: sssd-secrets.5.xml:606
 msgid ""
 "Please note that currently it's not possible to proxy all requests globally "
 "to a Custodia instance. Instead, per-user subsections for user IDs that "
@@ -12931,7 +13244,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><programlisting>
-#: sssd-secrets.5.xml:547
+#: sssd-secrets.5.xml:614
 #, no-wrap
 msgid ""
 "[secrets]\n"
@@ -12946,6 +13259,71 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-session-recording.5.xml:16
+msgid "sssd-session-recording"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-session-recording.5.xml:17
+msgid "Configuring session recording with SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:23
+msgid ""
+"This manual page describes how to configure <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to "
+"implement user session recording on text terminals.  For a detailed "
+"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> "
+"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:41
+msgid ""
+"SSSD can be set up to enable recording of everything specific users see or "
+"type during their sessions on text terminals. E.g.  when users log in on the "
+"console, or via SSH. SSSD itself doesn't record anything, but makes sure "
+"tlog-rec-session is started upon user login, so it can record according to "
+"its configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:48
+msgid ""
+"For users with session recording enabled, SSSD replaces the user shell with "
+"tlog-rec-session in NSS responses, and adds a variable specifying the "
+"original shell to the user environment, upon PAM session setup. This way "
+"tlog-rec-session can be started in place of the user shell, and know which "
+"actual shell to start, once it set up the recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:60
+msgid "These options can be used to configure the session recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:146
+msgid ""
+"The following snippet of sssd.conf enables session recording for users "
+"\"contractor1\" and \"contractor2\", and group \"students\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-session-recording.5.xml:151
+#, no-wrap
+msgid ""
+"[session_recording]\n"
+"scope = some\n"
+"users = contractor1, contractor2\n"
+"groups = students\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
 msgid "sssd-kcm"
 msgstr ""
@@ -13062,7 +13440,6 @@ msgstr ""
 msgid ""
 "systemctl start sssd-kcm.socket\n"
 "systemctl enable sssd-kcm.socket\n"
-"systemctl enable sssd-kcm.service\n"
 "            "
 msgstr ""
 
@@ -13079,12 +13456,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-kcm.8.xml:123
+#: sssd-kcm.8.xml:122
 msgid "THE CREDENTIAL CACHE STORAGE"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:131
+#, no-wrap
+msgid ""
+"systemctl start sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.socket\n"
+"            "
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:125
+#: sssd-kcm.8.xml:124
 msgid ""
 "The credential caches are stored in the SSSD secrets service (see "
 "<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
@@ -13095,7 +13481,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:143
+#: sssd-kcm.8.xml:141
 msgid ""
 "The KCM service is configured in the <quote>kcm</quote> section of the sssd."
 "conf file. Please note that currently, is it not sufficient to restart the "
@@ -13108,7 +13494,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:157
+#: sssd-kcm.8.xml:155
 msgid ""
 "The generic SSSD service options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the kcm service.  Please refer to "
@@ -13118,28 +13504,408 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-kcm.8.xml:168
+#: sssd-kcm.8.xml:166
 msgid "socket_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:171
+#: sssd-kcm.8.xml:169
 msgid "The socket the KCM service will listen on."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:174
+#: sssd-kcm.8.xml:172
 msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:184
+#: sssd-kcm.8.xml:182
 msgid ""
 "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>,"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
+msgid "sssd-systemtap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-systemtap.5.xml:17
+msgid "SSSD systemtap information"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:23
+msgid ""
+"This manual page provides information about the systemtap functionality in "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:32
+msgid ""
+"SystemTap Probe points have been added into various locations in SSSD code "
+"to assist in troubleshooting and analyzing performance related issues."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:40
+msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:46
+msgid ""
+"Probes and miscellaneous functions are defined in /usr/share/systemtap/"
+"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp "
+"respectively."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-systemtap.5.xml:57
+msgid "PROBE POINTS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:341
+msgid ""
+"The information below lists the probe points and arguments available in the "
+"following format:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:64
+msgid "probe $name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:67
+msgid "Description of probe point"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:70
+#, no-wrap
+msgid ""
+"variable1:datatype\n"
+"variable2:datatype\n"
+"variable3:datatype\n"
+"...\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:80
+msgid "Database Transaction Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:84
+msgid "probe sssd_transaction_start"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:87
+msgid ""
+"Start of a sysdb transaction, probes the sysdb_transaction_start() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118
+#: sssd-systemtap.5.xml:131
+#, no-wrap
+msgid ""
+"nesting:integer\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:97
+msgid "probe sssd_transaction_cancel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:100
+msgid ""
+"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel()  "
+"function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:111
+msgid "probe sssd_transaction_commit_before"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:114
+msgid "Probes the sysdb_transaction_commit_before()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:124
+msgid "probe sssd_transaction_commit_after"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:127
+msgid "Probes the sysdb_transaction_commit_after()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:141
+msgid "LDAP Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:145
+msgid "probe sdap_search_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:148
+msgid "Probes the sdap_get_generic_ext_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:152 sssd-systemtap.5.xml:167 sssd-systemtap.5.xml:196
+#, no-wrap
+msgid ""
+"base:string\n"
+"scope:integer\n"
+"filter:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:160
+msgid "probe sdap_search_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:163
+msgid "Probes the sdap_get_generic_ext_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:175
+msgid "probe sdap_deref_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:178
+msgid "Probes the sdap_deref_search_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:182
+#, no-wrap
+msgid ""
+"base_dn:string\n"
+"deref_attr:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:189
+msgid "probe sdap_deref_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:192
+msgid "Probes the sdap_deref_search_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:208
+msgid "LDAP Account Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:212
+msgid "probe sdap_acct_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:215
+msgid "Probes the sdap_acct_req_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:219 sssd-systemtap.5.xml:234
+#, no-wrap
+msgid ""
+"entry_type:int\n"
+"filter_type:int\n"
+"filter_value:string\n"
+"extra_value:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:227
+msgid "probe sdap_acct_req_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:230
+msgid "Probes the sdap_acct_req_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:246
+msgid "LDAP User Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:250
+msgid "probe sdap_search_user_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:253
+msgid "Probes the sdap_search_user_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
+#: sssd-systemtap.5.xml:293
+#, no-wrap
+msgid ""
+"filter:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:262
+msgid "probe sdap_search_user_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:265
+msgid "Probes the sdap_search_user_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:274
+msgid "probe sdap_search_user_save_begin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:277
+msgid "Probes the sdap_search_user_save_begin()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:286
+msgid "probe sdap_search_user_save_end"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:289
+msgid "Probes the sdap_search_user_save_end()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:302
+msgid "Data Provider Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:306
+msgid "probe dp_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:309
+msgid "A Data Provider request is submitted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:312
+#, no-wrap
+msgid ""
+"dp_req_domain:string\n"
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:320
+msgid "probe dp_req_done"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:323
+msgid "A Data Provider request is completed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:326
+#, no-wrap
+msgid ""
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"dp_ret:int\n"
+"dp_errorstr:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:339
+msgid "MISCELLANEOUS FUNCTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:346
+msgid "function acct_req_desc(entry_type)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:349
+msgid "Convert entry_type to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:354
+msgid ""
+"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
+"filter_value, extra_value)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:358
+msgid "Create probe string based on filter type"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:363
+msgid "function dp_target_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:366
+msgid "Convert target to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:371
+msgid "function dp_method_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:374
+msgid "Convert method to string and return string"
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
 msgid "SERVICE DISCOVERY"
@@ -13289,6 +14055,67 @@ msgid ""
 "offline mode, and then attempts to reconnect every 30 seconds."
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:53
+msgid "Failover time outs and tuning"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:55
+msgid ""
+"Resolving a server to connect to can be as simple as running a single DNS "
+"query or can involve several steps, such as finding the correct site or "
+"trying out multiple host names in case some of the configured servers are "
+"not reachable. The more complex scenarios can take some time and SSSD needs "
+"to balance between providing enough time to finish the resolution process "
+"but on the other hand, not trying for too long before falling back to "
+"offline mode. If the SSSD debug logs show that the server resolution is "
+"timing out before a live server is contacted, you can consider changing the "
+"time outs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:76
+msgid "dns_resolver_op_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:80
+msgid "How long would SSSD talk to a single DNS server."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:86
+msgid "dns_resolver_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:90
+msgid ""
+"How long would SSSD try to resolve a failover service. This service "
+"resolution internally might include several steps, such as resolving DNS SRV "
+"queries or locating the site."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:67
+msgid ""
+"This section lists the available tunables. Please refer to their description "
+"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, manual page.  <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:100
+msgid ""
+"For LDAP-based providers, the resolve operation is performed as part of an "
+"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"quote> timeout should be set to a larger value than "
+"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
+"value than <quote>dns_resolver_op_timeout</quote>."
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/ldap_id_mapping.xml:2
 msgid "ID MAPPING"
@@ -13868,34 +14695,37 @@ msgid ""
 "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> "
 "<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+"citerefentry>, </phrase> <citerefentry> <refentrytitle>sssd-session-"
+"recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, "
+"<citerefentry> <refentrytitle>sss_cache</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
-"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
+"\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
 "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>.  <citerefentry> "
 "<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
+"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
+"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> </phrase>"
 msgstr ""
 
 #. type: Content of: <listitem><para>
@@ -14186,42 +15016,37 @@ msgstr ""
 msgid "ldap_user_auth_type = ipaUserAuthType"
 msgstr ""
 
-#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:88
-msgid "ldap_user_certificate = userCertificate;binary"
-msgstr ""
-
 #. type: Content of: <refsect1><refsect2><title>
-#: include/ipa_modified_defaults.xml:94
+#: include/ipa_modified_defaults.xml:89
 msgid "LDAP Provider - Group options"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:98
+#: include/ipa_modified_defaults.xml:93
 msgid "ldap_group_object_class = ipaUserGroup"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:103
+#: include/ipa_modified_defaults.xml:98
 msgid "ldap_group_object_class_alt = posixGroup"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:108
+#: include/ipa_modified_defaults.xml:103
 msgid "ldap_group_member = member"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:113
+#: include/ipa_modified_defaults.xml:108
 msgid "ldap_group_uuid = ipaUniqueID"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:118
+#: include/ipa_modified_defaults.xml:113
 msgid "ldap_group_objectsid = ipaNTSecurityIdentifier"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:123
+#: include/ipa_modified_defaults.xml:118
 msgid "ldap_group_external_member = ipaExternalMember"
 msgstr ""
diff --git a/src/man/po/ca.po b/src/man/po/ca.po
index 65c55888d..c3bac849e 100644
--- a/src/man/po/ca.po
+++ b/src/man/po/ca.po
@@ -12,9 +12,9 @@
 # Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>, 2015. #zanata
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.12.90\n"
+"Project-Id-Version: sssd-docs 1.15.3\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2017-07-25 11:51+0200\n"
+"POT-Creation-Date: 2017-10-20 16:15+0200\n"
 "PO-Revision-Date: 2015-10-18 04:13-0400\n"
 "Last-Translator: Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>\n"
 "Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/"
@@ -36,7 +36,8 @@ msgstr ""
 #: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
 #: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
 #: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5
-#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-kcm.8.xml:5
+#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-session-recording.5.xml:5
+#: sssd-kcm.8.xml:5 sssd-systemtap.5.xml:5
 msgid "SSSD Manual pages"
 msgstr "Pàgines del manual de l'SSSD"
 
@@ -80,7 +81,8 @@ msgstr ""
 #: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31
 #: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
 #: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30
-#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-kcm.8.xml:21
+#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-session-recording.5.xml:21
+#: sssd-kcm.8.xml:21 sssd-systemtap.5.xml:21
 msgid "DESCRIPTION"
 msgstr "DESCRIPCIÓ"
 
@@ -97,8 +99,8 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "OPCIONS"
 
@@ -149,7 +151,8 @@ msgstr "sssd.conf"
 #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
 #: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11
 #: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
-#: sssd-files.5.xml:11 sssd-secrets.5.xml:11
+#: sssd-files.5.xml:11 sssd-secrets.5.xml:11 sssd-session-recording.5.xml:11
+#: sssd-systemtap.5.xml:11
 msgid "5"
 msgstr "5"
 
@@ -157,7 +160,8 @@ msgstr "5"
 #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
 #: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12
 #: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
-#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-kcm.8.xml:12
+#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-session-recording.5.xml:12
+#: sssd-kcm.8.xml:12 sssd-systemtap.5.xml:12
 msgid "File Formats and Conventions"
 msgstr "Formats i convencions dels fitxers"
 
@@ -303,10 +307,8 @@ msgstr "debug_level (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:112
-#, fuzzy
-#| msgid "debug_level (integer)"
 msgid "debug (integer)"
-msgstr "debug_level (enter)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:115
@@ -333,11 +335,11 @@ msgstr ""
 "opció."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:813
-#: sssd.conf.5.xml:1422 sssd-ldap.5.xml:1695 sssd-ldap.5.xml:1792
-#: sssd-ldap.5.xml:1854 sssd-ldap.5.xml:2411 sssd-ldap.5.xml:2476
-#: sssd-ldap.5.xml:2494 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:284 sssd-secrets.5.xml:297
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
+#: sssd.conf.5.xml:1467 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1881 sssd-ldap.5.xml:2447 sssd-ldap.5.xml:2512
+#: sssd-ldap.5.xml:2530 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
+#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr "Per defecte: true"
 
@@ -357,17 +359,19 @@ msgstr ""
 "aleshores s'ignora aquesta opció."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:697
-#: sssd.conf.5.xml:1376 sssd.conf.5.xml:2691 sssd-ldap.5.xml:708
-#: sssd-ldap.5.xml:1569 sssd-ldap.5.xml:1588 sssd-ldap.5.xml:1764
-#: sssd-ldap.5.xml:2181 sssd-ipa.5.xml:144 sssd-ipa.5.xml:231
-#: sssd-ipa.5.xml:496 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
+#: sssd.conf.5.xml:1400 sssd.conf.5.xml:2865 sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:1596 sssd-ldap.5.xml:1615 sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:2217 sssd-ipa.5.xml:145 sssd-ipa.5.xml:232
+#: sssd-ipa.5.xml:540 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
 #: sssd-krb5.5.xml:471
 msgid "Default: false"
 msgstr "Per defecte: false"
 
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2219
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2255
+#: sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:210
+#: sssd-systemtap.5.xml:248 sssd-systemtap.5.xml:304
 msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
 
@@ -383,21 +387,15 @@ msgstr "timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:162
-#, fuzzy
-#| msgid ""
-#| "Timeout in seconds between heartbeats for this service. This is used to "
-#| "ensure that the process is alive and capable of answering requests."
 msgid ""
 "Timeout in seconds between heartbeats for this service. This is used to "
 "ensure that the process is alive and capable of answering requests. Note "
 "that after three missed heartbeats the process will terminate itself."
 msgstr ""
-"El temps d'expiració entre els batecs per aquest servei. S'utilitza per "
-"assegurar que el procés età viu i és capaç de respondre a les peticions."
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1328 sssd.conf.5.xml:2707
-#: sssd-ldap.5.xml:1440 include/ldap_id_mapping.xml:264
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1352 sssd.conf.5.xml:2881
+#: sssd-ldap.5.xml:1467 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr "Per defecte: 10"
 
@@ -412,7 +410,7 @@ msgid "The [sssd] section"
 msgstr "La secció [sssd]"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:2796
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:2970
 msgid "Section parameters"
 msgstr "Paràmetres de la secció"
 
@@ -466,12 +464,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:589
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
 msgid "reconnection_retries (integer)"
 msgstr "reconnection_retries (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:592
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
@@ -481,7 +479,7 @@ msgstr ""
 "vençuts"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:597
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
 msgid "Default: 3"
 msgstr "Per defecte: 3"
 
@@ -492,13 +490,6 @@ msgstr "domains"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:247
-#, fuzzy
-#| msgid ""
-#| "A domain is a database containing user information. SSSD can use more "
-#| "domains at the same time, but at least one must be configured or SSSD "
-#| "won't start.  This parameter described the list of domains in the order "
-#| "you want them to be queried.  A domain name should only consist of "
-#| "alphanumeric ASCII characters, dashes, dots and underscores."
 msgid ""
 "A domain is a database containing user information. SSSD can use more "
 "domains at the same time, but at least one must be configured or SSSD won't "
@@ -506,15 +497,9 @@ msgid ""
 "them to be queried.  A domain name should only consist of alphanumeric ASCII "
 "characters, dashes, dots and underscores."
 msgstr ""
-"Un domini és una base de dades que conté la informació de l'usuari. L'SSSD "
-"pot utilitzar més d'un domini al mateix temps, però com a mínim se n'ha de "
-"configurar un o no s'iniciarà l'SSSD. En aquest paràmetre es descriuen la "
-"llista dels dominis en l'ordre que vulgueu que es consultin. Un nom de "
-"domini tan sols pot consistir de caràcters alfanumèrics ASCII, guions, punts "
-"i guions baixos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2508
 msgid "re_expression (string)"
 msgstr "re_expression (cadena)"
 
@@ -529,28 +514,19 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:267
-#, fuzzy
-#| msgid ""
-#| "Each domain can have an individual regular expression configured. For "
-#| "some ID providers there are also default regular expressions.  See DOMAIN "
-#| "SECTIONS for more info on these regular expressions."
 msgid ""
 "Each domain can have an individual regular expression configured. For some "
 "ID providers there are also default regular expressions. See DOMAIN SECTIONS "
 "for more info on these regular expressions."
 msgstr ""
-"Cadascun dels dominis pot tenir una expressió regular configurada de forma "
-"individual. Per alguns proveïdors d'id. també hi ha expressions regulars per "
-"defecte. Vegeu les SECCIONS DELS DOMINIS per a més informació sobre aquestes "
-"expressions regulars."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2391
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2559
 msgid "full_name_format (string)"
 msgstr "full_name_format (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2394
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2562
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -561,40 +537,40 @@ msgstr ""
 "compondre un FQN des dels components del nom d'usuari i del nom del domini."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2405
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2573
 msgid "%1$s"
 msgstr "%1$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2574
 msgid "user name"
 msgstr "nom d'usuari"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2577
 msgid "%2$s"
 msgstr "%2$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2412
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2580
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 "el nom del domini tal com s'especifica al fitxer de configuració de l'SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2418
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2586
 msgid "%3$s"
 msgstr "%3$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2421
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2589
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2402
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2570
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -752,11 +728,11 @@ msgstr ""
 "d'aquesta opció juntament amb use_fully_qualified_names establert a False."
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1132 sssd-ldap.5.xml:679
-#: sssd-ldap.5.xml:1528 sssd-ldap.5.xml:1540 sssd-ldap.5.xml:1622
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1156 sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:1555 sssd-ldap.5.xml:1567 sssd-ldap.5.xml:1649
 #: sssd-ad.5.xml:667 sssd-ad.5.xml:742 sssd-krb5.5.xml:410 sssd-krb5.5.xml:556
-#: sssd-secrets.5.xml:272 sssd-secrets.5.xml:310 sssd-secrets.5.xml:323
-#: sssd-secrets.5.xml:337 sssd-secrets.5.xml:348
+#: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
+#: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415
 #: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
 msgid "Default: not set"
 msgstr "Per defecte: sense establir"
@@ -792,10 +768,8 @@ msgstr "Per defecte: sense establir (no se substituiran els espais)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:448
-#, fuzzy
-#| msgid "ldap_user_certificate (string)"
 msgid "certificate_verification (string)"
-msgstr "ldap_user_certificate (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:456
@@ -856,12 +830,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:497
-#, fuzzy
-#| msgid "These options can be used to configure the InfoPipe responder."
 msgid "This option must be used together with ocsp_default_responder."
 msgstr ""
-"Es poden utilitzar aquestes opcions per configurar el contestador de "
-"l'InfoPipe."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:451
@@ -878,18 +848,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:507
-#, fuzzy
-#| msgid "Default: not set, i.e. service discovery is disabled"
 msgid "Default: not set, i.e. do not restrict certificate verification"
 msgstr ""
-"Defecte: no definit, és a dir, el descobriment de serveis està inhabilitat"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:513
-#, fuzzy
-#| msgid "ldap_disable_paging (boolean)"
 msgid "disable_netlink (boolean)"
-msgstr "ldap_disable_paging (booleà)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:516
@@ -907,17 +872,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:526
-#, fuzzy
-#| msgid "Default: False (disabled)"
 msgid "Default: false (netlink changes are detected)"
-msgstr "Per defecte: False (inhabilitat)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:531
-#, fuzzy
-#| msgid "ad_enable_dns_sites (boolean)"
 msgid "enable_files_domain (boolean)"
-msgstr "ad_enable_dns_sites (booleà)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:534
@@ -942,8 +903,24 @@ msgid ""
 "be looked up in a random order for each parent domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:563
+msgid ""
+"Please, note that when this option is set the output format of all commands "
+"is always fully-qualified even when using short names for input.  In case "
+"the administrator wants the output not fully-qualified, the full_name_format "
+"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
+"However, keep in mind that during login, login applications often "
+"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
+"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
+"shortname is returned for a qualified input (while trying to reach a user "
+"which exists in multiple domains) might re-route the login attempt into the "
+"domain which users shortnames, making this workaround totally not "
+"recommended in cases where usernames may overlap between domains."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563 sssd.conf.5.xml:1340 sssd.conf.5.xml:2757
+#: sssd.conf.5.xml:587 sssd.conf.5.xml:1364 sssd.conf.5.xml:2931
 #: sssd-ad.5.xml:148 sssd-ad.5.xml:286 sssd-ad.5.xml:300
 msgid "Default: Not set"
 msgstr "Per defecte: Sense establir"
@@ -966,12 +943,12 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:574
+#: sssd.conf.5.xml:598
 msgid "SERVICES SECTIONS"
 msgstr "SECCIONS DELS SERVEIS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:600
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -984,22 +961,22 @@ msgstr ""
 "quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:607
 msgid "General service configuration options"
 msgstr "Opcions de configuració del servei general"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:609
 msgid "These options can be used to configure any service."
 msgstr "Es poden utilitzar aquestes opcions per configurar qualsevol servei."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:626
 msgid "fd_limit"
 msgstr "fd_limit"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:605
+#: sssd.conf.5.xml:629
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -1009,17 +986,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:614
+#: sssd.conf.5.xml:638
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:643
 msgid "client_idle_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:646
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -1029,18 +1006,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:631 sssd.conf.5.xml:663 sssd.conf.5.xml:944
-#: sssd.conf.5.xml:1198 sssd-ldap.5.xml:1267
+#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
+#: sssd.conf.5.xml:1222 sssd-ldap.5.xml:1294
 msgid "Default: 60"
 msgstr "Per defecte: 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:660
 msgid "offline_timeout (integer)"
 msgstr "offline_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:663
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -1048,24 +1025,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:670
 msgid "offline_timeout + random_offset"
 msgstr "offline_timeout + random_offset"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:673
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:678
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr "new_interval = old_interval*2 + random_offset"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:681
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -1073,14 +1050,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:668
-#, fuzzy
-#| msgid "client_idle_timeout"
+#: sssd.conf.5.xml:692
 msgid "responder_idle_timeout"
-msgstr "client_idle_timeout"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:695
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1092,30 +1067,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685 sssd.conf.5.xml:956 sssd.conf.5.xml:1514
+#: sssd.conf.5.xml:709 sssd.conf.5.xml:980 sssd.conf.5.xml:1559
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr "Per defecte: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:690
+#: sssd.conf.5.xml:714
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:717
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:729
 msgid "NSS configuration options"
 msgstr "Opcions de configuració de l'NSS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:731
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
@@ -1123,12 +1098,12 @@ msgstr ""
 "Service Switch)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:712
+#: sssd.conf.5.xml:736
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715
+#: sssd.conf.5.xml:739
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
@@ -1137,17 +1112,17 @@ msgstr ""
 "(peticions d'informació sobre tots els usuaris)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:719
+#: sssd.conf.5.xml:743
 msgid "Default: 120"
 msgstr "Per defecte: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:748
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr "entry_cache_nowait_percentage (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
+#: sssd.conf.5.xml:751
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1158,7 +1133,7 @@ msgstr ""
 "valor entry_cache_timeout per al domini."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:733
+#: sssd.conf.5.xml:757
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1174,7 +1149,7 @@ msgstr ""
 "peticions que esperen per a una actualització de la memòria cau."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:767
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1187,17 +1162,17 @@ msgstr ""
 "(0 desactiva aquesta característica)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:775 sssd.conf.5.xml:1421
 msgid "Default: 50"
 msgstr "Per defecte: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:780
 msgid "entry_negative_timeout (integer)"
 msgstr "entry_negative_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:783
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1209,45 +1184,34 @@ msgstr ""
 "altra vegada."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:765 sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:789 sssd.conf.5.xml:1445
 msgid "Default: 15"
 msgstr "Per defecte: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:770
-#, fuzzy
-#| msgid "autofs_negative_timeout (integer)"
+#: sssd.conf.5.xml:794
 msgid "local_negative_timeout (integer)"
-msgstr "autofs_negative_timeout (enter)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:773
-#, fuzzy
-#| msgid ""
-#| "Specifies for how many seconds nss_sss should cache negative cache hits "
-#| "(that is, queries for invalid database entries, like nonexistent ones)  "
-#| "before asking the back end again."
+#: sssd.conf.5.xml:797
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again."
 msgstr ""
-"Especifica quants segons nss_sss hauria d'emmagatzemar els intents de la "
-"memòria cau negatius (és a dir, consultes per a les entrades incorrectes de "
-"la base de dades, com les inexistents) abans de preguntar al rerefons una "
-"altra vegada."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778 sssd.conf.5.xml:1186 sssd.conf.5.xml:2641 sssd.8.xml:79
+#: sssd.conf.5.xml:802 sssd.conf.5.xml:1210 sssd.conf.5.xml:2815 sssd.8.xml:79
 msgid "Default: 0"
 msgstr "Per defecte: 0"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:807
 msgid "filter_users, filter_groups (string)"
 msgstr "filter_users, filter_groups (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:786
+#: sssd.conf.5.xml:810
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1256,7 +1220,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:817
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1265,17 +1229,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:801
+#: sssd.conf.5.xml:825
 msgid "Default: root"
 msgstr "Per defecte: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:830
 msgid "filter_users_in_groups (bool)"
 msgstr "filter_users_in_groups (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:833
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
@@ -1283,12 +1247,12 @@ msgstr ""
 "aquesta opció a false."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:820
+#: sssd.conf.5.xml:844
 msgid "fallback_homedir (string)"
 msgstr "fallback_homedir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:847
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
@@ -1297,7 +1261,7 @@ msgstr ""
 "si no se n'especifica cap explícitament amb el proveïdor de dades del domini."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:852
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
@@ -1305,7 +1269,7 @@ msgstr ""
 "override_homedir."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:834
+#: sssd.conf.5.xml:858
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1315,25 +1279,25 @@ msgstr ""
 "                            "
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1265 sssd.conf.5.xml:1284
+#: sssd.conf.5.xml:856 sssd.conf.5.xml:1289 sssd.conf.5.xml:1308
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "exemple: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:862
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 "Per defecte: sense establir (cap substitució per als directoris inicials no "
 "establerts)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:868
 msgid "override_shell (string)"
 msgstr "override_shell (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:871
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1344,18 +1308,18 @@ msgstr ""
 "pot configurar ja sigui en la secció [nss] o per cada domini."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:877
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 "Per defecte: sense establir (SSSD utilitzarà el valor recuperat del LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:883
 msgid "allowed_shells (string)"
 msgstr "allowed_shells (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:886
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
@@ -1363,31 +1327,31 @@ msgstr ""
 "d'avaluació és:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:889
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr "1. Si el shell està present al <quote>/etc/shells</quote>, s'utilitza."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:869
+#: sssd.conf.5.xml:893
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:898
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:879
+#: sssd.conf.5.xml:903
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:906
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1395,111 +1359,105 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:913
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:892
+#: sssd.conf.5.xml:916
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:920
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:925
 msgid "vetoed_shells (string)"
 msgstr "vetoed_shells (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:904
+#: sssd.conf.5.xml:928
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:909
+#: sssd.conf.5.xml:933
 msgid "shell_fallback (string)"
 msgstr "shell_fallback (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:936
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:940
 msgid "Default: /bin/sh"
 msgstr "Per defecte: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:945
 msgid "default_shell"
 msgstr "default_shell"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:948
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:954
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:937 sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:961 sssd.conf.5.xml:1215
 msgid "get_domains_timeout (int)"
 msgstr "get_domains_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1218
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:973
 msgid "memcache_timeout (int)"
 msgstr "memcache_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:952
+#: sssd.conf.5.xml:976
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
-#, fuzzy
-#| msgid ""
-#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
-#| "applications will not use the fast in memory cache."
+#: sssd.conf.5.xml:983
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
-"Si la variable d'entorn SSS_NSS_USE_MEMCACHE està establerta a \"NO\", les "
-"aplicacions clients no utilitzaran el fast en la memòria cau."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:967 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:991 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr "user_attributes (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:994
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1510,50 +1468,48 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1007
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1012
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:993
-#, fuzzy
-#| msgid "skel_dir (string)"
+#: sssd.conf.5.xml:1017
 msgid "pwfield (string)"
-msgstr "skel_dir (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:996
+#: sssd.conf.5.xml:1020
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1025 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1004
+#: sssd.conf.5.xml:1028
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1012
+#: sssd.conf.5.xml:1036
 msgid "PAM configuration options"
 msgstr "Opcions de configuració del PAM"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1038
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
@@ -1562,12 +1518,12 @@ msgstr ""
 "(Pluggable Authentication Module)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1043
 msgid "offline_credentials_expiration (integer)"
 msgstr "offline_credentials_expiration (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1022
+#: sssd.conf.5.xml:1046
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
@@ -1577,17 +1533,17 @@ msgstr ""
 "de sessió)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027 sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1051 sssd.conf.5.xml:1064
 msgid "Default: 0 (No limit)"
 msgstr "Per defecte: 0 (sense límit)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1057
 msgid "offline_failed_login_attempts (integer)"
 msgstr "offline_failed_login_attempts (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1060
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
@@ -1596,12 +1552,12 @@ msgstr ""
 "fallits es permet."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1070
 msgid "offline_failed_login_delay (integer)"
 msgstr "offline_failed_login_delay (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1073
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
@@ -1611,7 +1567,7 @@ msgstr ""
 "possible."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1078
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1619,17 +1575,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1084 sssd.conf.5.xml:1182
 msgid "Default: 5"
 msgstr "Per defecte: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1090
 msgid "pam_verbosity (integer)"
 msgstr "pam_verbosity (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1093
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
@@ -1638,114 +1594,106 @@ msgstr ""
 "l'autenticació. Com més gran sigui el nombre més missatges es mostren."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1098
 msgid "Currently sssd supports the following values:"
 msgstr "L'sssd actualment admet els següents valors:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1101
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr "<emphasis>0</emphasis>: no mostris cap missatge"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1104
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr "<emphasis>1</emphasis>: Mostra només missatges importants"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1108
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr "<emphasis>2</emphasis>: Mostra missatges informatius"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1111
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 "<emphasis>3</emphasis>: Mostra tots els missatges i informació de depuració"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.8.xml:63
+#: sssd.conf.5.xml:1115 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Per defecte: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
-#, fuzzy
-#| msgid "pam_verbosity (integer)"
+#: sssd.conf.5.xml:1121
 msgid "pam_response_filter (integer)"
-msgstr "pam_verbosity (enter)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1124
 msgid ""
-"A comma separated list of strings which allows to remove (filter) data send "
+"A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
-"responses send to pam_sss e.g. messages displayed to the user or environment "
+"responses sent to pam_sss e.g. messages displayed to the user or environment "
 "variables which should be set by pam_sss."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1132
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1139
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1116
-msgid "Do not sent any environment variables to any service."
+#: sssd.conf.5.xml:1140
+msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1143
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
-msgid "Do not sent environment variable var_name to any service."
+#: sssd.conf.5.xml:1144
+msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1148
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1125
-msgid "Do not sent environment variable var_name to service."
+#: sssd.conf.5.xml:1149
+msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
-#, fuzzy
-#| msgid ""
-#| "The following expansions are supported: <placeholder type=\"variablelist"
-#| "\" id=\"0\"/>"
+#: sssd.conf.5.xml:1137
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
-"S'admeten les següents ampliacions: <placeholder type=\"variablelist\" id="
-"\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1159
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1165
 msgid "pam_id_timeout (integer)"
 msgstr "pam_id_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1168
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1757,7 +1705,7 @@ msgstr ""
 "l'última informació."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1174
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1771,17 +1719,17 @@ msgstr ""
 "excessives al proveïdor d'identitat."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1188
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr "pam_pwd_expiration_warning (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1167 sssd.conf.5.xml:1866
+#: sssd.conf.5.xml:1191 sssd.conf.5.xml:2010
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1194
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1789,31 +1737,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1869
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2013
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1205
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1227
 msgid "pam_trusted_users (string)"
 msgstr "pam_trusted_users (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1206
-#, fuzzy
-#| msgid ""
-#| "Specifies the comma-separated list of UID values or user names that are "
-#| "allowed to access the InfoPipe responder. User names are resolved to UIDs "
-#| "at startup."
+#: sssd.conf.5.xml:1230
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1821,79 +1764,76 @@ msgid ""
 "<quote>pam_public_domains</quote>.  User names are resolved to UIDs at "
 "startup."
 msgstr ""
-"Especifica una llista separada per comes dels valors dels UID o dels noms "
-"d'usuaris que estan assignats per accedir al contestador de l'InfoPipe. Els "
-"noms d'usuaris es resolen als UID en la preparació."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1240
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1220
+#: sssd.conf.5.xml:1244
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1251
 msgid "pam_public_domains (string)"
 msgstr "pam_public_domains (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1254
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1258
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1238
+#: sssd.conf.5.xml:1262
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1242
+#: sssd.conf.5.xml:1266
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1246 sssd.conf.5.xml:1271 sssd.conf.5.xml:1290
-#: sssd.conf.5.xml:1663 sssd.conf.5.xml:2577 sssd-ldap.5.xml:1823
+#: sssd.conf.5.xml:1270 sssd.conf.5.xml:1295 sssd.conf.5.xml:1314
+#: sssd.conf.5.xml:1807 sssd.conf.5.xml:2751 sssd-ldap.5.xml:1850
 msgid "Default: none"
 msgstr "Per defecte: none"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1275
 msgid "pam_account_expired_message (string)"
 msgstr "pam_account_expired_message (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1254
+#: sssd.conf.5.xml:1278
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1283
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:1291
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1901,21 +1841,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1276
-#, fuzzy
-#| msgid "pam_account_expired_message (string)"
+#: sssd.conf.5.xml:1300
 msgid "pam_account_locked_message (string)"
-msgstr "pam_account_expired_message (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1303
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1310
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1923,14 +1861,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
-#, fuzzy
-#| msgid "enumerate (bool)"
+#: sssd.conf.5.xml:1319
 msgid "pam_cert_auth (bool)"
-msgstr "enumerate (booleà)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1322
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1938,64 +1874,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1304 sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1078
-#: sssd-ldap.5.xml:1369 sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1896
+#: sssd.conf.5.xml:1328 sssd-ldap.5.xml:1078 sssd-ldap.5.xml:1105
+#: sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1417 sssd-ldap.5.xml:1923
 #: include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr "Per defecte: False"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1309
-#, fuzzy
-#| msgid "krb5_confd_path (string)"
+#: sssd.conf.5.xml:1333
 msgid "pam_cert_db_path (string)"
-msgstr "krb5_confd_path (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1312
+#: sssd.conf.5.xml:1336
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1340
 msgid "Default: /etc/pki/nssdb (NSS version)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
-#, fuzzy
-#| msgid "pam_id_timeout (integer)"
+#: sssd.conf.5.xml:1345
 msgid "p11_child_timeout (integer)"
-msgstr "pam_id_timeout (enter)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1348
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
-#, fuzzy
-#| msgid "ad_gpo_map_service (string)"
+#: sssd.conf.5.xml:1357
 msgid "pam_app_services (string)"
-msgstr "ad_gpo_map_service (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1360
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1349
+#: sssd.conf.5.xml:1373
 msgid "SUDO configuration options"
 msgstr "Opcions de configuració de SUDO"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1351
+#: sssd.conf.5.xml:1375
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -2013,35 +1943,52 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1392
 msgid "sudo_timed (bool)"
 msgstr "sudo_timed (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1371
+#: sssd.conf.5.xml:1395
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1407
+#, fuzzy
+#| msgid "ldap_deref_threshold (integer)"
+msgid "sudo_threshold (integer)"
+msgstr "ldap_deref_threshold (enter)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1410
+msgid ""
+"Maximum number of expired rules that can be refreshed at once. If number of "
+"expired rules is below threshold, those rules are refreshed with "
+"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
+"<quote>full refresh</quote> of sudo rules is triggered instead. This "
+"threshold number also applies to IPA sudo command and command group searches."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1429
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1431
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 "Es poden utilitzar aquestes opcions per configurar el servei de l'autofs."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1390
+#: sssd.conf.5.xml:1435
 msgid "autofs_negative_timeout (integer)"
 msgstr "autofs_negative_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1393
+#: sssd.conf.5.xml:1438
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -2049,72 +1996,68 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1409
+#: sssd.conf.5.xml:1454
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1411
+#: sssd.conf.5.xml:1456
 msgid "These options can be used to configure the SSH service."
 msgstr "Es poden utilitzar aquestes opcions per configurar el servei de l'SSH."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1415
+#: sssd.conf.5.xml:1460
 msgid "ssh_hash_known_hosts (bool)"
 msgstr "ssh_hash_known_hosts (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1463
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1427
+#: sssd.conf.5.xml:1472
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr "ssh_known_hosts_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430
+#: sssd.conf.5.xml:1475
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1434
+#: sssd.conf.5.xml:1479
 msgid "Default: 180"
 msgstr "Per defecte: 180"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1439
-#, fuzzy
-#| msgid "mail_dir (string)"
+#: sssd.conf.5.xml:1484
 msgid "ca_db (string)"
-msgstr "mail_dir (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1487
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1447
-#, fuzzy
-#| msgid "Default: /etc/krb5.keytab"
+#: sssd.conf.5.xml:1492
 msgid "Default: /etc/pki/nssdb"
-msgstr "Per defecte: /etc/krb5.keytab"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1455
+#: sssd.conf.5.xml:1500
 msgid "PAC responder configuration options"
 msgstr "Opcions de configuració del contestador del PAC."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1457
+#: sssd.conf.5.xml:1502
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2125,7 +2068,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1466
+#: sssd.conf.5.xml:1511
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2136,25 +2079,25 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1519
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1525
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 "Es poden utilitzar aquestes opcions per configurar el contestador del PAC."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1484 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1529 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr "allowed_uids (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1487
+#: sssd.conf.5.xml:1532
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -2162,12 +2105,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1538
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1497
+#: sssd.conf.5.xml:1542
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -2176,33 +2119,186 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
-#, fuzzy
-#| msgid "pam_id_timeout (integer)"
+#: sssd.conf.5.xml:1551
 msgid "pac_lifetime (integer)"
-msgstr "pam_id_timeout (enter)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1554
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1567
+#, fuzzy
+#| msgid "PAC responder configuration options"
+msgid "Session recording configuration options"
+msgstr "Opcions de configuració del contestador del PAC."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1569
+#, fuzzy
+#| msgid ""
+#| "This manual page describes the configuration of the IPA provider for "
+#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
+#| "manvolnum> </citerefentry>.  For a detailed syntax reference, refer to "
+#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
+#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> manual page."
+msgid ""
+"Session recording works in conjunction with <citerefentry> "
+"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>, a part of tlog package, to log what users see and type when "
+"they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
+"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+"En aquesta pàgina del manual es descriu la configuració del proveïdor IPA "
+"per a <citerefentry><refentrytitle>sssd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry>.  Per una referència detallada sintaxi, aneu a la "
+"secció de <quote>FORMAT DE FITXER</quote> de la pàgina del manual "
+"<citerefentry>d'<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1582
+#, fuzzy
+#| msgid "These options can be used to configure any service."
+msgid "These options can be used to configure session recording."
+msgstr "Es poden utilitzar aquestes opcions per configurar qualsevol servei."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1586 sssd-session-recording.5.xml:64
+#, fuzzy
+#| msgid "user (string)"
+msgid "scope (string)"
+msgstr "user (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:71
+#, fuzzy
+#| msgid "none"
+msgid "\"none\""
+msgstr "none"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:74
+msgid "No users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1601 sssd-session-recording.5.xml:79
+msgid "\"some\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1604 sssd-session-recording.5.xml:82
+#, fuzzy
+#| msgid ""
+#| "Append this user to groups specified by the <replaceable>GROUPS</"
+#| "replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter "
+#| "is a comma separated list of group names."
+msgid ""
+"Users/groups specified by <replaceable>users</replaceable> and "
+"<replaceable>groups</replaceable> options are recorded."
+msgstr ""
+"Annexa aquest usuari als grups que s'especifiquen amb el paràmetre dels "
+"<replaceable>GRUPS</replaceable>. El paràmetre dels <replaceable>GRUPS</"
+"replaceable> és una llista delimitada per comes dels noms dels grups."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1613 sssd-session-recording.5.xml:91
+msgid "\"all\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1616 sssd-session-recording.5.xml:94
+msgid "All users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1589 sssd-session-recording.5.xml:67
+#, fuzzy
+#| msgid ""
+#| "The following expansions are supported: <placeholder type=\"variablelist"
+#| "\" id=\"0\"/>"
+msgid ""
+"One of the following strings specifying the scope of session recording: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+"S'admeten les següents ampliacions: <placeholder type=\"variablelist\" id="
+"\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:101
+#, fuzzy
+#| msgid "Default: none"
+msgid "Default: \"none\""
+msgstr "Per defecte: none"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1628 sssd-session-recording.5.xml:106
+#, fuzzy
+#| msgid "user (string)"
+msgid "users (string)"
+msgstr "user (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1631 sssd-session-recording.5.xml:109
+msgid ""
+"A comma-separated list of users which should have session recording enabled. "
+"Matches user names as returned by NSS. I.e. after the possible space "
+"replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1637 sssd-session-recording.5.xml:115
+#, fuzzy
+#| msgid "Default: empty, i.e. ldap_uri is used."
+msgid "Default: Empty. Matches no users."
+msgstr "Per defecte: buit, és a dir, s'utilitza ldap_uri."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1642 sssd-session-recording.5.xml:120
+#, fuzzy
+#| msgid "user (string)"
+msgid "groups (string)"
+msgstr "user (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1645 sssd-session-recording.5.xml:123
+msgid ""
+"A comma-separated list of groups, members of which should have session "
+"recording enabled. Matches group names as returned by NSS. I.e. after the "
+"possible space replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1651 sssd-session-recording.5.xml:129
+msgid ""
+"NOTE: using this option (having it set to anything) has a considerable "
+"performance cost, because each uncached request for a user requires "
+"retrieving and matching the groups the user is member of."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:136
+msgid "Default: Empty. Matches no groups."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1668
 msgid "DOMAIN SECTIONS"
 msgstr "SECCIONS DE DOMINI"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1531
-#, fuzzy
-#| msgid "ad_domain (string)"
+#: sssd.conf.5.xml:1675
 msgid "domain_type (string)"
-msgstr "ad_domain (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1534
+#: sssd.conf.5.xml:1678
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -2211,59 +2307,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1542
+#: sssd.conf.5.xml:1686
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546
-#, fuzzy
-#| msgid ""
-#| "<quote>simple</quote> access control based on access or deny lists. See "
-#| "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-#| "manvolnum></citerefentry> for more information on configuring the simple "
-#| "access module."
+#: sssd.conf.5.xml:1690
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
 "<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>) and the PAM responder."
 msgstr ""
-"<quote>simple</quote> control d'accés basat en llistes d'acceptació o "
-"denegació. Vegeu <citerefentry><refentrytitle>sssd-simple</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> per a més informació sobre la "
-"configuració del mòdul d'accés simple."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1698
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1702
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1562
-#, fuzzy
-#| msgid "Default: posixGroup"
+#: sssd.conf.5.xml:1706
 msgid "Default: posix"
-msgstr "Per defecte: posixGroup"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1568
+#: sssd.conf.5.xml:1712
 msgid "min_id,max_id (integer)"
 msgstr "min_id, max_id (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1715
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
@@ -2272,7 +2356,7 @@ msgstr ""
 "fora d'aquests límits, s'ignora."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1720
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2285,24 +2369,24 @@ msgstr ""
 "com s'esperava."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1727
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1731
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr "Per defecte: 1 per a min_id, 0 (sense límit) per a max_id"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1737
 msgid "enumerate (bool)"
 msgstr "enumerate (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596
+#: sssd.conf.5.xml:1740
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
@@ -2311,22 +2395,22 @@ msgstr ""
 "valors següents:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1744
 msgid "TRUE = Users and groups are enumerated"
 msgstr "TRUE = Els usuaris i grups s'enumeren"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603
+#: sssd.conf.5.xml:1747
 msgid "FALSE = No enumerations for this domain"
 msgstr "FALSE = Cap enumeració per a aquest domini"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1821 sssd.conf.5.xml:1988
+#: sssd.conf.5.xml:1750 sssd.conf.5.xml:1965 sssd.conf.5.xml:2132
 msgid "Default: FALSE"
 msgstr "Per defecte: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1609
+#: sssd.conf.5.xml:1753
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2338,7 +2422,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1766
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
@@ -2348,7 +2432,7 @@ msgstr ""
 "finalitzi."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1771
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2362,39 +2446,39 @@ msgstr ""
 "ús."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:1779
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1643
+#: sssd.conf.5.xml:1787
 msgid "subdomain_enumerate (string)"
 msgstr "subdomain_enumerate (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1650
+#: sssd.conf.5.xml:1794
 msgid "all"
 msgstr "all"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1651
+#: sssd.conf.5.xml:1795
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1798
 msgid "none"
 msgstr "none"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1799
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1790
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2403,12 +2487,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1813
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672
+#: sssd.conf.5.xml:1816
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
@@ -2417,7 +2501,7 @@ msgstr ""
 "demanar al rerefons una altra vegada"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1820
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2428,153 +2512,153 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1689
+#: sssd.conf.5.xml:1833
 msgid "Default: 5400"
 msgstr "Per defecte: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1695
+#: sssd.conf.5.xml:1839
 msgid "entry_cache_user_timeout (integer)"
 msgstr "entry_cache_user_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1698
+#: sssd.conf.5.xml:1842
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1702 sssd.conf.5.xml:1715 sssd.conf.5.xml:1728
-#: sssd.conf.5.xml:1741 sssd.conf.5.xml:1754 sssd.conf.5.xml:1768
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1846 sssd.conf.5.xml:1859 sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1885 sssd.conf.5.xml:1898 sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1926
 msgid "Default: entry_cache_timeout"
 msgstr "Per defecte: entry_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1708
+#: sssd.conf.5.xml:1852
 msgid "entry_cache_group_timeout (integer)"
 msgstr "entry_cache_group_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1711
+#: sssd.conf.5.xml:1855
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1721
+#: sssd.conf.5.xml:1865
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr "entry_cache_netgroup_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1868
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1878
 msgid "entry_cache_service_timeout (integer)"
 msgstr "entry_cache_service_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1881
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1891
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr "entry_cache_sudo_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1750
+#: sssd.conf.5.xml:1894
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1760
+#: sssd.conf.5.xml:1904
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr "entry_cache_autofs_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1763
+#: sssd.conf.5.xml:1907
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1774
+#: sssd.conf.5.xml:1918
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr "entry_cache_ssh_host_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1921
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1932
 msgid "refresh_expired_interval (integer)"
 msgstr "refresh_expired_interval (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1791
+#: sssd.conf.5.xml:1935
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1796
+#: sssd.conf.5.xml:1940
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1944
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1804 sssd-ldap.5.xml:746 sssd-ipa.5.xml:247
+#: sssd.conf.5.xml:1948 sssd-ldap.5.xml:746 sssd-ipa.5.xml:248
 msgid "Default: 0 (disabled)"
 msgstr "Per defecte: 0 (inhabilitat)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1810
+#: sssd.conf.5.xml:1954
 msgid "cache_credentials (bool)"
 msgstr "cache_credentials (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1957
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 "Determina si les credencials d'usuari també són emmagatzemades en la memòria "
 "cau local de LDB"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1961
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1827
+#: sssd.conf.5.xml:1971
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1830
+#: sssd.conf.5.xml:1974
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2582,24 +2666,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1981
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1986
 msgid "Default: 8"
 msgstr "Per defecte: 8"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1992
 msgid "account_cache_expiration (integer)"
 msgstr "account_cache_expiration (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1995
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2612,17 +2696,17 @@ msgstr ""
 "ha de ser superior o igual que offline_credentials_expiration."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1858
+#: sssd.conf.5.xml:2002
 msgid "Default: 0 (unlimited)"
 msgstr "Per defecte: 0 (sense límit)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:2007
 msgid "pwd_expiration_warning (integer)"
 msgstr "pwd_expiration_warning (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1874
+#: sssd.conf.5.xml:2018
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2631,33 +2715,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1881
+#: sssd.conf.5.xml:2025
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr "Per defecte: 7 (Kerberos), 0 (LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:2031
 msgid "id_provider (string)"
 msgstr "id_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2034
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1894
+#: sssd.conf.5.xml:2038
 msgid "<quote>proxy</quote>: Support a legacy NSS provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897 sssd.conf.5.xml:2034
+#: sssd.conf.5.xml:2041 sssd.conf.5.xml:2178
 msgid "<quote>local</quote>: SSSD internal provider for local users"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:2045
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2665,8 +2749,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1909 sssd.conf.5.xml:2014 sssd.conf.5.xml:2069
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2053 sssd.conf.5.xml:2158 sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2675,8 +2759,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1918 sssd.conf.5.xml:2023 sssd.conf.5.xml:2078
-#: sssd.conf.5.xml:2141
+#: sssd.conf.5.xml:2062 sssd.conf.5.xml:2167 sssd.conf.5.xml:2222
+#: sssd.conf.5.xml:2285
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2684,19 +2768,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2073
 msgid "use_fully_qualified_names (bool)"
 msgstr "use_fully_qualified_names (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:2076
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2081
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2709,7 +2793,7 @@ msgstr ""
 "l'usuari mentre que <command>getent passwd test@LOCAL</command> sí."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1945
+#: sssd.conf.5.xml:2089
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2717,22 +2801,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1952
+#: sssd.conf.5.xml:2096
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2102
 msgid "ignore_group_members (bool)"
 msgstr "ignore_group_members (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1961
+#: sssd.conf.5.xml:2105
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2108
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2744,7 +2828,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1982
+#: sssd.conf.5.xml:2126
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2752,12 +2836,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1993
+#: sssd.conf.5.xml:2137
 msgid "auth_provider (string)"
 msgstr "auth_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1996
+#: sssd.conf.5.xml:2140
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
@@ -2766,7 +2850,7 @@ msgstr ""
 "d'autenticació suportats són:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000 sssd.conf.5.xml:2062
+#: sssd.conf.5.xml:2144 sssd.conf.5.xml:2206
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2777,7 +2861,7 @@ msgstr ""
 "manvolnum></citerefentry> per a més informació sobre configuració d'LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2007
+#: sssd.conf.5.xml:2151
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2788,7 +2872,7 @@ msgstr ""
 "manvolnum></citerefentry> per a més informació sobre configurar Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2175
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
@@ -2796,12 +2880,12 @@ msgstr ""
 "de PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2182
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr "<quote>none</quote> impossibilita l'autenticació explícitament."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2041
+#: sssd.conf.5.xml:2185
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
@@ -2810,12 +2894,12 @@ msgstr ""
 "gestionar les sol·licituds d'autenticació."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2191
 msgid "access_provider (string)"
 msgstr "access_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2194
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2826,19 +2910,19 @@ msgstr ""
 "instal·lats) Els proveïdors especials interns són:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
+#: sssd.conf.5.xml:2200
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059
+#: sssd.conf.5.xml:2203
 msgid "<quote>deny</quote> always deny access."
 msgstr "<quote>deny</quote> sempre denega l'accés."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2086
+#: sssd.conf.5.xml:2230
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2851,44 +2935,30 @@ msgstr ""
 "configuració del mòdul d'accés simple."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2093
-#, fuzzy
-#| msgid ""
-#| "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> for more information on configuring Kerberos."
+#: sssd.conf.5.xml:2237
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
 "citerefentry> for more information on configuring Kerberos."
 msgstr ""
-"<quote>krb5</quote> per a l'autenticació Kerberos. Vegeu "
-"<citerefentry><refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> per a més informació sobre configurar Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2100
-#, fuzzy
-#| msgid ""
-#| "<quote>proxy</quote> for relaying password changes to some other PAM "
-#| "target."
+#: sssd.conf.5.xml:2244
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
-"<quote>proxy</quote> per al canvi de contrasenya reenviat a algun altre "
-"objectiu PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2247
 msgid "Default: <quote>permit</quote>"
 msgstr "Per defecte: <quote>permit</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2108
+#: sssd.conf.5.xml:2252
 msgid "chpass_provider (string)"
 msgstr "chpass_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2111
+#: sssd.conf.5.xml:2255
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
@@ -2897,24 +2967,15 @@ msgstr ""
 "al domini.  Els proveïdors de canvi de contrasenya compatibles són:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2116
-#, fuzzy
-#| msgid ""
-#| "<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-#| "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> for more information on configuring LDAP."
+#: sssd.conf.5.xml:2260
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry> for more information on configuring LDAP."
 msgstr ""
-"<quote>ldap</quote> per canviar una contrasenya emmagatzemada en un servidor "
-"LDAP.  Vegeu <citerefentry><refentrytitle>sssd-ldap</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> per a més informació sobre "
-"configuració d'LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2124
+#: sssd.conf.5.xml:2268
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2925,7 +2986,7 @@ msgstr ""
 "manvolnum></citerefentry> per a més informació sobre configurar Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2149
+#: sssd.conf.5.xml:2293
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
@@ -2933,12 +2994,12 @@ msgstr ""
 "objectiu PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2153
+#: sssd.conf.5.xml:2297
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr "<quote>none</quote> rebutja els canvis de contrasenya explícitament."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2300
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
@@ -2947,17 +3008,17 @@ msgstr ""
 "gestionar peticions de canvi de contrasenya."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2163
+#: sssd.conf.5.xml:2307
 msgid "sudo_provider (string)"
 msgstr "sudo_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2166
+#: sssd.conf.5.xml:2310
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2314
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2965,32 +3026,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2178
+#: sssd.conf.5.xml:2322
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2326
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2186
+#: sssd.conf.5.xml:2330
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189 sssd.conf.5.xml:2267 sssd.conf.5.xml:2308
-#: sssd.conf.5.xml:2333
+#: sssd.conf.5.xml:2333 sssd.conf.5.xml:2411 sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2501
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2337
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -3001,12 +3062,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2210
+#: sssd.conf.5.xml:2354
 msgid "selinux_provider (string)"
 msgstr "selinux_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2357
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -3014,7 +3075,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2219
+#: sssd.conf.5.xml:2363
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3022,31 +3083,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2227
+#: sssd.conf.5.xml:2371
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2230
+#: sssd.conf.5.xml:2374
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2380
 msgid "subdomains_provider (string)"
 msgstr "subdomains_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2383
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2245
+#: sssd.conf.5.xml:2389
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3054,7 +3115,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2254
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -3063,23 +3124,62 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2263
+#: sssd.conf.5.xml:2407
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2417
+#, fuzzy
+#| msgid "selinux_provider (string)"
+msgid "session_provider (string)"
+msgstr "selinux_provider (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2420
+msgid ""
+"The provider which configures and manages user session related tasks. The "
+"only user session task currently provided is the integration with Fleet "
+"Commander, which works only with IPA.  Supported session providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2427
+msgid "<quote>ipa</quote> to allow performing user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2431
+msgid ""
+"<quote>none</quote> does not perform any kind of user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2435
+#, fuzzy
+#| msgid ""
+#| "Default: <quote>id_provider</quote> is used if it is set and can handle "
+#| "authentication requests."
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can perform "
+"session related tasks."
+msgstr ""
+"Per defecte: <quote>id_provider</quote> s'utilitza si s'ha establert i pot "
+"gestionar les sol·licituds d'autenticació."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2442
 msgid "autofs_provider (string)"
 msgstr "autofs_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2445
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2449
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3087,7 +3187,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2288
+#: sssd.conf.5.xml:2456
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3095,41 +3195,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2296
-#, fuzzy
-#| msgid ""
-#| "<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-#| "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> for more information on configuring LDAP."
+#: sssd.conf.5.xml:2464
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry> for more information on configuring the AD provider."
 msgstr ""
-"<quote>ldap</quote> per canviar una contrasenya emmagatzemada en un servidor "
-"LDAP.  Vegeu <citerefentry><refentrytitle>sssd-ldap</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> per a més informació sobre "
-"configuració d'LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2305
+#: sssd.conf.5.xml:2473
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2483
 msgid "hostid_provider (string)"
 msgstr "hostid_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2486
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2322
+#: sssd.conf.5.xml:2490
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3137,12 +3228,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2330
+#: sssd.conf.5.xml:2498
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2343
+#: sssd.conf.5.xml:2511
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -3152,7 +3243,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2520
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -3161,29 +3252,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2525
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2528
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2363
+#: sssd.conf.5.xml:2531
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2366
+#: sssd.conf.5.xml:2534
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2371
+#: sssd.conf.5.xml:2539
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -3194,7 +3285,7 @@ msgstr ""
 "quote> , el domini és tot el que hi ha després\""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2377
+#: sssd.conf.5.xml:2545
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -3202,7 +3293,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2384
+#: sssd.conf.5.xml:2552
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
@@ -3211,17 +3302,17 @@ msgstr ""
 "sintaxi Python (?P &lt;name&gt;) a l'etiqueta subpatterns."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2431
+#: sssd.conf.5.xml:2599
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "Per defecte: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2437
+#: sssd.conf.5.xml:2605
 msgid "lookup_family_order (string)"
 msgstr "lookup_family_order (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2440
+#: sssd.conf.5.xml:2608
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
@@ -3230,64 +3321,77 @@ msgstr ""
 "realitzar cerques de DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2444
+#: sssd.conf.5.xml:2612
 msgid "Supported values:"
 msgstr "Valors admesos:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2447
+#: sssd.conf.5.xml:2615
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr "ipv4_first: Intenta resoldre l'adreça IPv4, si falla, intenta IPv6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2450
+#: sssd.conf.5.xml:2618
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr "ipv4_only: Intenta resoldre només noms màquina a adreces IPv4."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2621
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr "ipv6_first: Intenta resoldre l'adreça IPv6, si falla, intenta IPv4"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2456
+#: sssd.conf.5.xml:2624
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr "ipv6_only: Intenta resoldre només noms màquina a adreces IPv6."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2459
+#: sssd.conf.5.xml:2627
 msgid "Default: ipv4_first"
 msgstr "Per defecte: ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2633
 msgid "dns_resolver_timeout (integer)"
 msgstr "dns_resolver_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2468
+#: sssd.conf.5.xml:2636
+#, fuzzy
+#| msgid ""
+#| "Defines the amount of time (in seconds) to wait for a reply from the DNS "
+#| "resolver before assuming that it is unreachable. If this timeout is "
+#| "reached, the domain will continue to operate in offline mode."
 msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
+"Defines the amount of time (in seconds) to wait for a reply from the "
+"internal fail over service before assuming that the service is unreachable. "
+"If this timeout is reached, the domain will continue to operate in offline "
+"mode."
 msgstr ""
 "Defineix la quantitat de temps (en segons) per esperar per una resposta de "
 "la resolució de DNS abans d'assumir que és inaccessible. Si s'arriba a "
 "aquest temps d'espera, el domini seguirà operant en el mode fora de línia."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2474 sssd-ldap.5.xml:1251 sssd-ldap.5.xml:1293
-#: sssd-ldap.5.xml:1311 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2643
+msgid ""
+"Please see the section <quote>FAILOVER</quote> for more information about "
+"the service resolution."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2648 sssd-ldap.5.xml:1278 sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1338 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr "Per defecte: 6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2654
 msgid "dns_discovery_domain (string)"
 msgstr "dns_discovery_domain (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2483
+#: sssd.conf.5.xml:2657
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
@@ -3296,52 +3400,52 @@ msgstr ""
 "del domini de la consulta DNS del servei de descobriment."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2661
 msgid "Default: Use the domain part of machine's hostname"
 msgstr "Per defecte: Utilitza la part del domini del nom de màquina"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2493
+#: sssd.conf.5.xml:2667
 msgid "override_gid (integer)"
 msgstr "override_gid (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2496
+#: sssd.conf.5.xml:2670
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2502
+#: sssd.conf.5.xml:2676
 msgid "case_sensitive (string)"
 msgstr "case_sensitive (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2510
+#: sssd.conf.5.xml:2684
 msgid "True"
 msgstr "True"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2513
+#: sssd.conf.5.xml:2687
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2519
+#: sssd.conf.5.xml:2693
 msgid "False"
 msgstr "False"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2695
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2525
+#: sssd.conf.5.xml:2699
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2528
+#: sssd.conf.5.xml:2702
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -3349,7 +3453,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2505
+#: sssd.conf.5.xml:2679
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -3357,17 +3461,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2540
+#: sssd.conf.5.xml:2714
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2546
+#: sssd.conf.5.xml:2720
 msgid "subdomain_inherit (string)"
 msgstr "subdomain_inherit (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2549
+#: sssd.conf.5.xml:2723
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3375,34 +3479,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2729
 msgid "ignore_group_members"
 msgstr "ignore_group_members"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2558
+#: sssd.conf.5.xml:2732
 msgid "ldap_purge_cache_timeout"
 msgstr "ldap_purge_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2561 sssd-ldap.5.xml:1084
+#: sssd.conf.5.xml:2735 sssd-ldap.5.xml:1111
 msgid "ldap_use_tokengroups"
 msgstr "ldap_use_tokengroups"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2564
+#: sssd.conf.5.xml:2738
 msgid "ldap_user_principal"
 msgstr "ldap_user_principal"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2567
+#: sssd.conf.5.xml:2741
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2573
+#: sssd.conf.5.xml:2747
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3412,32 +3516,32 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2571 sssd-secrets.5.xml:381
+#: sssd.conf.5.xml:2745 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "Exemple: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2580
+#: sssd.conf.5.xml:2754
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2587
+#: sssd.conf.5.xml:2761
 msgid "subdomain_homedir (string)"
 msgstr "subdomain_homedir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2772
 msgid "%F"
 msgstr "%F"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2599
+#: sssd.conf.5.xml:2773
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2764
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3447,36 +3551,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:2778
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:2782
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr "Per defecte: <filename>/home/%d/%u</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2613
+#: sssd.conf.5.xml:2787
 msgid "realmd_tags (string)"
 msgstr "realmd_tags (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2616
+#: sssd.conf.5.xml:2790
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2622
-#, fuzzy
-#| msgid "memcache_timeout (int)"
+#: sssd.conf.5.xml:2796
 msgid "cached_auth_timeout (int)"
-msgstr "memcache_timeout (enter)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2625
+#: sssd.conf.5.xml:2799
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3484,12 +3586,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2805
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2635
+#: sssd.conf.5.xml:2809
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3497,7 +3599,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1670
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3508,17 +3610,17 @@ msgstr ""
 "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2653
+#: sssd.conf.5.xml:2827
 msgid "proxy_pam_target (string)"
 msgstr "proxy_pam_target (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2656
+#: sssd.conf.5.xml:2830
 msgid "The proxy target PAM proxies to."
 msgstr "El servidor intermediari on reenvia PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2659
+#: sssd.conf.5.xml:2833
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
@@ -3527,12 +3629,12 @@ msgstr ""
 "de pam existent o crear-ne una de nova i afegir aquí el nom del servei."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2841
 msgid "proxy_lib_name (string)"
 msgstr "proxy_lib_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2670
+#: sssd.conf.5.xml:2844
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3543,12 +3645,12 @@ msgstr ""
 "format _nss_$(libName)_$(function), per exemple _nss_files_getpwent."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2680
+#: sssd.conf.5.xml:2854
 msgid "proxy_fast_alias (boolean)"
 msgstr "proxy_fast_alias (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2683
+#: sssd.conf.5.xml:2857
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3557,14 +3659,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2697
-#, fuzzy
-#| msgid "min_id,max_id (integer)"
+#: sssd.conf.5.xml:2871
 msgid "proxy_max_children (integer)"
-msgstr "min_id, max_id (enter)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2700
+#: sssd.conf.5.xml:2874
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3572,7 +3672,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2823
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
@@ -3581,12 +3681,12 @@ msgstr ""
 "\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2890
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2892
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3603,7 +3703,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2738
+#: sssd.conf.5.xml:2912
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3611,21 +3711,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2744
-#, fuzzy
-#| msgid "Section parameters"
+#: sssd.conf.5.xml:2918
 msgid "Application domain parameters"
-msgstr "Paràmetres de la secció"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2746
-#, fuzzy
-#| msgid "subdomain_inherit (string)"
+#: sssd.conf.5.xml:2920
 msgid "inherit_from (string)"
-msgstr "subdomain_inherit (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2749
+#: sssd.conf.5.xml:2923
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3634,18 +3730,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2937
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
-"through the NSS responder. In addition, the application domains also "
-"requests the telephoneNumber attribute, stores it as the phone attribute in "
-"the cache and makes the phone attribute reachable through the D-Bus "
-"interface."
+"through the NSS responder. In addition, the application domain also requests "
+"the telephoneNumber attribute, stores it as the phone attribute in the cache "
+"and makes the phone attribute reachable through the D-Bus interface."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:2771
+#: sssd.conf.5.xml:2945
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3665,12 +3760,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2963
 msgid "The local domain section"
 msgstr "La secció del domini local"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2791
+#: sssd.conf.5.xml:2965
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3681,29 +3776,29 @@ msgstr ""
 "<replaceable>id_provider = local</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2798
+#: sssd.conf.5.xml:2972
 msgid "default_shell (string)"
 msgstr "default_shell (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2975
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 "El shell predeterminat per als usuaris que es creen amb eines de l'espai "
 "d'usuari de l'SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2805
+#: sssd.conf.5.xml:2979
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr "Per defecte: <filename>/bin/bash</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2810
+#: sssd.conf.5.xml:2984
 msgid "base_directory (string)"
 msgstr "base_directory (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2987
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
@@ -3712,46 +3807,46 @@ msgstr ""
 "replaceable> i utilitzen aquest com el directori inicial."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2992
 msgid "Default: <filename>/home</filename>"
 msgstr "Per defecte: <filename>/home</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2823
+#: sssd.conf.5.xml:2997
 msgid "create_homedir (bool)"
 msgstr "create_homedir (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:3000
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830 sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:3004 sssd.conf.5.xml:3016
 msgid "Default: TRUE"
 msgstr "Per defecte: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2835
+#: sssd.conf.5.xml:3009
 msgid "remove_homedir (bool)"
 msgstr "remove_homedir (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2838
+#: sssd.conf.5.xml:3012
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2847
+#: sssd.conf.5.xml:3021
 msgid "homedir_umask (integer)"
 msgstr "homedir_umask (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2850
+#: sssd.conf.5.xml:3024
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3762,17 +3857,17 @@ msgstr ""
 "defecte en un directori inicial acabat de crear."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2858
+#: sssd.conf.5.xml:3032
 msgid "Default: 077"
 msgstr "Per defecte: 077"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:3037
 msgid "skel_dir (string)"
 msgstr "skel_dir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2866
+#: sssd.conf.5.xml:3040
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3785,17 +3880,17 @@ msgstr ""
 "manvolnum></citerefentry>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2876
+#: sssd.conf.5.xml:3050
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr "Per defecte: <filename>/etc/skel</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2881
+#: sssd.conf.5.xml:3055
 msgid "mail_dir (string)"
 msgstr "mail_dir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2884
+#: sssd.conf.5.xml:3058
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3806,17 +3901,17 @@ msgstr ""
 "suprimit.  Si no s'especifica, s'utilitzarà un valor per defecte."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2891
+#: sssd.conf.5.xml:3065
 msgid "Default: <filename>/var/mail</filename>"
 msgstr "Per defecte: <filename>/var/correu</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:3070
 msgid "userdel_cmd (string)"
 msgstr "userdel_cmd (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2899
+#: sssd.conf.5.xml:3073
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3827,102 +3922,85 @@ msgstr ""
 "té en compte."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2905
+#: sssd.conf.5.xml:3079
 msgid "Default: None, no command is run"
 msgstr "Per defecte: Cap, no s'executa cap comanda"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2915
-#, fuzzy
-#| msgid "DOMAIN SECTIONS"
+#: sssd.conf.5.xml:3089
 msgid "TRUSTED DOMAIN SECTION"
-msgstr "SECCIONS DE DOMINI"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:3091
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
 "<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
-"replaceable>]</quote>.  Currently supported options in the trusted domain "
-"section are:"
+"replaceable>]</quote>.  Where DOMAIN_NAME is the actual joined-to base "
+"domain. Please refer to examples below for explanation.  Currently supported "
+"options in the trusted domain section are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2922
-#, fuzzy
-#| msgid "ldap_search_base (string)"
+#: sssd.conf.5.xml:3098
 msgid "ldap_search_base,"
-msgstr "ldap_search_base (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2923
-#, fuzzy
-#| msgid "ldap_user_search_base (string)"
+#: sssd.conf.5.xml:3099
 msgid "ldap_user_search_base,"
-msgstr "ldap_user_search_base (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2924
-#, fuzzy
-#| msgid "ldap_group_search_base (string)"
+#: sssd.conf.5.xml:3100
 msgid "ldap_group_search_base,"
-msgstr "ldap_group_search_base (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2925
-#, fuzzy
-#| msgid "ldap_netgroup_search_base (string)"
+#: sssd.conf.5.xml:3101
 msgid "ldap_netgroup_search_base,"
-msgstr "ldap_netgroup_search_base (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2926
-#, fuzzy
-#| msgid "ldap_service_search_base (string)"
+#: sssd.conf.5.xml:3102
 msgid "ldap_service_search_base,"
-msgstr "ldap_service_search_base (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2927
+#: sssd.conf.5.xml:3103
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2928
-#, fuzzy
-#| msgid "ad_server, ad_backup_server (string)"
+#: sssd.conf.5.xml:3104
 msgid "ad_backup_server,"
-msgstr "ad_server, ad_backup_server (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2929
+#: sssd.conf.5.xml:3105
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2930
-#, fuzzy
-#| msgid "use_fully_qualified_names (bool)"
+#: sssd.conf.5.xml:3106
 msgid "use_fully_qualified_names"
-msgstr "use_fully_qualified_names (booleà)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2932
+#: sssd.conf.5.xml:3108
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2938 sssd-ldap.5.xml:2662 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:673 sssd-ad.5.xml:1018 sssd-krb5.5.xml:570
-#: sss_rpcidmapd.5.xml:98 sssd-files.5.xml:71
-msgid "EXAMPLE"
-msgstr "EXEMPLE"
+#: sssd.conf.5.xml:3114 idmap_sss.8.xml:43
+msgid "EXAMPLES"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2944
+#: sssd.conf.5.xml:3120
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3976,9 +4054,15 @@ msgstr ""
 "enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2940
+#: sssd.conf.5.xml:3116
+#, fuzzy
+#| msgid ""
+#| "The following example shows a typical SSSD config. It does not describe "
+#| "configuration of the domains themselves - refer to documentation on "
+#| "configuring domains for more details.  <placeholder type=\"programlisting"
+#| "\" id=\"0\"/>"
 msgid ""
-"The following example shows a typical SSSD config. It does not describe "
+"1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 "id=\"0\"/>"
@@ -3988,6 +4072,25 @@ msgstr ""
 "documentació sobre la configuració dels dominis per a més detalls. "
 "<placeholder type=\"programlisting\" id=\"0\"/>"
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:3153
+#, no-wrap
+msgid ""
+"[domain/ipa.com/child.ad.com]\n"
+"use_fully_qualified_names = false\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3147
+msgid ""
+"2. The following example shows configuration of IPA AD trust where the AD "
+"forest consists of two domains in a parent-child structure.  Suppose IPA "
+"domain (ipa.com) has trust with AD domain(ad.com).  ad.com has child domain "
+"(child.ad.com). To enable shortnames in the child domain the following "
+"configuration should be used.  <placeholder type=\"programlisting\" id=\"0\"/"
+">"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
 msgid "sssd-ldap"
@@ -4041,7 +4144,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:75 sssd-ad.5.xml:99
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
-#: sssd-secrets.5.xml:94 sssd-kcm.8.xml:141
+#: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
 msgstr "OPCIONS DE CONFIGURACIÓ"
 
@@ -4061,7 +4164,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:197
+#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:264
 msgid "The format of the URI must match the format defined in RFC 2732:"
 msgstr ""
 
@@ -4351,16 +4454,14 @@ msgstr ""
 "L'atribut LDAP que correspon a l'identificador del grup primari de l'usuari."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:893
+#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:920
 msgid "Default: gidNumber"
 msgstr "Per defecte: gidNumber"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:303
-#, fuzzy
-#| msgid "ldap_user_principal (string)"
 msgid "ldap_user_primary_group (string)"
-msgstr "ldap_user_principal (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:306
@@ -4431,7 +4532,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:919
+#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:946
 msgid ""
 "Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
 "IPA"
@@ -4450,7 +4551,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:961
 msgid "Default: objectSid for ActiveDirectory, not set for other servers."
 msgstr ""
 
@@ -4460,7 +4561,7 @@ msgid "ldap_user_modify_timestamp (string)"
 msgstr "ldap_user_modify_timestamp (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:944 sssd-ldap.5.xml:1167
+#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:971 sssd-ldap.5.xml:1194
 msgid ""
 "The LDAP attribute that contains timestamp of the last modification of the "
 "parent object."
@@ -4469,7 +4570,7 @@ msgstr ""
 "pare."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:948 sssd-ldap.5.xml:1174
+#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:975 sssd-ldap.5.xml:1201
 msgid "Default: modifyTimestamp"
 msgstr "Per defecte: modifyTimestamp"
 
@@ -4903,8 +5004,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
 msgstr "L'atribut LDAP que correspon al nom complet de l'usuari."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1199
-#: sssd-ldap.5.xml:2240 sssd-ipa.5.xml:544
+#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1152 sssd-ldap.5.xml:1226
+#: sssd-ldap.5.xml:2276 sssd-ipa.5.xml:588
 msgid "Default: cn"
 msgstr "Per defecte: cn"
 
@@ -4996,136 +5097,183 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:833
-msgid "ldap_user_certificate (string)"
-msgstr "ldap_user_certificate (cadena)"
+#, fuzzy
+#| msgid "ldap_user_authorized_host (string)"
+msgid "ldap_user_authorized_rhost (string)"
+msgstr "ldap_user_authorized_host (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:836
-msgid "Name of the LDAP attribute containing the X509 certificate of the user."
+#, fuzzy
+#| msgid ""
+#| "If access_provider=ldap and ldap_access_order=authorized_service, SSSD "
+#| "will use the presence of the authorizedService attribute in the user's "
+#| "LDAP entry to determine access privilege."
+msgid ""
+"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
+"presence of the rhost attribute in the user's LDAP entry to determine access "
+"privilege. Similarly to host verification process."
+msgstr ""
+"Si access_provider=ldap i ldap_access_order=authorized_service, l'SSSD farà "
+"servir la presència de l'atribut authorizedService a l'entrada LDAP de "
+"l'usuari per determinar els privilegis d'accés."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:843
+#, fuzzy
+#| msgid ""
+#| "An explicit deny (!svc) is resolved first. Second, SSSD searches for "
+#| "explicit allow (svc) and finally for allow_all (*)."
+msgid ""
+"An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
+"explicit allow (rhost) and finally for allow_all (*)."
 msgstr ""
+"Una denegació explícita (!svc) es resol en primer lloc. En segon lloc, "
+"l'SSSD cerca autoritzacions explícites (svc) i, finalment, allow_all (*)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:840
-msgid "Default: no set in the general case, userCertificate;binary for IPA"
+#: sssd-ldap.5.xml:848
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>rhost</quote> in order for the "
+"ldap_user_authorized_rhost option to work."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:855
+#, fuzzy
+#| msgid "Default: root"
+msgid "Default: rhost"
+msgstr "Per defecte: root"
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:847
+#: sssd-ldap.5.xml:861
+msgid "ldap_user_certificate (string)"
+msgstr "ldap_user_certificate (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "Name of the LDAP attribute containing the X509 certificate of the user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:868
 #, fuzzy
-#| msgid "ldap_user_shell (string)"
+#| msgid "Default: nsContainer"
+msgid "Default: userCertificate;binary"
+msgstr "Per defecte: nsContainer"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:874
 msgid "ldap_user_email (string)"
-msgstr "ldap_user_shell (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:850
-#, fuzzy
-#| msgid "The LDAP attribute that contains the names of the group's members."
+#: sssd-ldap.5.xml:877
 msgid "Name of the LDAP attribute containing the email address of the user."
-msgstr "L'atribut LDAP que conté els noms dels membres del grup."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-#, fuzzy
-#| msgid "Default: false"
+#: sssd-ldap.5.xml:881
 msgid "Default: mail"
-msgstr "Per defecte: false"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:860
+#: sssd-ldap.5.xml:887
 msgid "ldap_group_object_class (string)"
 msgstr "ldap_group_object_class (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:890
 msgid "The object class of a group entry in LDAP."
 msgstr "La classe d'objecte d'una entrada de grup a LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:893
 msgid "Default: posixGroup"
 msgstr "Per defecte: posixGroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:872
+#: sssd-ldap.5.xml:899
 msgid "ldap_group_name (string)"
 msgstr "ldap_group_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:875
+#: sssd-ldap.5.xml:902
 msgid "The LDAP attribute that corresponds to the group name."
 msgstr "L'atribut LDAP que es correspon amb el nom del grup."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:879
+#: sssd-ldap.5.xml:906
 msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:886
+#: sssd-ldap.5.xml:913
 msgid "ldap_group_gid_number (string)"
 msgstr "ldap_group_gid_number (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:916
 msgid "The LDAP attribute that corresponds to the group's id."
 msgstr "L'atribut LDAP que correspon a l'identificador del grup."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:926
 msgid "ldap_group_member (string)"
 msgstr "ldap_group_member (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:902
+#: sssd-ldap.5.xml:929
 msgid "The LDAP attribute that contains the names of the group's members."
 msgstr "L'atribut LDAP que conté els noms dels membres del grup."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:933
 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
 msgstr "Per defecte: memberuid (rfc2307) / member (rfc2307bis)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:939
 msgid "ldap_group_uuid (string)"
 msgstr "ldap_group_uuid (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:942
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:953
 msgid "ldap_group_objectsid (string)"
 msgstr "ldap_group_objectsid (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:929
+#: sssd-ldap.5.xml:956
 msgid ""
 "The LDAP attribute that contains the objectSID of an LDAP group object. This "
 "is usually only necessary for ActiveDirectory servers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:968
 msgid "ldap_group_modify_timestamp (string)"
 msgstr "ldap_group_modify_timestamp (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:981
 msgid "ldap_group_type (integer)"
 msgstr "ldap_group_type (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:957
+#: sssd-ldap.5.xml:984
 msgid ""
 "The LDAP attribute that contains an integer value indicating the type of the "
 "group and maybe other flags."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:962
+#: sssd-ldap.5.xml:989
 msgid ""
 "This attribute is currently only used by the AD provider to determine if a "
 "group is a domain local groups and has to be filtered out for trusted "
@@ -5133,36 +5281,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:968
+#: sssd-ldap.5.xml:995
 msgid "Default: groupType in the AD provider, otherwise not set"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:975
-#, fuzzy
-#| msgid "ldap_group_member (string)"
+#: sssd-ldap.5.xml:1002
 msgid "ldap_group_external_member (string)"
-msgstr "ldap_group_member (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:978
+#: sssd-ldap.5.xml:1005
 msgid ""
 "The LDAP attribute that references group members that are defined in an "
 "external domain. At the moment, only IPA's external members are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:1011
 msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1018
 msgid "ldap_group_nesting_level (integer)"
 msgstr "ldap_group_nesting_level (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1021
 msgid ""
 "If ldap_schema is set to a schema format that supports nested groups (e.g. "
 "RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -5174,7 +5320,7 @@ msgstr ""
 "RFC2307."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
+#: sssd-ldap.5.xml:1028
 msgid ""
 "Note: This option specifies the guaranteed level of nested groups to be "
 "processed for any lookup. However, nested groups beyond this limit "
@@ -5184,7 +5330,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1037
 msgid ""
 "If ldap_group_nesting_level is set to 0 then no nested groups are processed "
 "at all. However, when connected to Active-Directory Server 2008 and later "
@@ -5194,17 +5340,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1046
 msgid "Default: 2"
 msgstr "Per defecte: 2"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1025
+#: sssd-ldap.5.xml:1052
 msgid "ldap_groups_use_matching_rule_in_chain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1028
+#: sssd-ldap.5.xml:1055
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which may speed up group lookup operations on deployments with "
@@ -5212,14 +5358,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1034
+#: sssd-ldap.5.xml:1061
 msgid ""
 "In most common cases, it is best to leave this option disabled. It generally "
 "only provides a performance increase on very complex nestings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039 sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1093
 msgid ""
 "If this option is enabled, SSSD will use it if it detects that the server "
 "supports it during initial connection. So \"True\" here essentially means "
@@ -5227,7 +5373,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1072
+#: sssd-ldap.5.xml:1072 sssd-ldap.5.xml:1099
 msgid ""
 "Note: This feature is currently known to work only with Active Directory "
 "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -5236,12 +5382,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1057
+#: sssd-ldap.5.xml:1084
 msgid "ldap_initgroups_use_matching_rule_in_chain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1087
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which might speed up initgroups operations (most notably when "
@@ -5249,169 +5395,169 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1114
 msgid ""
 "This options enables or disables use of Token-Groups attribute when "
 "performing initgroup for users from Active Directory Server 2008 and later."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1092
+#: sssd-ldap.5.xml:1119
 msgid "Default: True for AD and IPA otherwise False."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1125
 msgid "ldap_netgroup_object_class (string)"
 msgstr "ldap_netgroup_object_class (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1101
+#: sssd-ldap.5.xml:1128
 msgid "The object class of a netgroup entry in LDAP."
 msgstr "La classe d'objecte d'una entrada de netgroup a LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1104
+#: sssd-ldap.5.xml:1131
 msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1108
+#: sssd-ldap.5.xml:1135
 msgid "Default: nisNetgroup"
 msgstr "Per defecte: nisNetgroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1114
+#: sssd-ldap.5.xml:1141
 msgid "ldap_netgroup_name (string)"
 msgstr "ldap_netgroup_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1117
+#: sssd-ldap.5.xml:1144
 msgid "The LDAP attribute that corresponds to the netgroup name."
 msgstr "L'atribut LDAP que es correspon amb el nom del netgroup."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1121
+#: sssd-ldap.5.xml:1148
 msgid "In IPA provider, ipa_netgroup_name should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1131
+#: sssd-ldap.5.xml:1158
 msgid "ldap_netgroup_member (string)"
 msgstr "ldap_netgroup_member (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1134
+#: sssd-ldap.5.xml:1161
 msgid "The LDAP attribute that contains the names of the netgroup's members."
 msgstr "L'atribut LDAP que conté els noms dels membres del netgroup."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1165
 msgid "In IPA provider, ipa_netgroup_member should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1142
+#: sssd-ldap.5.xml:1169
 msgid "Default: memberNisNetgroup"
 msgstr "Per defecte: memberNisNetgroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1175
 msgid "ldap_netgroup_triple (string)"
 msgstr "ldap_netgroup_triple (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1178
 msgid ""
 "The LDAP attribute that contains the (host, user, domain) netgroup triples."
 msgstr ""
 "L'atribut LDAP que conté les tripletes netgroup (maquina, usuari, domini)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1155 sssd-ldap.5.xml:1171
+#: sssd-ldap.5.xml:1182 sssd-ldap.5.xml:1198
 msgid "This option is not available in IPA provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1158
+#: sssd-ldap.5.xml:1185
 msgid "Default: nisNetgroupTriple"
 msgstr "Per defecte: nisNetgroupTriple"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1191
 msgid "ldap_netgroup_modify_timestamp (string)"
 msgstr "ldap_netgroup_modify_timestamp (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1207
 msgid "ldap_service_object_class (string)"
 msgstr "ldap_service_object_class (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1210
 msgid "The object class of a service entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1186
+#: sssd-ldap.5.xml:1213
 msgid "Default: ipService"
 msgstr "Per defecte: ipService"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1192
+#: sssd-ldap.5.xml:1219
 msgid "ldap_service_name (string)"
 msgstr "ldap_service_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1195
+#: sssd-ldap.5.xml:1222
 msgid ""
 "The LDAP attribute that contains the name of service attributes and their "
 "aliases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1205
+#: sssd-ldap.5.xml:1232
 msgid "ldap_service_port (string)"
 msgstr "ldap_service_port (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1235
 msgid "The LDAP attribute that contains the port managed by this service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1239
 msgid "Default: ipServicePort"
 msgstr "Per defecte: ipServicePort"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1245
 msgid "ldap_service_proto (string)"
 msgstr "ldap_service_proto (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1248
 msgid ""
 "The LDAP attribute that contains the protocols understood by this service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1252
 msgid "Default: ipServiceProtocol"
 msgstr "Per defecte: ipServiceProtocol"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1231
+#: sssd-ldap.5.xml:1258
 msgid "ldap_service_search_base (string)"
 msgstr "ldap_service_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1236
+#: sssd-ldap.5.xml:1263
 msgid "ldap_search_timeout (integer)"
 msgstr "ldap_search_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1266
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches are allowed to run "
 "before they are cancelled and cached results are returned (and offline mode "
@@ -5419,7 +5565,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1245
+#: sssd-ldap.5.xml:1272
 msgid ""
 "Note: this option is subject to change in future versions of the SSSD. It "
 "will likely be replaced at some point by a series of timeouts for specific "
@@ -5427,12 +5573,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1257
+#: sssd-ldap.5.xml:1284
 msgid "ldap_enumeration_search_timeout (integer)"
 msgstr "ldap_enumeration_search_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1260
+#: sssd-ldap.5.xml:1287
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches for user and group "
 "enumerations are allowed to run before they are cancelled and cached results "
@@ -5440,12 +5586,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1273
+#: sssd-ldap.5.xml:1300
 msgid "ldap_network_timeout (integer)"
 msgstr "ldap_network_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1303
 msgid ""
 "Specifies the timeout (in seconds) after which the <citerefentry> "
 "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -5462,12 +5608,12 @@ msgstr ""
 "manvolnum></citerefentry> retorna en cas de cap activitat."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1326
 msgid "ldap_opt_timeout (integer)"
 msgstr "ldap_opt_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1329
 msgid ""
 "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
 "will abort if no response is received. Also controls the timeout when "
@@ -5476,12 +5622,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1344
 msgid "ldap_connection_expire_timeout (integer)"
 msgstr "ldap_connection_expire_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1347
 msgid ""
 "Specifies a timeout (in seconds) that a connection to an LDAP server will be "
 "maintained. After this time, the connection will be re-established. If used "
@@ -5490,34 +5636,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1328 sssd-ldap.5.xml:2397
+#: sssd-ldap.5.xml:1355 sssd-ldap.5.xml:2433
 msgid "Default: 900 (15 minutes)"
 msgstr "Per defecte: 900 (15 minuts)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1361
 msgid "ldap_page_size (integer)"
 msgstr "ldap_page_size (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1364
 msgid ""
 "Specify the number of records to retrieve from LDAP in a single request. "
 "Some LDAP servers enforce a maximum limit per-request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1342
+#: sssd-ldap.5.xml:1369
 msgid "Default: 1000"
 msgstr "Per defecte: 1000"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1375
 msgid "ldap_disable_paging (boolean)"
 msgstr "ldap_disable_paging (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1378
 msgid ""
 "Disable the LDAP paging control. This option should be used if the LDAP "
 "server reports that it supports the LDAP paging control in its RootDSE but "
@@ -5525,14 +5671,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1384
 msgid ""
 "Example: OpenLDAP servers with the paging control module installed on the "
 "server but not enabled will report it in the RootDSE but be unable to use it."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1363
+#: sssd-ldap.5.xml:1390
 msgid ""
 "Example: 389 DS has a bug where it can only support a one paging control at "
 "a time on a single connection. On busy clients, this can result in some "
@@ -5540,17 +5686,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1375
+#: sssd-ldap.5.xml:1402
 msgid "ldap_disable_range_retrieval (boolean)"
 msgstr "ldap_disable_range_retrieval (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1378
+#: sssd-ldap.5.xml:1405
 msgid "Disable Active Directory range retrieval."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1381
+#: sssd-ldap.5.xml:1408
 msgid ""
 "Active Directory limits the number of members to be retrieved in a single "
 "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -5560,12 +5706,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1396
+#: sssd-ldap.5.xml:1423
 msgid "ldap_sasl_minssf (integer)"
 msgstr "ldap_sasl_minssf (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1426
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -5573,17 +5719,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1432
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1439
 msgid "ldap_deref_threshold (integer)"
 msgstr "ldap_deref_threshold (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1415
+#: sssd-ldap.5.xml:1442
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -5591,13 +5737,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1448
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1452
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -5606,7 +5752,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1433
+#: sssd-ldap.5.xml:1460
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -5614,12 +5760,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1473
 msgid "ldap_tls_reqcert (string)"
 msgstr "ldap_tls_reqcert (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1449
+#: sssd-ldap.5.xml:1476
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
@@ -5629,7 +5775,7 @@ msgstr ""
 "valors següents:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1482
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
@@ -5638,7 +5784,7 @@ msgstr ""
 "certificat del servidor."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1486
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5650,7 +5796,7 @@ msgstr ""
 "normalment."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466
+#: sssd-ldap.5.xml:1493
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5661,7 +5807,7 @@ msgstr ""
 "proporciona un certificat dolent, immediatament s'acaba la sessió."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1472
+#: sssd-ldap.5.xml:1499
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -5672,22 +5818,22 @@ msgstr ""
 "immediatament s'acaba la sessió."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1478
+#: sssd-ldap.5.xml:1505
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1509
 msgid "Default: hard"
 msgstr "Per defecte: hard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1515
 msgid "ldap_tls_cacert (string)"
 msgstr "ldap_tls_cacert (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1518
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
@@ -5696,7 +5842,7 @@ msgstr ""
 "Certificació que reconeixerà l'<command>sssd</command>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1496 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1523 sssd-ldap.5.xml:1541 sssd-ldap.5.xml:1582
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
@@ -5705,12 +5851,12 @@ msgstr ""
 "<filename>/etc/openldap/ldap.conf</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1530
 msgid "ldap_tls_cacertdir (string)"
 msgstr "ldap_tls_cacertdir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1533
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -5724,32 +5870,32 @@ msgstr ""
 "correctes."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1548
 msgid "ldap_tls_cert (string)"
 msgstr "ldap_tls_cert (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1524
+#: sssd-ldap.5.xml:1551
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1534
+#: sssd-ldap.5.xml:1561
 msgid "ldap_tls_key (string)"
 msgstr "ldap_tls_key (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1564
 msgid "Specifies the file that contains the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1573
 msgid "ldap_tls_cipher_suite (string)"
 msgstr "ldap_tls_cipher_suite (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1576
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -5757,12 +5903,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1589
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr "ldap_id_use_start_tls (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1565
+#: sssd-ldap.5.xml:1592
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem class="
 "\"protocol\">tls</systemitem> to protect the channel."
@@ -5771,12 +5917,12 @@ msgstr ""
 "class=\"protocol\">tls</systemitem> per a protegir el canal."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1602
 msgid "ldap_id_mapping (boolean)"
 msgstr "ldap_id_mapping (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1605
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -5784,19 +5930,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1584
+#: sssd-ldap.5.xml:1611
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1594
-#, fuzzy
-#| msgid "ldap_min_id, ldap_max_id (interger)"
+#: sssd-ldap.5.xml:1621
 msgid "ldap_min_id, ldap_max_id (integer)"
-msgstr "ldap_min_id, ldap_max_id (enter)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1624
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -5807,17 +5951,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1636
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1642
 msgid "ldap_sasl_mech (string)"
 msgstr "ldap_sasl_mech (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1645
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
 "supported."
@@ -5826,12 +5970,12 @@ msgstr ""
 "i suportat."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1655
 msgid "ldap_sasl_authid (string)"
 msgstr "ldap_sasl_authid (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1658
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI is used, this "
 "represents the Kerberos principal used for authentication to the directory.  "
@@ -5840,17 +5984,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1666
 msgid "Default: host/hostname@REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1672
 msgid "ldap_sasl_realm (string)"
 msgstr "ldap_sasl_realm (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1648
+#: sssd-ldap.5.xml:1675
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -5858,51 +6002,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1681
 msgid "Default: the value of krb5_realm."
 msgstr "Per defecte: el valor de krb5_realm."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1687
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr "ldap_sasl_canonicalize (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1663
+#: sssd-ldap.5.xml:1690
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1668
+#: sssd-ldap.5.xml:1695
 msgid "Default: false;"
 msgstr "Per defecte: false;"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1701
 msgid "ldap_krb5_keytab (string)"
 msgstr "ldap_krb5_keytab (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1677
+#: sssd-ldap.5.xml:1704
 msgid "Specify the keytab to use when using SASL/GSSAPI."
 msgstr "Especifica el fitxer keytab a utilitzar quan s'utilitza SASL/GSSAPI."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1680
+#: sssd-ldap.5.xml:1707
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 "Per defecte: Fitxer keytab de sistema, normalment <filename>/etc/krb5."
 "keytab</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1686
+#: sssd-ldap.5.xml:1713
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr "ldap_krb5_init_creds (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1689
+#: sssd-ldap.5.xml:1716
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -5913,27 +6057,27 @@ msgstr ""
 "seleccionat és GSSAPI."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1728
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr "ldap_krb5_ticket_lifetime (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1704
+#: sssd-ldap.5.xml:1731
 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr "Especifica el temps de vida en segons de la TGT si s'utilitza GSSAPI."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1708 sssd-ad.5.xml:914
+#: sssd-ldap.5.xml:1735 sssd-ad.5.xml:914
 msgid "Default: 86400 (24 hours)"
 msgstr "Per defecte: 86400 (24 hores)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1714 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1741 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr "krb5_server, krb5_backup_server (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1717
+#: sssd-ldap.5.xml:1744
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -5945,7 +6089,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1756 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -5956,7 +6100,7 @@ msgstr ""
 "retorna a _tcp si no se'n troba cap."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1761 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -5968,41 +6112,41 @@ msgstr ""
 "<quote>krb5_server</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1743 sssd-ipa.5.xml:418 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1770 sssd-ipa.5.xml:432 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr "krb5_realm (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1746
+#: sssd-ldap.5.xml:1773
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
 msgstr "Especifica l'àmbit KERBEROS (per a l'autenticació SASL/GSSAPI)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1749
+#: sssd-ldap.5.xml:1776
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 "Per defecte: Paràmetres predeterminats del sistema, vegeu <filename>/etc/"
 "krb5.conf</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1755 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1782 sssd-krb5.5.xml:462
 msgid "krb5_canonicalize (boolean)"
 msgstr "krb5_canonicalize (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1785
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1770 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1797 sssd-krb5.5.xml:477
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr "krb5_use_kdcinfo (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1773 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1800 sssd-krb5.5.xml:480
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -6012,7 +6156,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1811 sssd-krb5.5.xml:491
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -6020,12 +6164,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1825
 msgid "ldap_pwd_policy (string)"
 msgstr "ldap_pwd_policy (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1828
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
@@ -6034,7 +6178,7 @@ msgstr ""
 "costat del client. S'admeten els valors següents:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1806
+#: sssd-ldap.5.xml:1833
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
@@ -6043,7 +6187,7 @@ msgstr ""
 "opció no inhabilita les polítiques de contrasenya de servidor."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1811
+#: sssd-ldap.5.xml:1838
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -6051,7 +6195,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1817
+#: sssd-ldap.5.xml:1844
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -6063,25 +6207,25 @@ msgstr ""
 "contrasenya."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1826
+#: sssd-ldap.5.xml:1853
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1861
 msgid "ldap_referrals (boolean)"
 msgstr "ldap_referrals (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1864
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 "Especifica si el seguiment automàtic del referenciador s'hauria d'habilitar."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1868
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
@@ -6090,7 +6234,7 @@ msgstr ""
 "quan es compila amb la versió 2.4.13 o superiors d'OpenLDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1873
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -6099,29 +6243,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1887
 msgid "ldap_dns_service_name (string)"
 msgstr "ldap_dns_service_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1890
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 "Especifica el nom de servei per utilitzar quan està habilitada la detecció "
 "de serveis."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1894
 msgid "Default: ldap"
 msgstr "Per defecte: ldap"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1900
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr "ldap_chpass_dns_service_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1876
+#: sssd-ldap.5.xml:1903
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
@@ -6131,30 +6275,30 @@ msgstr ""
 "dels serveis."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1881
+#: sssd-ldap.5.xml:1908
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 "Defecte: no definit, és a dir, el descobriment de serveis està inhabilitat"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1887
+#: sssd-ldap.5.xml:1914
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr "ldap_chpass_update_last_change (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1890
+#: sssd-ldap.5.xml:1917
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1902
+#: sssd-ldap.5.xml:1929
 msgid "ldap_access_filter (string)"
 msgstr "ldap_access_filter (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1932
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -6170,12 +6314,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1952
 msgid "Example:"
 msgstr "Exemple:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1928
+#: sssd-ldap.5.xml:1955
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -6184,44 +6328,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1959
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1937
-#, fuzzy
-#| msgid ""
-#| "Offline caching for this feature is limited to determining whether the "
-#| "user's last online login was granted access permission. If they were "
-#| "granted access during their last login, they will continue to be granted "
-#| "access while offline and vice-versa."
+#: sssd-ldap.5.xml:1964
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
 "access during their last login, they will continue to be granted access "
 "while offline and vice versa."
 msgstr ""
-"La memòria auxiliar sense connexió per a aquesta característica es limita a "
-"determinar si el darrer inici de sessió de l'usuari amb connexió es va "
-"concedir el permís d'accés. Si es va concedir l'accés durant el seu últim "
-"inici de sessió, es continuarà concedint l'accés mentre s'estigui "
-"desconnectat i viceversa."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1945 sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:1972 sssd-ldap.5.xml:2029
 msgid "Default: Empty"
 msgstr "Per defecte: Buit"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1951
+#: sssd-ldap.5.xml:1978
 msgid "ldap_account_expire_policy (string)"
 msgstr "ldap_account_expire_policy (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1981
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
@@ -6230,7 +6363,7 @@ msgstr ""
 "d'atributs de control d'accés."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1958
+#: sssd-ldap.5.xml:1985
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -6242,12 +6375,12 @@ msgstr ""
 "contrasenya és correcta."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1965
+#: sssd-ldap.5.xml:1992
 msgid "The following values are allowed:"
 msgstr "S'admeten els valors següents:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1995
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
@@ -6256,7 +6389,7 @@ msgstr ""
 "determinar si el compte ha caducat."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1973
+#: sssd-ldap.5.xml:2000
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -6265,7 +6398,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:2007
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -6273,7 +6406,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1986
+#: sssd-ldap.5.xml:2013
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -6282,7 +6415,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2022
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -6290,24 +6423,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2035
 msgid "ldap_access_order (string)"
 msgstr "ldap_access_order (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2011
+#: sssd-ldap.5.xml:2038
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 "Llista separada per comes d'opcions de control d'accés. Els valors permesos "
 "són:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2042
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr "<emphasis>filter</emphasis>: utilitza ldap_access_filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2045
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6317,14 +6450,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2028
+#: sssd-ldap.5.xml:2055
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2062
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6337,12 +6470,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2052
+#: sssd-ldap.5.xml:2079
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr "<emphasis>expire</emphasis>: utilitza ldap_account_expire_policy"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2056
+#: sssd-ldap.5.xml:2083
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -6352,7 +6485,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2093
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -6362,20 +6495,20 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2101
 msgid ""
 "Note If user password is expired no explicit message is prompted by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2105
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2083
+#: sssd-ldap.5.xml:2110
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
@@ -6384,17 +6517,37 @@ msgstr ""
 "authorizedService per determinar l'accés"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2115
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2092
+#: sssd-ldap.5.xml:2119
+#, fuzzy
+#| msgid ""
+#| "<emphasis>authorized_service</emphasis>: use the authorizedService "
+#| "attribute to determine access"
+msgid ""
+"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
+"remote host can access"
+msgstr ""
+"<emphasis>authorized_service</emphasis>: utilitza l'atribut "
+"authorizedService per determinar l'accés"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2123
+msgid ""
+"Please note, rhost field in pam is set by application, it is better to check "
+"what the application sends to pam, before enabling this access control option"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2128
 msgid "Default: filter"
 msgstr "Per defecte: filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2095
+#: sssd-ldap.5.xml:2131
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
@@ -6403,12 +6556,12 @@ msgstr ""
 "s'utilitza més d'una vegada."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2102
+#: sssd-ldap.5.xml:2138
 msgid "ldap_pwdlockout_dn (string)"
 msgstr "ldap_pwdlockout_dn (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2105
+#: sssd-ldap.5.xml:2141
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -6417,22 +6570,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2113
+#: sssd-ldap.5.xml:2149
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr "Exemple: cn=ppolicy,ou=policies,dc=exemple,dc=com"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2152
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr "Per defecte: cn=ppolicy,ou=policies,$ldap_search_base"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2122
+#: sssd-ldap.5.xml:2158
 msgid "ldap_deref (string)"
 msgstr "ldap_deref (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2125
+#: sssd-ldap.5.xml:2161
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
@@ -6441,13 +6594,13 @@ msgstr ""
 "es fa una cerca. S'admeten les opcions següents:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2130
+#: sssd-ldap.5.xml:2166
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 "<emphasis>never</emphasis>: les referències dels àlies mai són eliminades."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2134
+#: sssd-ldap.5.xml:2170
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
@@ -6457,7 +6610,7 @@ msgstr ""
 "de la cerca."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2139
+#: sssd-ldap.5.xml:2175
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
@@ -6466,7 +6619,7 @@ msgstr ""
 "només en localitzar l'objecte base de la cerca."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2144
+#: sssd-ldap.5.xml:2180
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
@@ -6475,7 +6628,7 @@ msgstr ""
 "en la recerca i en la localització de l'objecte base de la cerca."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2149
+#: sssd-ldap.5.xml:2185
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
@@ -6484,19 +6637,19 @@ msgstr ""
 "biblioteques de client LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2157
+#: sssd-ldap.5.xml:2193
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr "ldap_rfc2307_fallback_to_local_users (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2196
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2200
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -6507,7 +6660,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2175
+#: sssd-ldap.5.xml:2211
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -6515,26 +6668,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2223 sssd-ifp.5.xml:136
 #, fuzzy
 #| msgid "ldap_opt_timeout (integer)"
-msgid "wildcart_limit (integer)"
+msgid "wildcard_limit (integer)"
 msgstr "ldap_opt_timeout (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2226
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2194
+#: sssd-ldap.5.xml:2230
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2234
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
@@ -6555,12 +6708,12 @@ msgstr ""
 "\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2244
 msgid "SUDO OPTIONS"
 msgstr "OPCIONS DE SUDO"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2210
+#: sssd-ldap.5.xml:2246
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -6568,208 +6721,208 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2221
+#: sssd-ldap.5.xml:2257
 msgid "ldap_sudorule_object_class (string)"
 msgstr "ldap_sudorule_object_class (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2260
 msgid "The object class of a sudo rule entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2227
+#: sssd-ldap.5.xml:2263
 msgid "Default: sudoRole"
 msgstr "Per defecte: sudoRole"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2233
+#: sssd-ldap.5.xml:2269
 msgid "ldap_sudorule_name (string)"
 msgstr "ldap_sudorule_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2272
 msgid "The LDAP attribute that corresponds to the sudo rule name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2246
+#: sssd-ldap.5.xml:2282
 msgid "ldap_sudorule_command (string)"
 msgstr "ldap_sudorule_command (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2249
+#: sssd-ldap.5.xml:2285
 msgid "The LDAP attribute that corresponds to the command name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2253
+#: sssd-ldap.5.xml:2289
 msgid "Default: sudoCommand"
 msgstr "Per defecte: sudoCommand"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2259
+#: sssd-ldap.5.xml:2295
 msgid "ldap_sudorule_host (string)"
 msgstr "ldap_sudorule_host (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2262
+#: sssd-ldap.5.xml:2298
 msgid ""
 "The LDAP attribute that corresponds to the host name (or host IP address, "
 "host IP network, or host netgroup)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2303
 msgid "Default: sudoHost"
 msgstr "Per defecte: sudoHost"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2273
+#: sssd-ldap.5.xml:2309
 msgid "ldap_sudorule_user (string)"
 msgstr "ldap_sudorule_user (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2276
+#: sssd-ldap.5.xml:2312
 msgid ""
 "The LDAP attribute that corresponds to the user name (or UID, group name or "
 "user's netgroup)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2316
 msgid "Default: sudoUser"
 msgstr "Per defecte: sudoUser"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2286
+#: sssd-ldap.5.xml:2322
 msgid "ldap_sudorule_option (string)"
 msgstr "ldap_sudorule_option (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2289
+#: sssd-ldap.5.xml:2325
 msgid "The LDAP attribute that corresponds to the sudo options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2329
 msgid "Default: sudoOption"
 msgstr "Per defecte: sudoOption"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2335
 msgid "ldap_sudorule_runasuser (string)"
 msgstr "ldap_sudorule_runasuser (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2302
+#: sssd-ldap.5.xml:2338
 msgid ""
 "The LDAP attribute that corresponds to the user name that commands may be "
 "run as."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2306
+#: sssd-ldap.5.xml:2342
 msgid "Default: sudoRunAsUser"
 msgstr "Per defecte: sudoRunAsUser"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2312
+#: sssd-ldap.5.xml:2348
 msgid "ldap_sudorule_runasgroup (string)"
 msgstr "ldap_sudorule_runasgroup (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2351
 msgid ""
 "The LDAP attribute that corresponds to the group name or group GID that "
 "commands may be run as."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2319
+#: sssd-ldap.5.xml:2355
 msgid "Default: sudoRunAsGroup"
 msgstr "Per defecte: sudoRunAsGroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2361
 msgid "ldap_sudorule_notbefore (string)"
 msgstr "ldap_sudorule_notbefore (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2328
+#: sssd-ldap.5.xml:2364
 msgid ""
 "The LDAP attribute that corresponds to the start date/time for when the sudo "
 "rule is valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2332
+#: sssd-ldap.5.xml:2368
 msgid "Default: sudoNotBefore"
 msgstr "Per defecte: sudoNotBefore"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2338
+#: sssd-ldap.5.xml:2374
 msgid "ldap_sudorule_notafter (string)"
 msgstr "ldap_sudorule_notafter (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2341
+#: sssd-ldap.5.xml:2377
 msgid ""
 "The LDAP attribute that corresponds to the expiration date/time, after which "
 "the sudo rule will no longer be valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2346
+#: sssd-ldap.5.xml:2382
 msgid "Default: sudoNotAfter"
 msgstr "Per defecte: sudoNotAfter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2352
+#: sssd-ldap.5.xml:2388
 msgid "ldap_sudorule_order (string)"
 msgstr "ldap_sudorule_order (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2391
 msgid "The LDAP attribute that corresponds to the ordering index of the rule."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2359
+#: sssd-ldap.5.xml:2395
 msgid "Default: sudoOrder"
 msgstr "Per defecte: sudoOrder"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2365
+#: sssd-ldap.5.xml:2401
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr "ldap_sudo_full_refresh_interval (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2368
+#: sssd-ldap.5.xml:2404
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2373
+#: sssd-ldap.5.xml:2409
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2378
+#: sssd-ldap.5.xml:2414
 msgid "Default: 21600 (6 hours)"
 msgstr "Per defecte: 21600 (6 hores)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2420
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr "ldap_sudo_smart_refresh_interval (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387
+#: sssd-ldap.5.xml:2423
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest USN "
@@ -6777,101 +6930,101 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2429
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2403
+#: sssd-ldap.5.xml:2439
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr "ldap_sudo_use_host_filter (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2406
+#: sssd-ldap.5.xml:2442
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2417
+#: sssd-ldap.5.xml:2453
 msgid "ldap_sudo_hostnames (string)"
 msgstr "ldap_sudo_hostnames (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2420
+#: sssd-ldap.5.xml:2456
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2425
+#: sssd-ldap.5.xml:2461
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2430 sssd-ldap.5.xml:2453 sssd-ldap.5.xml:2471
-#: sssd-ldap.5.xml:2489
+#: sssd-ldap.5.xml:2466 sssd-ldap.5.xml:2489 sssd-ldap.5.xml:2507
+#: sssd-ldap.5.xml:2525
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2435 sssd-ldap.5.xml:2458
+#: sssd-ldap.5.xml:2471 sssd-ldap.5.xml:2494
 msgid "Default: not specified"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2477
 msgid "ldap_sudo_ip (string)"
 msgstr "ldap_sudo_ip (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2444
+#: sssd-ldap.5.xml:2480
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2449
+#: sssd-ldap.5.xml:2485
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2464
+#: sssd-ldap.5.xml:2500
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr "ldap_sudo_include_netgroups (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2467
+#: sssd-ldap.5.xml:2503
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2482
+#: sssd-ldap.5.xml:2518
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr "ldap_sudo_include_regexp (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2485
+#: sssd-ldap.5.xml:2521
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2501
+#: sssd-ldap.5.xml:2537
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -6880,111 +7033,111 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2547
 msgid "AUTOFS OPTIONS"
 msgstr "OPCIONS D'AUTOFS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2513
+#: sssd-ldap.5.xml:2549
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2555
 msgid "ldap_autofs_map_master_name (string)"
 msgstr "ldap_autofs_map_master_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2522
+#: sssd-ldap.5.xml:2558
 msgid "The name of the automount master map in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2525
+#: sssd-ldap.5.xml:2561
 msgid "Default: auto.master"
 msgstr "Per defecte: auto.master"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2532
+#: sssd-ldap.5.xml:2568
 msgid "ldap_autofs_map_object_class (string)"
 msgstr "ldap_autofs_map_object_class (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2535
+#: sssd-ldap.5.xml:2571
 msgid "The object class of an automount map entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2538
+#: sssd-ldap.5.xml:2574
 msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2546
+#: sssd-ldap.5.xml:2582
 msgid "ldap_autofs_map_name (string)"
 msgstr "ldap_autofs_map_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2549
+#: sssd-ldap.5.xml:2585
 msgid "The name of an automount map entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2552
+#: sssd-ldap.5.xml:2588
 msgid ""
 "Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2596
 msgid "ldap_autofs_entry_object_class (string)"
 msgstr "ldap_autofs_entry_object_class (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2563
+#: sssd-ldap.5.xml:2599
 msgid ""
 "The object class of an automount entry in LDAP. The entry usually "
 "corresponds to a mount point."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2568
+#: sssd-ldap.5.xml:2604
 msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2576
+#: sssd-ldap.5.xml:2612
 msgid "ldap_autofs_entry_key (string)"
 msgstr "ldap_autofs_entry_key (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2579 sssd-ldap.5.xml:2594
+#: sssd-ldap.5.xml:2615 sssd-ldap.5.xml:2630
 msgid ""
 "The key of an automount entry in LDAP. The entry usually corresponds to a "
 "mount point."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2583
+#: sssd-ldap.5.xml:2619
 msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2627
 msgid "ldap_autofs_entry_value (string)"
 msgstr "ldap_autofs_entry_value (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2598
+#: sssd-ldap.5.xml:2634
 msgid ""
 "Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
 "automountInformation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2517
+#: sssd-ldap.5.xml:2553
 msgid ""
 "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
 "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -6993,56 +7146,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2609
+#: sssd-ldap.5.xml:2645
 msgid "ADVANCED OPTIONS"
 msgstr "OPCIONS AVANÇADES"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2616
+#: sssd-ldap.5.xml:2652
 msgid "ldap_netgroup_search_base (string)"
 msgstr "ldap_netgroup_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2621
+#: sssd-ldap.5.xml:2657
 msgid "ldap_user_search_base (string)"
 msgstr "ldap_user_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2626
+#: sssd-ldap.5.xml:2662
 msgid "ldap_group_search_base (string)"
 msgstr "ldap_group_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2631
+#: sssd-ldap.5.xml:2667
 msgid "<note>"
 msgstr "<note>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2633
+#: sssd-ldap.5.xml:2669
 msgid ""
-"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
+"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
 "memberships, even with no GID mapping. It is recommended to disable this "
 "feature, if group names are not being displayed correctly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2640
+#: sssd-ldap.5.xml:2676
 msgid "</note>"
 msgstr "</note>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2642
+#: sssd-ldap.5.xml:2678
 msgid "ldap_sudo_search_base (string)"
 msgstr "ldap_sudo_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2647
+#: sssd-ldap.5.xml:2683
 msgid "ldap_autofs_search_base (string)"
 msgstr "ldap_autofs_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2611
+#: sssd-ldap.5.xml:2647
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -7050,8 +7203,15 @@ msgid ""
 "\"variablelist\" id=\"1\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2698 sssd-simple.5.xml:131 sssd-ipa.5.xml:717
+#: sssd-ad.5.xml:1018 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+msgid "EXAMPLE"
+msgstr "EXEMPLE"
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2664
+#: sssd-ldap.5.xml:2700
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -7062,7 +7222,7 @@ msgstr ""
 "replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2670
+#: sssd-ldap.5.xml:2706
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7075,26 +7235,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2669 sssd-ldap.5.xml:2687 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:681 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 include/ldap_id_mapping.xml:105
+#: sssd-ldap.5.xml:2705 sssd-ldap.5.xml:2723 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2681
+#: sssd-ldap.5.xml:2717
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2683
+#: sssd-ldap.5.xml:2719
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2688
+#: sssd-ldap.5.xml:2724
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7110,13 +7271,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2703 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2739 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1041 sssd.8.xml:195 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "NOTES"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2705
+#: sssd-ldap.5.xml:2741
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -7140,17 +7301,6 @@ msgstr "Mòdul de PAM per SSSD"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: pam_sss.8.xml:22
-#, fuzzy
-#| msgid ""
-#| "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-#| "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-#| "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-#| "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-#| "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> "
-#| "</arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> "
-#| "</arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</"
-#| "replaceable> </arg> <arg choice='opt'> <replaceable>domains=X</"
-#| "replaceable> </arg>"
 msgid ""
 "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
 "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
@@ -7163,14 +7313,6 @@ msgid ""
 "choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg "
 "choice='opt'> <replaceable>prompt_always</replaceable> </arg>"
 msgstr ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: pam_sss.8.xml:58
@@ -7325,10 +7467,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:166
-#, fuzzy
-#| msgid "<option>domains</option>"
 msgid "<option>allow_missing_name</option>"
-msgstr "<option>domains</option>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:170
@@ -7358,10 +7498,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:190
-#, fuzzy
-#| msgid "<option>domains</option>"
 msgid "<option>prompt_always</option>"
-msgstr "<option>domains</option>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:194
@@ -7741,9 +7879,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:45
 msgid ""
-"The rules are process by priority while the number '0' (zero)  indicates the "
-"highest priority. The higher the number the lower is the priority. A missing "
-"value indicates the lowest priority."
+"The rules are processed by priority while the number '0' (zero)  indicates "
+"the highest priority. The higher the number the lower is the priority. A "
+"missing value indicates the lowest priority."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
@@ -7827,7 +7965,7 @@ msgstr ""
 #: sss-certmap.5.xml:112
 msgid ""
 "This option can be used to specify which key usage values the certificate "
-"should have. The following value can be used in a comma separate list:"
+"should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
@@ -8180,15 +8318,9 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:66
-#, fuzzy
-#| msgid ""
-#| "The following expansions are supported: <placeholder type=\"variablelist"
-#| "\" id=\"0\"/>"
 msgid ""
 "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
-"S'admeten les següents ampliacions: <placeholder type=\"variablelist\" id="
-"\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sss-certmap.5.xml:336
@@ -8210,7 +8342,7 @@ msgid ""
 "exception is the proxy provider which is not of relevance here). Because of "
 "this the mapping rule is based on LDAP search filter syntax with templates "
 "to add certificate content to the filter. It is expected that the filter "
-"will only contain the specific data needed for the mapping an that the "
+"will only contain the specific data needed for the mapping and that the "
 "caller will embed it in another filter to do the actual search. Because of "
 "this the filter string should start and stop with '(' and ')' respectively."
 msgstr ""
@@ -8230,8 +8362,8 @@ msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
 "is that the user specific data in LDAP might change for various reasons "
-"would would break the mapping. On the other hand it would be hard to break "
-"the mapping on purpose for a specific user."
+"would break the mapping. On the other hand it would be hard to break the "
+"mapping on purpose for a specific user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -8325,7 +8457,7 @@ msgstr ""
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
-"represent the first part of the principal before the '@' sign."
+"represents the first part of the principal before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -8343,8 +8475,8 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:459
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by pkinit. The 'short_name' component represent the first part of the "
+"This template will add the Kerberos principal which is given by the SAN used "
+"by pkinit. The 'short_name' component represents the first part of the "
 "principal before the '@' sign."
 msgstr ""
 
@@ -8363,9 +8495,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:473
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by AD. The 'short_name' component represent the first part of the "
-"principal before the '@' sign."
+"This template will add the Kerberos principal which is given by the SAN used "
+"by AD. The 'short_name' component represent the first part of the principal "
+"before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -8378,7 +8510,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
-"represent the first part of the address before the '@' sign."
+"represents the first part of the address before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -8398,7 +8530,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
-"component represent the first part of the name before the first '.' sign."
+"component represents the first part of the name before the first '.' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -8514,7 +8646,7 @@ msgstr ""
 #: sss-certmap.5.xml:367
 msgid ""
 "The templates to add certificate data to the search filter are based on "
-"Python-style formatting strings. They consists of a keyword in curly braces "
+"Python-style formatting strings. They consist of a keyword in curly braces "
 "with an optional sub-component specifier separated by a '.' or an optional "
 "conversion/formatting option separated by a '!'.  Allowed values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -8522,10 +8654,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sss-certmap.5.xml:590
-#, fuzzy
-#| msgid "DOMAIN SECTIONS"
 msgid "DOMAIN LIST"
-msgstr "SECCIONS DE DOMINI"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:592
@@ -8647,20 +8777,25 @@ msgstr "ipa_hostname (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:113
+#, fuzzy
+#| msgid ""
+#| "Optional. May be set on machines where the hostname(5) does not reflect "
+#| "the fully qualified name used in the IPA domain to identify this host."
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
+"fully qualified name used in the IPA domain to identify this host.  The "
+"hostname must be fully qualified."
 msgstr ""
 "Opcional. Es pot definir en màquines on el hostname(5) no reflecteix el nom "
 "complet utilitzat en el domini d'IPA per identificar aquest amfitrió."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121 sssd-ad.5.xml:843
+#: sssd-ipa.5.xml:122 sssd-ad.5.xml:843
 msgid "dyndns_update (boolean)"
 msgstr "dyndns_update (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:125
 msgid ""
 "Optional. This option tells SSSD to automatically update the DNS server "
 "built into FreeIPA with the IP address of this client. The update is secured "
@@ -8670,14 +8805,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:133 sssd-ad.5.xml:857
+#: sssd-ipa.5.xml:134 sssd-ad.5.xml:857
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:139
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_update</"
@@ -8685,12 +8820,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:150 sssd-ad.5.xml:868
+#: sssd-ipa.5.xml:151 sssd-ad.5.xml:868
 msgid "dyndns_ttl (integer)"
 msgstr "dyndns_ttl (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:153 sssd-ad.5.xml:871
+#: sssd-ipa.5.xml:154 sssd-ad.5.xml:871
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -8698,7 +8833,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:159
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
@@ -8706,17 +8841,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:164
+#: sssd-ipa.5.xml:165
 msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:170 sssd-ad.5.xml:882
+#: sssd-ipa.5.xml:171 sssd-ad.5.xml:882
 msgid "dyndns_iface (string)"
 msgstr "dyndns_iface (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173 sssd-ad.5.xml:885
+#: sssd-ipa.5.xml:174 sssd-ad.5.xml:885
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -8725,7 +8860,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180
+#: sssd-ipa.5.xml:181
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -8733,28 +8868,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:186
-#, fuzzy
-#| msgid "Default: Use the IP address of the IPA LDAP connection"
+#: sssd-ipa.5.xml:187
 msgid ""
 "Default: Use the IP addresses of the interface which is used for IPA LDAP "
 "connection"
-msgstr "Per defecte: Utilitzar l'adreça IP de la connexió LDAP d'IPA"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:190 sssd-ad.5.xml:896
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:896
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196 sssd-ad.5.xml:947
-#, fuzzy
-#| msgid "dyndns_iface (string)"
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:947
 msgid "dyndns_auth (string)"
-msgstr "dyndns_iface (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199 sssd-ad.5.xml:950
+#: sssd-ipa.5.xml:200 sssd-ad.5.xml:950
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -8762,24 +8893,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:205 sssd-ad.5.xml:956
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:956
 msgid "Default: GSS-TSIG"
-msgstr "Per defecte: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:212
 msgid "ipa_enable_dns_sites (boolean)"
 msgstr "ipa_enable_dns_sites (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:197
+#: sssd-ipa.5.xml:215 sssd-ad.5.xml:197
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:218
+#: sssd-ipa.5.xml:219
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, then the SSSD will first attempt location "
@@ -8791,12 +8920,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:237 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:238 sssd-ad.5.xml:902
 msgid "dyndns_refresh_interval (integer)"
 msgstr "dyndns_refresh_interval (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:240
+#: sssd-ipa.5.xml:241
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -8804,236 +8933,284 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:920
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:920
 msgid "dyndns_update_ptr (bool)"
 msgstr "dyndns_update_ptr (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:923
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:923
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:261
+#: sssd-ipa.5.xml:262
 msgid ""
 "This option should be False in most IPA deployments as the IPA server "
 "generates the PTR records automatically when forward records are changed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:268
 msgid "Default: False (disabled)"
 msgstr "Per defecte: False (inhabilitat)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273 sssd-ad.5.xml:934
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:934
 msgid "dyndns_force_tcp (bool)"
 msgstr "dyndns_force_tcp (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276 sssd-ad.5.xml:937
+#: sssd-ipa.5.xml:277 sssd-ad.5.xml:937
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:941
+#: sssd-ipa.5.xml:281 sssd-ad.5.xml:941
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:286 sssd-ad.5.xml:962
-#, fuzzy
-#| msgid "dyndns_iface (string)"
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:962
 msgid "dyndns_server (string)"
-msgstr "dyndns_iface (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:289 sssd-ad.5.xml:965
+#: sssd-ipa.5.xml:290 sssd-ad.5.xml:965
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:294 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:295 sssd-ad.5.xml:970
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:299 sssd-ad.5.xml:975
+#: sssd-ipa.5.xml:300 sssd-ad.5.xml:975
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:304 sssd-ad.5.xml:980
+#: sssd-ipa.5.xml:305 sssd-ad.5.xml:980
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:310
-msgid "ipa_hbac_search_base (string)"
-msgstr "ipa_hbac_search_base (cadena)"
+#: sssd-ipa.5.xml:311
+#, fuzzy
+#| msgid "ipa_views_search_base (string)"
+msgid "ipa_deskprofile_search_base (string)"
+msgstr "ipa_views_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Optional. Use the given string as search base for HBAC related objects."
+#: sssd-ipa.5.xml:314
+msgid ""
+"Optional. Use the given string as search base for Desktop Profile related "
+"objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:317
+#: sssd-ipa.5.xml:318 sssd-ipa.5.xml:331
 msgid "Default: Use base DN"
 msgstr "Per defecte: Utilitza el DN base"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:324
+msgid "ipa_hbac_search_base (string)"
+msgstr "ipa_hbac_search_base (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:327
+msgid "Optional. Use the given string as search base for HBAC related objects."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:337
 msgid "ipa_host_search_base (string)"
 msgstr "ipa_host_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:326
+#: sssd-ipa.5.xml:340
 msgid "Optional. Use the given string as search base for host objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:330 sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 sssd-ipa.5.xml:387
-#: sssd-ipa.5.xml:406
+#: sssd-ipa.5.xml:344 sssd-ipa.5.xml:363 sssd-ipa.5.xml:382 sssd-ipa.5.xml:401
+#: sssd-ipa.5.xml:420
 msgid ""
 "See <quote>ldap_search_base</quote> for information about configuring "
 "multiple search bases."
 msgstr ""
 
 #. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:335 sssd-ipa.5.xml:354 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 include/ldap_search_bases.xml:27
 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 msgstr "Per defecte: el valor de <emphasis>ldap_search_base</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:356
 msgid "ipa_selinux_search_base (string)"
 msgstr "ipa_selinux_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:345
+#: sssd-ipa.5.xml:359
 msgid "Optional. Use the given string as search base for SELinux user maps."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:375
 msgid "ipa_subdomains_search_base (string)"
 msgstr "ipa_subdomains_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364
+#: sssd-ipa.5.xml:378
 msgid "Optional. Use the given string as search base for trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:373
+#: sssd-ipa.5.xml:387
 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:380
+#: sssd-ipa.5.xml:394
 msgid "ipa_master_domain_search_base (string)"
 msgstr "ipa_master_domain_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:383
+#: sssd-ipa.5.xml:397
 msgid "Optional. Use the given string as search base for master domain object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:406
 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:399
+#: sssd-ipa.5.xml:413
 msgid "ipa_views_search_base (string)"
 msgstr "ipa_views_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:402
+#: sssd-ipa.5.xml:416
 msgid "Optional. Use the given string as search base for views containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:411
+#: sssd-ipa.5.xml:425
 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:435
 msgid ""
 "The name of the Kerberos realm. This is optional and defaults to the value "
 "of <quote>ipa_domain</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:425
+#: sssd-ipa.5.xml:439
 msgid ""
 "The name of the Kerberos realm has a special meaning in IPA - it is "
 "converted into the base DN to use for performing LDAP operations."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:433 sssd-ad.5.xml:989
+#: sssd-ipa.5.xml:447 sssd-ad.5.xml:989
 msgid "krb5_confd_path (string)"
 msgstr "krb5_confd_path (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:436 sssd-ad.5.xml:992
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:992
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:440 sssd-ad.5.xml:996
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:996
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:444 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1000
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:465
+#, fuzzy
+#| msgid "ipa_hbac_refresh (integer)"
+msgid "ipa_deskprofile_refresh (integer)"
 msgstr "ipa_hbac_refresh (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:468
 msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server. This will reduce the latency and load on the IPA server if there "
+"are many desktop profiles requests made in a short period."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ipa.5.xml:477 sssd-ad.5.xml:408
+#: sssd-ipa.5.xml:475 sssd-ipa.5.xml:505 sssd-ipa.5.xml:521 sssd-ad.5.xml:408
 msgid "Default: 5 (seconds)"
 msgstr "Per defecte: 5 (segons)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:481
+#, fuzzy
+#| msgid "ldap_sudo_full_refresh_interval (integer)"
+msgid "ipa_deskprofile_request_interval (integer)"
+msgstr "ldap_sudo_full_refresh_interval (enter)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:484
+msgid ""
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server in case the last request did not return any rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:489
+#, fuzzy
+#| msgid "Default: 900 (15 minutes)"
+msgid "Default: 60 (minutes)"
+msgstr "Per defecte: 900 (15 minuts)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:495
+msgid "ipa_hbac_refresh (integer)"
+msgstr "ipa_hbac_refresh (enter)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:498
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:511
 msgid "ipa_hbac_selinux (integer)"
 msgstr "ipa_hbac_selinux (enter)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:470
+#: sssd-ipa.5.xml:514
 msgid ""
 "The amount of time between lookups of the SELinux maps against the IPA "
 "server. This will reduce the latency and load on the IPA server if there are "
@@ -9041,194 +9218,192 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:527
 msgid "ipa_server_mode (boolean)"
 msgstr "ipa_server_mode (booleà)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:486
+#: sssd-ipa.5.xml:530
 msgid ""
 "This option will be set by the IPA installer (ipa-server-install) "
 "automatically and denotes if SSSD is running on an IPA server or not."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:535
 msgid ""
 "On an IPA server SSSD will lookup users and groups from trusted domains "
 "directly while on a client it will ask an IPA server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:502
+#: sssd-ipa.5.xml:546
 msgid "ipa_automount_location (string)"
 msgstr "ipa_automount_location (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:505
+#: sssd-ipa.5.xml:549
 msgid "The automounter location this IPA client will be using"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508
+#: sssd-ipa.5.xml:552
 msgid "Default: The location named \"default\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:516
+#: sssd-ipa.5.xml:560
 msgid "VIEWS AND OVERRIDES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:525
+#: sssd-ipa.5.xml:569
 msgid "ipa_view_class (string)"
 msgstr "ipa_view_class (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:572
 msgid "Objectclass of the view container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:575
 msgid "Default: nsContainer"
 msgstr "Per defecte: nsContainer"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:537
+#: sssd-ipa.5.xml:581
 msgid "ipa_view_name (string)"
 msgstr "ipa_view_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:540
+#: sssd-ipa.5.xml:584
 msgid "Name of the attribute holding the name of the view."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:550
-#, fuzzy
-#| msgid "ipa_overide_object_class (string)"
+#: sssd-ipa.5.xml:594
 msgid "ipa_override_object_class (string)"
-msgstr "ipa_overide_object_class (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:597
 msgid "Objectclass of the override objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:556
+#: sssd-ipa.5.xml:600
 msgid "Default: ipaOverrideAnchor"
 msgstr "Per defecte: ipaOverrideAnchor"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:606
 msgid "ipa_anchor_uuid (string)"
 msgstr "ipa_anchor_uuid (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:565
+#: sssd-ipa.5.xml:609
 msgid ""
 "Name of the attribute containing the reference to the original object in a "
 "remote domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:613
 msgid "Default: ipaAnchorUUID"
 msgstr "Per defecte: ipaAnchorUUID"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:619
 msgid "ipa_user_override_object_class (string)"
 msgstr "ipa_user_override_object_class (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:578
+#: sssd-ipa.5.xml:622
 msgid ""
 "Name of the objectclass for user overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:583
+#: sssd-ipa.5.xml:627
 msgid "User overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:586
+#: sssd-ipa.5.xml:630
 msgid "ldap_user_name"
 msgstr "ldap_user_name"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:589
+#: sssd-ipa.5.xml:633
 msgid "ldap_user_uid_number"
 msgstr "ldap_user_uid_number"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:592
+#: sssd-ipa.5.xml:636
 msgid "ldap_user_gid_number"
 msgstr "ldap_user_gid_number"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:595
+#: sssd-ipa.5.xml:639
 msgid "ldap_user_gecos"
 msgstr "ldap_user_gecos"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:598
+#: sssd-ipa.5.xml:642
 msgid "ldap_user_home_directory"
 msgstr "ldap_user_home_directory"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:601
+#: sssd-ipa.5.xml:645
 msgid "ldap_user_shell"
 msgstr "ldap_user_shell"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:604
+#: sssd-ipa.5.xml:648
 msgid "ldap_user_ssh_public_key"
 msgstr "ldap_user_ssh_public_key"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:653
 msgid "Default: ipaUserOverride"
 msgstr "Per defecte: ipaUserOverride"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:615
+#: sssd-ipa.5.xml:659
 msgid "ipa_group_override_object_class (string)"
 msgstr "ipa_group_override_object_class (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:618
+#: sssd-ipa.5.xml:662
 msgid ""
 "Name of the objectclass for group overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:623
+#: sssd-ipa.5.xml:667
 msgid "Group overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:626
+#: sssd-ipa.5.xml:670
 msgid "ldap_group_name"
 msgstr "ldap_group_name"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:629
+#: sssd-ipa.5.xml:673
 msgid "ldap_group_gid_number"
 msgstr "ldap_group_gid_number"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
+#: sssd-ipa.5.xml:678
 msgid "Default: ipaGroupOverride"
 msgstr "Per defecte: ipaGroupOverride"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:518
+#: sssd-ipa.5.xml:562
 msgid ""
 "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
 "later version. Since all paths and objectclasses are fixed on the server "
@@ -9238,19 +9413,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:646
+#: sssd-ipa.5.xml:690
 msgid "SUBDOMAINS PROVIDER"
 msgstr "PROVEÏDOR DELS SUBDOMINIS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:692
 msgid ""
 "The IPA subdomains provider behaves slightly differently if it is configured "
 "explicitly or implicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:652
+#: sssd-ipa.5.xml:696
 msgid ""
 "If the option 'subdomains_provider = ipa' is found in the domain section of "
 "sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -9258,7 +9433,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:658
+#: sssd-ipa.5.xml:702
 msgid ""
 "If the option 'subdomains_provider' is not set in the domain section of sssd."
 "conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -9270,7 +9445,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:675
+#: sssd-ipa.5.xml:719
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -9282,7 +9457,7 @@ msgstr ""
 "específiques del proveïdor IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:682
+#: sssd-ipa.5.xml:726
 #, no-wrap
 msgid ""
 "[domain/example.com]\n"
@@ -9429,10 +9604,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:127
-#, fuzzy
-#| msgid "ad_domain (string)"
 msgid "ad_enabled_domains (string)"
-msgstr "ad_domain (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:130
@@ -9444,16 +9617,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
 #: sssd-ad.5.xml:140
-#, fuzzy, no-wrap
-#| msgid ""
-#| "ad_gpo_map_deny = +my_pam_service\n"
-#| "                            "
+#, no-wrap
 msgid ""
 "ad_enabled_domains = sales.example.com, eng.example.com\n"
 "                            "
 msgstr ""
-"ad_gpo_map_deny = +my_pam_service\n"
-"                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:136
@@ -9834,10 +10002,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sssd-ad.5.xml:500
-#, fuzzy
-#| msgid "kdm"
 msgid "xdm"
-msgstr "kdm"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:509
@@ -10187,34 +10353,28 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:819
-#, fuzzy
-#| msgid "Default: 300"
 msgid "Default: 30 days"
-msgstr "Per defecte: 300"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:825
-#, fuzzy
-#| msgid "pam_account_expired_message (string)"
 msgid "ad_machine_account_password_renewal_opts (string)"
-msgstr "pam_account_expired_message (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:828
 msgid ""
 "This option should only be used to test the machine account renewal task. "
-"The option expect 2 integers seperated by a colon (':'). The first integer "
+"The option expects 2 integers separated by a colon (':'). The first integer "
 "defines the interval in seconds how often the task is run. The second "
-"specifies the inital timeout in seconds before the task is run for the first "
-"time after startup."
+"specifies the initial timeout in seconds before the task is run for the "
+"first time after startup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:837
-#, fuzzy
-#| msgid "Default: 86400 (24 hours)"
 msgid "Default: 86400:750 (24h and 15m)"
-msgstr "Per defecte: 86400 (24 hores)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:846
@@ -10234,12 +10394,10 @@ msgstr "Per defecte: 3600 (segons)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:892
-#, fuzzy
-#| msgid "Default: Use the IP address of the IPA LDAP connection"
 msgid ""
 "Default: Use the IP addresses of the interface which is used for AD LDAP "
 "connection"
-msgstr "Per defecte: Utilitzar l'adreça IP de la connexió LDAP d'IPA"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:905
@@ -10326,8 +10484,8 @@ msgid ""
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
+#. type: Content of: <reference><refentry><refmeta><refentrytitle>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
 msgid "sssd-sudo"
 msgstr "sssd-sudo"
 
@@ -10684,12 +10842,12 @@ msgid "Run in the foreground, don't become a daemon."
 msgstr "Executa en primer pla, no esdevinguis un dimoni."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117 sss_debuglevel.8.xml:42
+#: sssd.8.xml:117
 msgid "<option>-c</option>,<option>--config</option>"
 msgstr "<option>-c</option>,<option>--config</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121 sss_debuglevel.8.xml:46
+#: sssd.8.xml:121
 msgid ""
 "Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
 "conf</filename>. For reference on the config file syntax and options, "
@@ -10904,10 +11062,8 @@ msgstr "Per defecte: <filename>/etc/sssd/sssd.conf</filename>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_override.8.xml:10 sss_override.8.xml:15
-#, fuzzy
-#| msgid "sss_userdel"
 msgid "sss_override"
-msgstr "sss_userdel"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_override.8.xml:16
@@ -10916,19 +11072,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_override.8.xml:21
-#, fuzzy
-#| msgid ""
-#| "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-#| "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-#| "arg>"
 msgid ""
 "<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</"
 "replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
 "arg>"
 msgstr ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>opcions</"
-"replaceable> </arg> <arg choice='plain'><replaceable>USUARI</replaceable></"
-"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:32
@@ -10984,11 +11132,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:80
-#, fuzzy
-#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
 msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
 msgstr ""
-"<option>--delattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:85
@@ -11000,16 +11145,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:94
-#, fuzzy
-#| msgid ""
-#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-#| "replaceable>"
 msgid ""
 "<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
 "optional>"
 msgstr ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMINI</"
-"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:99
@@ -11020,11 +11159,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:107
-#, fuzzy
-#| msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
 msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
 msgstr ""
-"<option>--setattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:112
@@ -11095,11 +11231,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:177
-#, fuzzy
-#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
 msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
 msgstr ""
-"<option>--delattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:182
@@ -11111,16 +11244,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:191
-#, fuzzy
-#| msgid ""
-#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-#| "replaceable>"
 msgid ""
 "<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
 "optional>"
 msgstr ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMINI</"
-"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:196
@@ -11188,10 +11315,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sss_override.8.xml:261 sssctl.8.xml:50
-#, fuzzy
-#| msgid "SUDO OPTIONS"
 msgid "COMMON OPTIONS"
-msgstr "OPCIONS DE SUDO"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:263 sssctl.8.xml:52
@@ -11200,11 +11325,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:268 sssctl.8.xml:57
-#, fuzzy
-#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
 msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
 msgstr ""
-"<option>--delattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_useradd.8.xml:10 sss_useradd.8.xml:15
@@ -12332,21 +12454,12 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_cache.8.xml:31
-#, fuzzy
-#| msgid ""
-#| "<command>sss_cache</command> invalidates records in SSSD cache.  "
-#| "Invalidated records are forced to be reloaded from server as soon as "
-#| "related SSSD backend is online."
 msgid ""
 "<command>sss_cache</command> invalidates records in SSSD cache.  Invalidated "
 "records are forced to be reloaded from server as soon as related SSSD "
 "backend is online. Options that invalidate a single object only accept a "
 "single provided argument."
 msgstr ""
-"<command>sss_cache</command> invalida els registres a la memòria cau de "
-"l'SSSD. Els registres invalidats es veuen obligats a recarregar-se des del "
-"servidor tan aviat com la capa d'accés de dades implicada de l'SSSD estigui "
-"en línia."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:43
@@ -12355,12 +12468,8 @@ msgstr "<option>-E</option>,<option>--everything</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:47
-#, fuzzy
-#| msgid "Invalidate all cached entries except for sudo rules."
 msgid "Invalidate all cached entries."
 msgstr ""
-"Invalida totes les entrades de la memòria cau amb l'excepció de les regles "
-"sudo."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:53
@@ -12530,44 +12639,27 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:186
-#, fuzzy
-#| msgid ""
-#| "<option>-g</option>,<option>--group</option> <replaceable>group</"
-#| "replaceable>"
 msgid ""
 "<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
 "replaceable>"
 msgstr ""
-"<option>-g</option>,<option>--group</option> <replaceable>grup</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:191
-#, fuzzy
-#| msgid "Invalidate all cached entries except for sudo rules."
 msgid "Invalidate particular sudo rule."
 msgstr ""
-"Invalida totes les entrades de la memòria cau amb l'excepció de les regles "
-"sudo."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:197
-#, fuzzy
-#| msgid "<option>-U</option>,<option>--users</option>"
 msgid "<option>-R</option>,<option>--sudo-rules</option>"
-msgstr "<option>-U</option>,<option>--users</option>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:201
-#, fuzzy
-#| msgid ""
-#| "Invalidate all user records. This option overrides invalidation of "
-#| "specific user if it was also set."
 msgid ""
 "Invalidate all cached sudo rules. This option overrides invalidation of "
 "specific sudo rule if it was also set."
 msgstr ""
-"Invalida tots els registres dels usuaris. Aquesta opció anul·la la "
-"invalidació d'un usuari específic, si també es va especificar."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:209
@@ -12590,7 +12682,9 @@ msgstr "sss_debuglevel"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_debuglevel.8.xml:16
-msgid "change debug level while SSSD is running"
+#, fuzzy
+#| msgid "change debug level while SSSD is running"
+msgid "[DEPRECATED] change debug level while SSSD is running"
 msgstr "canvia el nivell de depuració mentre s'està executant l'SSSD"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
@@ -12607,18 +12701,10 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_debuglevel.8.xml:32
 msgid ""
-"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
-"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
-"running."
+"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl "
+"debug-level command. Please refer to the <command>sssctl</command> man page "
+"for more information on sssctl usage."
 msgstr ""
-"<command>sss_debuglevel</command> canvia el nivell de depuració del monitor "
-"i dels proveïdors de l'SSSD monitor al <replaceable>NOU_NIVELL_DE_DEPURACIÓ</"
-"replaceable> mentre s'està executant l'SSSD."
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_debuglevel.8.xml:59
-msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
-msgstr "<replaceable>NOU_NIVELL_DE_DEPURACIÓ</replaceable>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_seed.8.xml:10 sss_seed.8.xml:15
@@ -13117,7 +13203,7 @@ msgstr ""
 "sss.  <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <refsect1><title>
-#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:182 include/seealso.xml:2
+#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:180 include/seealso.xml:2
 msgid "SEE ALSO"
 msgstr "VEGEU TAMBÉ"
 
@@ -13170,14 +13256,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_ssh_authorizedkeys.1.xml:41
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of LDAP domains for "
-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry>.  Refer to the <quote>FILE FORMAT</quote> "
-#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax "
-#| "information."
 msgid ""
 "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
 "citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
@@ -13186,12 +13264,6 @@ msgid ""
 "<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
 "manvolnum></citerefentry> man page for more details about this option."
 msgstr ""
-"En aquesta pàgina del manual es descriu la configuració de dominis LDAP per "
-"a <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>. Consulteu la secció <quote>FORMAT DE FITXER</"
-"quote> de la pàgina del manual <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> per obtenir "
-"informació detallada de la sintaxi."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sss_ssh_authorizedkeys.1.xml:59
@@ -13308,14 +13380,12 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: idmap_sss.8.xml:10 idmap_sss.8.xml:15
-#, fuzzy
-#| msgid "pam_sss"
 msgid "idmap_sss"
-msgstr "pam_sss"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: idmap_sss.8.xml:16
-msgid "SSSSD's idmap_sss Backend for Winbind"
+msgid "SSSD's idmap_sss Backend for Winbind"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
@@ -13327,10 +13397,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: idmap_sss.8.xml:29
-#, fuzzy
-#| msgid "SUDO OPTIONS"
 msgid "IDMAP OPTIONS"
-msgstr "OPCIONS DE SUDO"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: idmap_sss.8.xml:33
@@ -13344,13 +13412,6 @@ msgid ""
 "authoritative."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><title>
-#: idmap_sss.8.xml:43
-#, fuzzy
-#| msgid "EXAMPLE"
-msgid "EXAMPLES"
-msgstr "EXEMPLE"
-
 #. type: Content of: <reference><refentry><refsect1><para>
 #: idmap_sss.8.xml:45
 msgid ""
@@ -13382,19 +13443,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sssctl.8.xml:21
-#, fuzzy
-#| msgid ""
-#| "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-#| "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-#| "arg>"
 msgid ""
 "<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</"
 "replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
 "arg>"
 msgstr ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>opcions</"
-"replaceable> </arg> <arg choice='plain'><replaceable>USUARI</replaceable></"
-"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssctl.8.xml:32
@@ -13416,28 +13469,16 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-files.5.xml:10 sssd-files.5.xml:16
-#, fuzzy
-#| msgid "sssd-simple"
 msgid "sssd-files"
-msgstr "sssd-simple"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-files.5.xml:17
-#, fuzzy
-#| msgid "SSSD IPA provider"
 msgid "SSSD files provider"
-msgstr "Proveïdor d'IPA de l'SSSD"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:23
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the IPA provider for "
-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry>.  For a detailed syntax reference, refer to "
-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> manual page."
 msgid ""
 "This manual page describes the files provider for <citerefentry> "
 "<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -13445,24 +13486,9 @@ msgid ""
 "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
-"En aquesta pàgina del manual es descriu la configuració del proveïdor IPA "
-"per a <citerefentry><refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry>.  Per una referència detallada sintaxi, aneu a la "
-"secció de <quote>FORMAT DE FITXER</quote> de la pàgina del manual "
-"<citerefentry>d'<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:36
-#, fuzzy
-#| msgid ""
-#| "These options can be used to configure the sudo service.  The detailed "
-#| "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
-#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with "
-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry> are in the manual page <citerefentry> "
-#| "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry>."
 msgid ""
 "The files provider mirrors the content of the <citerefentry> "
 "<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -13473,22 +13499,9 @@ msgid ""
 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>."
 msgstr ""
-"Es poden utilitzar aquestes opcions per configurar el servei del sudo. Les "
-"instruccions detallades per la configuració del <citerefentry> "
-"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
-"perquè funcioni amb <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> estan en la pàgina del manual "
-"<citerefentry> <refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:59
-#, fuzzy
-#| msgid ""
-#| "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> manual page for details on the configuration of an SSSD "
-#| "domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
 "The files provider has no specific options of its own, however, generic SSSD "
 "domain options can be set where applicable.  Refer to the section "
@@ -13496,25 +13509,13 @@ msgid ""
 "conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
 "for details on the configuration of an SSSD domain."
 msgstr ""
-"Per a més informació sobre la configuració d'un domini SSSD, consulteu la "
-"secció <quote>SECCIONS DELS DOMINIS</quote> de la pàgina del manual "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>. <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:73
-#, fuzzy
-#| msgid ""
-#| "The following example assumes that SSSD is correctly configured and LDAP "
-#| "is set to one of the domains in the <replaceable>[domains]</replaceable> "
-#| "section."
 msgid ""
 "The following example assumes that SSSD is correctly configured and files is "
 "one of the domains in the <replaceable>[sssd]</replaceable> section."
 msgstr ""
-"L'exemple següent presuposa que l'SSSD està correctament configurat i l'LDAP "
-"està definit com a un dels dominis a la secció <replaceable>[domains]</"
-"replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sssd-files.5.xml:79
@@ -13526,28 +13527,16 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-secrets.5.xml:10 sssd-secrets.5.xml:16
-#, fuzzy
-#| msgid "sssd-simple"
 msgid "sssd-secrets"
-msgstr "sssd-simple"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-secrets.5.xml:17
-#, fuzzy
-#| msgid "SSSD InfoPipe responder"
 msgid "SSSD Secrets responder"
-msgstr "contestador de l'InfoPipe de l'SSSD"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-secrets.5.xml:23
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the InfoPipe responder "
-#| "for <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry>.  For a detailed syntax reference, refer to "
-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> manual page."
 msgid ""
 "This manual page describes the configuration of the Secrets responder for "
 "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
@@ -13555,12 +13544,6 @@ msgid ""
 "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
-"En aquesta pàgina del manual es descriu la configuració del contestador de "
-"l'InfoPipe per a <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>. Per a una referència detallada de "
-"la sintaxi, consulteu la secció <quote>FORMAT DEL FITXER</quote> de la "
-"pàgina del manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-secrets.5.xml:36
@@ -13594,20 +13577,63 @@ msgid ""
 "nested."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:69
+msgid "secrets"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:70
+msgid "secrets for general usage"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:73
+#, fuzzy
+#| msgid "kdm"
+msgid "kcm"
+msgstr "kdm"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:75
+#, fuzzy
+#| msgid ""
+#| "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
+#| "<manvolnum>8</manvolnum> </citerefentry> to specify the default "
+#| "permissions on a newly created home directory."
+msgid ""
+"used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> service."
+msgstr ""
+"Utilitzat per <citerefentry><refentrytitle>sss_useradd</refentrytitle> "
+"<manvolnum>8</manvolnum></citerefentry> per especificar els permisos per "
+"defecte en un directori inicial acabat de crear."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:61
+msgid ""
+"Since the secrets responder can be used both externally to store general "
+"secrets, as described in the rest of this man page, but also internally by "
+"other SSSD components to store their secret material, some configuration "
+"options, like quotas can be configured per <quote>hive</quote> in a "
+"configuration subsection named after the hive. The currently supported hives "
+"are: <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:63
+#: sssd-secrets.5.xml:89
 msgid "USING THE SECRETS RESPONDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:65
+#: sssd-secrets.5.xml:91
 msgid ""
 "The UNIX socket the SSSD responder listens on is located at <filename>/var/"
 "run/secrets.socket</filename>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:84 sssd-kcm.8.xml:132
+#: sssd-secrets.5.xml:110
 #, no-wrap
 msgid ""
 "systemctl start sssd-secrets.socket\n"
@@ -13617,7 +13643,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:69
+#: sssd-secrets.5.xml:95
 msgid ""
 "The secrets responder is socket-activated by <citerefentry> "
 "<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </"
@@ -13632,14 +13658,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:96
-#, fuzzy
-#| msgid ""
-#| "NOTE: Must be used in conjunction with the <quote>pam_trusted_users</"
-#| "quote> and <quote>pam_public_domains</quote> options.  Please see the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page for more information on these two "
-#| "PAM responder options."
+#: sssd-secrets.5.xml:122
 msgid ""
 "The generic SSSD responder options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the secrets responder.  Please refer "
@@ -13647,26 +13666,28 @@ msgid ""
 "manvolnum> </citerefentry> manual page for a complete list. In addition, "
 "there are some secrets-specific options as well."
 msgstr ""
-"NOTA: Ha d'utilitzar-se juntament amb les opcions <quote>pam_trusted_users</"
-"quote> i <quote>pam_public_domains</quote>. Si us plau, vegeu la pàgina del "
-"manual de <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> per a més informació sobre aquestes "
-"dues opcions del contestador del PAM."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:132
+msgid ""
+"The secrets responder is configured with a global <quote>[secrets]</quote> "
+"section and an optional per-user <quote>[secrets/users/$uid]</quote> section "
+"in <filename>sssd.conf</filename>. Please note that some options, notably as "
+"the provider type, can only be specified in the per-user subsections."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:107
-#, fuzzy
-#| msgid "id_provider (string)"
+#: sssd-secrets.5.xml:141
 msgid "provider (string)"
-msgstr "id_provider (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:120
+#: sssd-secrets.5.xml:157
 msgid "local"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:123
+#: sssd-secrets.5.xml:160
 msgid ""
 "The secrets are stored in a local database, encrypted at rest with a master "
 "key. The local provider does not have any additional config options at the "
@@ -13674,161 +13695,192 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:131
+#: sssd-secrets.5.xml:168
 msgid "proxy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:134
+#: sssd-secrets.5.xml:171
 msgid ""
 "The secrets responder forwards the requests to a Custodia server. The proxy "
 "provider supports several additional options (see below)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:110
+#: sssd-secrets.5.xml:144
 msgid ""
 "This option specifies where should the secrets be stored. The secrets "
-"responder can configure a per-user subsections that define which provider "
-"store the secrets for this particular user. The per-user subsections should "
-"contain all options for that user's provider. If a per-user section does not "
-"exist, the global settings from the secret responder's section are used.  "
-"The following providers are supported: <placeholder type=\"variablelist\" id="
-"\"0\"/>"
+"responder can configure a per-user subsections (e.g. <quote>[secrets/"
+"users/123]</quote> - see bottom of this manual page for a full example using "
+"Custodia for a particular user) that define which provider store the secrets "
+"for this particular user. The per-user subsections should contain all "
+"options for that user's provider. Please note that currently the global "
+"provider is always local, the proxy provider can only be specified in a per-"
+"user section. The following providers are supported: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:143
-#, fuzzy
-#| msgid "Default: ldap"
+#: sssd-secrets.5.xml:180
 msgid "Default: local"
-msgstr "Per defecte: ldap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:186
+msgid ""
+"The following options affect only the secrets <quote>hive</quote> and "
+"therefore should be set in a per-hive subsection. Setting the option to 0 "
+"means \"unlimited\"."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:148
-#, fuzzy
-#| msgid "ldap_group_nesting_level (integer)"
+#: sssd-secrets.5.xml:192
 msgid "containers_nest_level (integer)"
-msgstr "ldap_group_nesting_level (enter)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:151
+#: sssd-secrets.5.xml:195
 msgid "This option specifies the maximum allowed number of nested containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:155
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-secrets.5.xml:199
 msgid "Default: 4"
-msgstr "Per defecte: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:160
-#, fuzzy
-#| msgid "timeout (integer)"
+#: sssd-secrets.5.xml:204
 msgid "max_secrets (integer)"
-msgstr "timeout (enter)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:163
-msgid "This option specifies the maximum number of secrets that can be stored."
+#: sssd-secrets.5.xml:207
+msgid ""
+"This option specifies the maximum number of secrets that can be stored in "
+"the hive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:167
-#, fuzzy
-#| msgid "Default: 10"
-msgid "Default: 1024"
-msgstr "Per defecte: 10"
+#: sssd-secrets.5.xml:211
+msgid "Default: 1024 (secrets hive), 256 (kcm hive)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:172
+#: sssd-secrets.5.xml:216
 #, fuzzy
-#| msgid "ldap_page_size (integer)"
+#| msgid "pam_id_timeout (integer)"
+msgid "max_uid_secrets (integer)"
+msgstr "pam_id_timeout (enter)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:219
+msgid ""
+"This option specifies the maximum number of secrets that can be stored per-"
+"UID in the hive."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:223
+msgid "Default: 256 (secrets hive), 64 (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:228
 msgid "max_payload_size (integer)"
-msgstr "ldap_page_size (enter)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:175
+#: sssd-secrets.5.xml:231
 msgid ""
 "This option specifies the maximum payload size allowed for a secret payload "
 "in kilobytes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:179
-#, fuzzy
-#| msgid "Default: 1"
-msgid "Default: 16"
-msgstr "Per defecte: 1"
+#: sssd-secrets.5.xml:235
+msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-secrets.5.xml:244
+#, no-wrap
+msgid ""
+"[secrets/secrets]\n"
+"max_payload_size = 128\n"
+"\n"
+"[secrets/kcm]\n"
+"max_payload_size = 256\n"
+"            "
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:185
+#: sssd-secrets.5.xml:241
+msgid ""
+"For example, to adjust quotas differently for both the <quote>secrets</"
+"quote> and the <quote>kcm</quote> hives, configure the following: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:252
 msgid ""
 "The following options are only applicable for configurations that use the "
 "<quote>proxy</quote> provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:190
-#, fuzzy
-#| msgid "proxy_lib_name (string)"
+#: sssd-secrets.5.xml:257
 msgid "proxy_url (string)"
-msgstr "proxy_lib_name (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:193
+#: sssd-secrets.5.xml:260
 msgid ""
 "The URL the Custodia server is listening on. At the moment, http and https "
 "protocols are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:200
-#, fuzzy
-#| msgid "ldap[s]://&lt;host&gt;[:port]"
+#: sssd-secrets.5.xml:267
 msgid "http[s]://&lt;host&gt;[:port]"
-msgstr "ldap[s]://&lt;host&gt;[:port]"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:203
+#: sssd-secrets.5.xml:270
 msgid "Example: http://localhost:8080"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:208
-#, fuzzy
-#| msgid "auth_provider (string)"
+#: sssd-secrets.5.xml:275
 msgid "auth_type (string)"
-msgstr "auth_provider (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:211
+#: sssd-secrets.5.xml:278
 msgid ""
 "The method to use when authenticating to a Custodia server. The following "
 "authentication methods are supported:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:216
+#: sssd-secrets.5.xml:283
 msgid "basic_auth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:219
+#: sssd-secrets.5.xml:286
 msgid ""
 "Authenticate with a username and a password as set in the <quote>username</"
 "quote> and <quote>password</quote> options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:226
+#: sssd-secrets.5.xml:293
 msgid "header"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:229
+#: sssd-secrets.5.xml:296
 msgid ""
 "Authenticate with HTTP header value as defined in the "
 "<quote>auth_header_name</quote> and <quote>auth_header_value</quote> "
@@ -13836,14 +13888,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:240
-#, fuzzy
-#| msgid "ldap_user_name (string)"
+#: sssd-secrets.5.xml:307
 msgid "auth_header_name (string)"
-msgstr "ldap_user_name (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:243
+#: sssd-secrets.5.xml:310
 msgid ""
 "If set, the secrets responder would put a header with this name into the "
 "HTTP request with the value defined in the <quote>auth_header_value</quote> "
@@ -13851,95 +13901,81 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:248
+#: sssd-secrets.5.xml:315
 msgid "Example: MYSECRETNAME"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:253
-#, fuzzy
-#| msgid "ldap_autofs_entry_value (string)"
+#: sssd-secrets.5.xml:320
 msgid "auth_header_value (string)"
-msgstr "ldap_autofs_entry_value (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:256
+#: sssd-secrets.5.xml:323
 msgid ""
 "The value sssd-secrets would use for the <quote>auth_header_name</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:260
-#, fuzzy
-#| msgid "Example:"
+#: sssd-secrets.5.xml:327
 msgid "Example: mysecret"
-msgstr "Exemple:"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:265
-#, fuzzy
-#| msgid "override_homedir (string)"
+#: sssd-secrets.5.xml:332
 msgid "forward_headers (list of strings)"
-msgstr "override_homedir (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:268
+#: sssd-secrets.5.xml:335
 msgid ""
 "The list of HTTP headers to forward to the Custodia server together with the "
 "request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:277
-#, fuzzy
-#| msgid "try_inotify (boolean)"
+#: sssd-secrets.5.xml:344
 msgid "verify_peer (boolean)"
-msgstr "try_inotify (booleà)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:280
+#: sssd-secrets.5.xml:347
 msgid ""
 "Whether peer's certificate should be verified and valid if HTTPS protocol is "
 "used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:289
-#, fuzzy
-#| msgid "try_inotify (boolean)"
+#: sssd-secrets.5.xml:356
 msgid "verify_host (boolean)"
-msgstr "try_inotify (booleà)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:292
+#: sssd-secrets.5.xml:359
 msgid ""
 "Whether peer's hostname must match with hostname in its certificate if HTTPS "
 "protocol is used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:302
-#, fuzzy
-#| msgid "krb5_confd_path (string)"
+#: sssd-secrets.5.xml:369
 msgid "capath (string)"
-msgstr "krb5_confd_path (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:305
+#: sssd-secrets.5.xml:372
 msgid ""
 "Path to directory containing stored certificate authority certificates. "
 "System default path is used if this option is not set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:315
-#, fuzzy
-#| msgid "user (string)"
+#: sssd-secrets.5.xml:382
 msgid "cacert (string)"
-msgstr "user (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:318
+#: sssd-secrets.5.xml:385
 msgid ""
 "Path to file containing server's certificate authority certificate. If this "
 "option is not set then the CA's certificate is looked up in <quote>capath</"
@@ -13947,14 +13983,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:328
-#, fuzzy
-#| msgid "user (string)"
+#: sssd-secrets.5.xml:395
 msgid "cert (string)"
-msgstr "user (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:331
+#: sssd-secrets.5.xml:398
 msgid ""
 "Path to file containing client's certificate if required by the server. This "
 "file may also contain private key or the private key may be in separate file "
@@ -13962,24 +13996,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:342
-#, fuzzy
-#| msgid "user (string)"
+#: sssd-secrets.5.xml:409
 msgid "key (string)"
-msgstr "user (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:345
+#: sssd-secrets.5.xml:412
 msgid "Path to file containing client's private key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:355
+#: sssd-secrets.5.xml:422
 msgid "USING THE REST API"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:357
+#: sssd-secrets.5.xml:424
 msgid ""
 "This section lists the available commands and includes examples using the "
 "<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> "
@@ -13994,19 +14026,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:374
+#: sssd-secrets.5.xml:441
 msgid "Listing secrets"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:377
+#: sssd-secrets.5.xml:444
 msgid ""
 "To list the available secrets, send a HTTP GET request with a trailing slash "
 "appended to the container path."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:383
+#: sssd-secrets.5.xml:450
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -14016,19 +14048,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:391
+#: sssd-secrets.5.xml:458
 msgid "Retrieving a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:394
+#: sssd-secrets.5.xml:461
 msgid ""
 "To read a value of a single secret, send a HTTP GET request without a "
 "trailing slash. The last portion of the URI is the name of the secret."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:401
+#: sssd-secrets.5.xml:468
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -14038,7 +14070,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:406
+#: sssd-secrets.5.xml:473
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -14048,21 +14080,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:399
-#, fuzzy
-#| msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+#: sssd-secrets.5.xml:466
 msgid ""
 "Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
 "\"programlisting\" id=\"1\"/>"
-msgstr "Exemple: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:414
+#: sssd-secrets.5.xml:481
 msgid "Setting a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:417
+#: sssd-secrets.5.xml:484
 msgid ""
 "To set a secret using the <quote>application/json</quote> type, send a HTTP "
 "PUT request with a JSON payload that includes type and value. The type "
@@ -14071,14 +14101,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:425
+#: sssd-secrets.5.xml:492
 msgid ""
 "The <quote>application/json</quote> type just sends the secret as the "
 "message payload."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:434
+#: sssd-secrets.5.xml:501
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -14089,7 +14119,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:440
+#: sssd-secrets.5.xml:507
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -14100,7 +14130,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:429
+#: sssd-secrets.5.xml:496
 msgid ""
 "The following example sets a secret named 'foo' to a value of 'foosecret' "
 "and a secret named 'bar' to a value of 'barsecret' using a different Content "
@@ -14109,14 +14139,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:449
-#, fuzzy
-#| msgid "Default: nsContainer"
+#: sssd-secrets.5.xml:516
 msgid "Creating a container"
-msgstr "Per defecte: nsContainer"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:452
+#: sssd-secrets.5.xml:519
 msgid ""
 "Containers provide an additional namespace for this user's secrets. To "
 "create a container, send a HTTP POST request, whose URI ends with the "
@@ -14124,7 +14152,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:462
+#: sssd-secrets.5.xml:529
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -14134,20 +14162,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:459
-#, fuzzy
-#| msgid ""
-#| "The following example shows a minimal idmapd.conf which makes use of the "
-#| "sss plugin.  <placeholder type=\"programlisting\" id=\"0\"/>"
+#: sssd-secrets.5.xml:526
 msgid ""
 "The following example creates a container named 'mycontainer': <placeholder "
 "type=\"programlisting\" id=\"0\"/>"
 msgstr ""
-"En el següent exemple es mostra un idmapd.conf mínim que fa ús del connector "
-"sss.  <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:471
+#: sssd-secrets.5.xml:538
 #, no-wrap
 msgid ""
 "http://localhost/secrets/mycontainer/mysecret\n"
@@ -14155,28 +14177,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:468
+#: sssd-secrets.5.xml:535
 msgid ""
 "To manipulate secrets under this container, just nest the secrets underneath "
 "the container path: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:477
-#, fuzzy
-#| msgid "delete a user account"
+#: sssd-secrets.5.xml:544
 msgid "Deleting a secret or a container"
-msgstr "suprimeix el compte d'un usuari"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:480
+#: sssd-secrets.5.xml:547
 msgid ""
 "To delete a secret or a container, send a HTTP DELETE request with a path to "
 "the secret or the container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:486
+#: sssd-secrets.5.xml:553
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -14186,25 +14206,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:484
-#, fuzzy
-#| msgid ""
-#| "The following expansions are supported: <placeholder type=\"variablelist"
-#| "\" id=\"0\"/>"
+#: sssd-secrets.5.xml:551
 msgid ""
 "The following example deletes a secret named 'foo'.  <placeholder type="
 "\"programlisting\" id=\"0\"/>"
 msgstr ""
-"S'admeten les següents ampliacions: <placeholder type=\"variablelist\" id="
-"\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:496
+#: sssd-secrets.5.xml:563
 msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:498
+#: sssd-secrets.5.xml:565
 msgid ""
 "For testing the proxy provider, you need to set up a Custodia server to "
 "proxy requests to. Please always consult the Custodia documentation, the "
@@ -14212,7 +14226,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:509
+#: sssd-secrets.5.xml:576
 #, no-wrap
 msgid ""
 "[global]\n"
@@ -14242,7 +14256,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:503
+#: sssd-secrets.5.xml:570
 msgid ""
 "This configuration will set up a Custodia server listening on http://"
 "localhost:8080, allowing anyone with header named MYSECRETNAME set to "
@@ -14252,14 +14266,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:535
+#: sssd-secrets.5.xml:602
 msgid ""
 "Then run the <replaceable>custodia</replaceable> command, pointing it at the "
 "config file as a command line argument."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:539
+#: sssd-secrets.5.xml:606
 msgid ""
 "Please note that currently it's not possible to proxy all requests globally "
 "to a Custodia instance. Instead, per-user subsections for user IDs that "
@@ -14270,7 +14284,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><programlisting>
-#: sssd-secrets.5.xml:547
+#: sssd-secrets.5.xml:614
 #, no-wrap
 msgid ""
 "[secrets]\n"
@@ -14285,11 +14299,91 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
+#: sssd-session-recording.5.xml:16
+msgid "sssd-session-recording"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-session-recording.5.xml:17
+msgid "Configuring session recording with SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:23
 #, fuzzy
-#| msgid "sssd-krb5"
+#| msgid ""
+#| "This manual page describes the configuration of the simple access-control "
+#| "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
+#| "<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax "
+#| "reference, refer to the <quote>FILE FORMAT</quote> section of the "
+#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> manual page."
+msgid ""
+"This manual page describes how to configure <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to "
+"implement user session recording on text terminals.  For a detailed "
+"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> "
+"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+"En aquesta pàgina del manual es descriu la configuració del proveïdor de "
+"control d'accés simple per a <citerefentry> <refentrytitle>sssd</"
+"refentrytitle> <manvolnum>8</manvolnum></citerefentry>.  Per a una "
+"referència detallada de la sintaxi, aneu a la secció <quote>FORMAT DEL "
+"FITXER</quote> de la pàgina del manual <citerefentry> <refentrytitle>sssd."
+"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:41
+msgid ""
+"SSSD can be set up to enable recording of everything specific users see or "
+"type during their sessions on text terminals. E.g.  when users log in on the "
+"console, or via SSH. SSSD itself doesn't record anything, but makes sure "
+"tlog-rec-session is started upon user login, so it can record according to "
+"its configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:48
+msgid ""
+"For users with session recording enabled, SSSD replaces the user shell with "
+"tlog-rec-session in NSS responses, and adds a variable specifying the "
+"original shell to the user environment, upon PAM session setup. This way "
+"tlog-rec-session can be started in place of the user shell, and know which "
+"actual shell to start, once it set up the recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:60
+#, fuzzy
+#| msgid "These options can be used to configure the PAC responder."
+msgid "These options can be used to configure the session recording."
+msgstr ""
+"Es poden utilitzar aquestes opcions per configurar el contestador del PAC."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:146
+msgid ""
+"The following snippet of sssd.conf enables session recording for users "
+"\"contractor1\" and \"contractor2\", and group \"students\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-session-recording.5.xml:151
+#, no-wrap
+msgid ""
+"[session_recording]\n"
+"scope = some\n"
+"users = contractor1, contractor2\n"
+"groups = students\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
 msgid "sssd-kcm"
-msgstr "sssd-krb5"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-kcm.8.xml:17
@@ -14347,20 +14441,12 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 #: sssd-kcm.8.xml:61
-#, fuzzy
-#| msgid ""
-#| "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> for more information on configuring Kerberos."
 msgid ""
 "the SSSD implementation stores the ccaches in the SSSD <citerefentry> "
 "<refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</manvolnum> </"
 "citerefentry> secrets store, allowing the ccaches to survive KCM server "
 "restarts or machine reboots."
 msgstr ""
-"<quote>krb5</quote> per a l'autenticació Kerberos. Vegeu "
-"<citerefentry><refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> per a més informació sobre configurar Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-kcm.8.xml:69
@@ -14386,12 +14472,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-kcm.8.xml:78
-#, fuzzy
-#| msgid ""
-#| "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> manual page for details on the configuration of an SSSD "
-#| "domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
 "In order to use KCM credential cache, it must be selected as the default "
 "credential type in <citerefentry> <refentrytitle>krb5.conf</"
@@ -14399,10 +14479,6 @@ msgid ""
 "cache name must be only <quote>KCM:</quote> without any template "
 "expansions.  For example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
-"Per a més informació sobre la configuració d'un domini SSSD, consulteu la "
-"secció <quote>SECCIONS DELS DOMINIS</quote> de la pàgina del manual "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>. <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-kcm.8.xml:91
@@ -14421,7 +14497,6 @@ msgstr ""
 msgid ""
 "systemctl start sssd-kcm.socket\n"
 "systemctl enable sssd-kcm.socket\n"
-"systemctl enable sssd-kcm.service\n"
 "            "
 msgstr ""
 
@@ -14438,12 +14513,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-kcm.8.xml:123
+#: sssd-kcm.8.xml:122
 msgid "THE CREDENTIAL CACHE STORAGE"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:131
+#, no-wrap
+msgid ""
+"systemctl start sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.socket\n"
+"            "
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:125
+#: sssd-kcm.8.xml:124
 msgid ""
 "The credential caches are stored in the SSSD secrets service (see "
 "<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
@@ -14454,15 +14538,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:143
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the simple access-control "
-#| "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-#| "<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax "
-#| "reference, refer to the <quote>FILE FORMAT</quote> section of the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page."
+#: sssd-kcm.8.xml:141
 msgid ""
 "The KCM service is configured in the <quote>kcm</quote> section of the sssd."
 "conf file. Please note that currently, is it not sufficient to restart the "
@@ -14473,22 +14549,9 @@ msgid ""
 "<quote>FILE FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd."
 "conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
-"En aquesta pàgina del manual es descriu la configuració del proveïdor de "
-"control d'accés simple per a <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum></citerefentry>.  Per a una "
-"referència detallada de la sintaxi, aneu a la secció <quote>FORMAT DEL "
-"FITXER</quote> de la pàgina del manual <citerefentry> <refentrytitle>sssd."
-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:157
-#, fuzzy
-#| msgid ""
-#| "NOTE: Must be used in conjunction with the <quote>pam_trusted_users</"
-#| "quote> and <quote>pam_public_domains</quote> options.  Please see the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page for more information on these two "
-#| "PAM responder options."
+#: sssd-kcm.8.xml:155
 msgid ""
 "The generic SSSD service options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the kcm service.  Please refer to "
@@ -14496,44 +14559,426 @@ msgid ""
 "manvolnum> </citerefentry> manual page for a complete list. In addition, "
 "there are some KCM-specific options as well."
 msgstr ""
-"NOTA: Ha d'utilitzar-se juntament amb les opcions <quote>pam_trusted_users</"
-"quote> i <quote>pam_public_domains</quote>. Si us plau, vegeu la pàgina del "
-"manual de <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> per a més informació sobre aquestes "
-"dues opcions del contestador del PAM."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-kcm.8.xml:168
-#, fuzzy
-#| msgid "skel_dir (string)"
+#: sssd-kcm.8.xml:166
 msgid "socket_path (string)"
-msgstr "skel_dir (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:171
+#: sssd-kcm.8.xml:169
 msgid "The socket the KCM service will listen on."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:174
+#: sssd-kcm.8.xml:172
 msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:184
-#, fuzzy
-#| msgid ""
-#| "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</"
-#| "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</"
-#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>"
+#: sssd-kcm.8.xml:182
 msgid ""
 "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>,"
 msgstr ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry>"
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
+#, fuzzy
+#| msgid "sssd-simple"
+msgid "sssd-systemtap"
+msgstr "sssd-simple"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-systemtap.5.xml:17
+msgid "SSSD systemtap information"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:23
+#, fuzzy
+#| msgid ""
+#| "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
+#| "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> for more information on configuring LDAP."
+msgid ""
+"This manual page provides information about the systemtap functionality in "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+"<quote>ldap</quote> per autenticació nativa LDAP. Vegeu "
+"<citerefentry><refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> per a més informació sobre configuració d'LDAP."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:32
+msgid ""
+"SystemTap Probe points have been added into various locations in SSSD code "
+"to assist in troubleshooting and analyzing performance related issues."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:40
+msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:46
+msgid ""
+"Probes and miscellaneous functions are defined in /usr/share/systemtap/"
+"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp "
+"respectively."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-systemtap.5.xml:57
+msgid "PROBE POINTS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:341
+msgid ""
+"The information below lists the probe points and arguments available in the "
+"following format:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:64
+#, fuzzy
+#| msgid "realm name"
+msgid "probe $name"
+msgstr "nom real"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:67
+msgid "Description of probe point"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:70
+#, no-wrap
+msgid ""
+"variable1:datatype\n"
+"variable2:datatype\n"
+"variable3:datatype\n"
+"...\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:80
+msgid "Database Transaction Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:84
+msgid "probe sssd_transaction_start"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:87
+msgid ""
+"Start of a sysdb transaction, probes the sysdb_transaction_start() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118
+#: sssd-systemtap.5.xml:131
+#, no-wrap
+msgid ""
+"nesting:integer\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:97
+msgid "probe sssd_transaction_cancel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:100
+msgid ""
+"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel()  "
+"function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:111
+msgid "probe sssd_transaction_commit_before"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:114
+msgid "Probes the sysdb_transaction_commit_before()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:124
+msgid "probe sssd_transaction_commit_after"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:127
+msgid "Probes the sysdb_transaction_commit_after()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:141
+msgid "LDAP Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:145
+msgid "probe sdap_search_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:148
+msgid "Probes the sdap_get_generic_ext_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:152 sssd-systemtap.5.xml:167 sssd-systemtap.5.xml:196
+#, no-wrap
+msgid ""
+"base:string\n"
+"scope:integer\n"
+"filter:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:160
+msgid "probe sdap_search_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:163
+msgid "Probes the sdap_get_generic_ext_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:175
+msgid "probe sdap_deref_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:178
+msgid "Probes the sdap_deref_search_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:182
+#, no-wrap
+msgid ""
+"base_dn:string\n"
+"deref_attr:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:189
+msgid "probe sdap_deref_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:192
+msgid "Probes the sdap_deref_search_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:208
+msgid "LDAP Account Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:212
+msgid "probe sdap_acct_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:215
+msgid "Probes the sdap_acct_req_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:219 sssd-systemtap.5.xml:234
+#, no-wrap
+msgid ""
+"entry_type:int\n"
+"filter_type:int\n"
+"filter_value:string\n"
+"extra_value:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:227
+msgid "probe sdap_acct_req_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:230
+msgid "Probes the sdap_acct_req_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:246
+msgid "LDAP User Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:250
+msgid "probe sdap_search_user_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:253
+msgid "Probes the sdap_search_user_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
+#: sssd-systemtap.5.xml:293
+#, fuzzy, no-wrap
+#| msgid ""
+#| "fallback_homedir = /home/%u\n"
+#| "                            "
+msgid ""
+"filter:string\n"
+"                       "
+msgstr ""
+"fallback_homedir = /home/%u\n"
+"                            "
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:262
+msgid "probe sdap_search_user_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:265
+msgid "Probes the sdap_search_user_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:274
+msgid "probe sdap_search_user_save_begin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:277
+msgid "Probes the sdap_search_user_save_begin()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:286
+msgid "probe sdap_search_user_save_end"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:289
+msgid "Probes the sdap_search_user_save_end()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:302
+msgid "Data Provider Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:306
+msgid "probe dp_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:309
+msgid "A Data Provider request is submitted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:312
+#, no-wrap
+msgid ""
+"dp_req_domain:string\n"
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:320
+msgid "probe dp_req_done"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:323
+msgid "A Data Provider request is completed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:326
+#, no-wrap
+msgid ""
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"dp_ret:int\n"
+"dp_errorstr:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:339
+msgid "MISCELLANEOUS FUNCTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:346
+msgid "function acct_req_desc(entry_type)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:349
+msgid "Convert entry_type to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:354
+msgid ""
+"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
+"filter_value, extra_value)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:358
+msgid "Create probe string based on filter type"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:363
+msgid "function dp_target_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:366
+msgid "Convert target to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:371
+msgid "function dp_method_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:374
+msgid "Convert method to string and return string"
+msgstr ""
 
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
@@ -14603,16 +15048,10 @@ msgstr ""
 
 #. type: Content of: <refentryinfo>
 #: include/upstream.xml:2
-#, fuzzy
-#| msgid ""
-#| "<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-#| "fedorahosted.org/sssd</orgname>"
 msgid ""
 "<productname>SSSD</productname> <orgname>The SSSD upstream - https://pagure."
 "io/SSSD/sssd/</orgname>"
 msgstr ""
-"<productname>SSSD</productname> <orgname>La línia de desenvolupament "
-"principal de l'SSSD - http://fedorahosted.org/sssd</orgname>"
 
 #. type: Content of: outside any tag (error?)
 #: include/upstream.xml:1
@@ -14690,6 +15129,84 @@ msgid ""
 "offline mode, and then attempts to reconnect every 30 seconds."
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:53
+msgid "Failover time outs and tuning"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:55
+msgid ""
+"Resolving a server to connect to can be as simple as running a single DNS "
+"query or can involve several steps, such as finding the correct site or "
+"trying out multiple host names in case some of the configured servers are "
+"not reachable. The more complex scenarios can take some time and SSSD needs "
+"to balance between providing enough time to finish the resolution process "
+"but on the other hand, not trying for too long before falling back to "
+"offline mode. If the SSSD debug logs show that the server resolution is "
+"timing out before a live server is contacted, you can consider changing the "
+"time outs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:76
+#, fuzzy
+#| msgid "dns_resolver_timeout (integer)"
+msgid "dns_resolver_op_timeout"
+msgstr "dns_resolver_timeout (enter)"
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:80
+msgid "How long would SSSD talk to a single DNS server."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:86
+#, fuzzy
+#| msgid "dns_resolver_timeout (integer)"
+msgid "dns_resolver_timeout"
+msgstr "dns_resolver_timeout (enter)"
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:90
+msgid ""
+"How long would SSSD try to resolve a failover service. This service "
+"resolution internally might include several steps, such as resolving DNS SRV "
+"queries or locating the site."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:67
+#, fuzzy
+#| msgid ""
+#| "All of the common configuration options that apply to SSSD domains also "
+#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
+#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details.  "
+#| "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgid ""
+"This section lists the available tunables. Please refer to their description "
+"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, manual page.  <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+"Totes les opcions comunes de configuració que s'apliquen als dominis SSD "
+"també s'apliquen als dominis LDAP. Referiu-vos a la secció <quote>SECCIONS "
+"DE DOMINI</quote> de la pàgina de manual de <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> per a tots els detalls.  <placeholder type=\"variablelist\" id="
+"\"0\"/>"
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:100
+msgid ""
+"For LDAP-based providers, the resolve operation is performed as part of an "
+"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"quote> timeout should be set to a larger value than "
+"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
+"value than <quote>dns_resolver_op_timeout</quote>."
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/ldap_id_mapping.xml:2
 msgid "ID MAPPING"
@@ -14979,10 +15496,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
 #: include/ldap_id_mapping.xml:249
-#, fuzzy
-#| msgid "ldap_idmap_range_size (integer)"
 msgid "ldap_idmap_helper_table_size (integer)"
-msgstr "ldap_idmap_range_size (enter)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
 #: include/ldap_id_mapping.xml:252
@@ -15151,19 +15666,11 @@ msgstr ""
 
 #. type: Content of: <listitem><para>
 #: include/debug_levels.xml:38 include/debug_levels_tools.xml:19
-#, fuzzy
-#| msgid ""
-#| "<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. "
-#| "An error that doesn't kill the SSSD, but one that indicates that at least "
-#| "one major feature is not going to work properly."
 msgid ""
 "<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
 "error that doesn't kill SSSD, but one that indicates that at least one major "
 "feature is not going to work properly."
 msgstr ""
-"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Fallides crítiques. Un "
-"error que no mata a l'SSSD, però un que indica que almenys hi ha una "
-"característica important que no funcionarà correctament."
 
 #. type: Content of: <listitem><para>
 #: include/debug_levels.xml:45 include/debug_levels_tools.xml:26
@@ -15321,48 +15828,6 @@ msgstr ""
 
 #. type: Content of: <refsect1><para>
 #: include/seealso.xml:4
-#, fuzzy
-#| msgid ""
-#| "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</"
-#| "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</"
-#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </"
-#| "citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> "
-#| "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
-#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
-#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
-#| "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> "
-#| "<citerefentry> <refentrytitle>sss_ssh_authorizedkeys</refentrytitle> "
-#| "<manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
-#| "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry>, </phrase> <citerefentry> "
-#| "<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-#| "citerefentry>.  <citerefentry> <refentrytitle>sss_rpcidmapd</"
-#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>"
 msgid ""
 "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
@@ -15378,75 +15843,38 @@ msgid ""
 "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> "
 "<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+"citerefentry>, </phrase> <citerefentry> <refentrytitle>sssd-session-"
+"recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, "
+"<citerefentry> <refentrytitle>sss_cache</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
-"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
+"\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
 "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>.  <citerefentry> "
 "<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
+"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
+"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> </phrase>"
 msgstr ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> "
-"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
-"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
-"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>.  <citerefentry> "
-"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
 
 #. type: Content of: <listitem><para>
 #: include/ldap_search_bases.xml:3
@@ -15602,10 +16030,8 @@ msgstr "Per defecte: /home"
 
 #. type: Content of: <refsect1><title>
 #: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2
-#, fuzzy
-#| msgid "GENERAL OPTIONS"
 msgid "MODIFIED DEFAULT OPTIONS"
-msgstr "OPCIONS GENERALS"
+msgstr ""
 
 #. type: Content of: <refsect1><para>
 #: include/ad_modified_defaults.xml:4
@@ -15617,80 +16043,58 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9
-#, fuzzy
-#| msgid "SSSD IPA provider"
 msgid "KRB5 Provider"
-msgstr "Proveïdor d'IPA de l'SSSD"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13
-#, fuzzy
-#| msgid "krb5_validate (boolean)"
 msgid "krb5_validate = true"
-msgstr "krb5_validate (booleà)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:18
-#, fuzzy
-#| msgid "krb5_use_enterprise_principal (boolean)"
 msgid "krb5_use_enterprise_principal = true"
-msgstr "krb5_use_enterprise_principal (booleà)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/ad_modified_defaults.xml:24
-#, fuzzy
-#| msgid "SSSD LDAP provider"
 msgid "LDAP Provider"
-msgstr "Proveïdor de LDAP de l'SSSD"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:28
-#, fuzzy
-#| msgid "ldap_schema (string)"
 msgid "ldap_schema = ad"
-msgstr "ldap_schema (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38
-#, fuzzy
-#| msgid "ldap_force_upper_case_realm (boolean)"
 msgid "ldap_force_upper_case_realm = true"
-msgstr "ldap_force_upper_case_realm (booleà)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:38
-#, fuzzy
-#| msgid "ldap_id_mapping (boolean)"
 msgid "ldap_id_mapping = true"
-msgstr "ldap_id_mapping (booleà)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:43
-#, fuzzy
-#| msgid "ldap_sasl_mech (string)"
 msgid "ldap_sasl_mech = gssapi"
-msgstr "ldap_sasl_mech (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:48
-#, fuzzy
-#| msgid "ldap_referrals (boolean)"
 msgid "ldap_referrals = false"
-msgstr "ldap_referrals (booleà)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:53
-#, fuzzy
-#| msgid "ldap_account_expire_policy (string)"
 msgid "ldap_account_expire_policy = ad"
-msgstr "ldap_account_expire_policy (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58
-#, fuzzy
-#| msgid "ldap_use_tokengroups"
 msgid "ldap_use_tokengroups = true"
-msgstr "ldap_use_tokengroups"
+msgstr ""
 
 #. type: Content of: <refsect1><para>
 #: include/ipa_modified_defaults.xml:4
@@ -15702,17 +16106,13 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:18
-#, fuzzy
-#| msgid "krb5_use_fast (string)"
 msgid "krb5_use_fast = try"
-msgstr "krb5_use_fast (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:23
-#, fuzzy
-#| msgid "krb5_canonicalize (boolean)"
 msgid "krb5_canonicalize = true"
-msgstr "krb5_canonicalize (booleà)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/ipa_modified_defaults.xml:29
@@ -15721,31 +16121,23 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:33
-#, fuzzy
-#| msgid "ldap_schema (string)"
 msgid "ldap_schema = ipa_v1"
-msgstr "ldap_schema (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:43
-#, fuzzy
-#| msgid "ldap_sasl_mech (string)"
 msgid "ldap_sasl_mech = GSSAPI"
-msgstr "ldap_sasl_mech (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:48
-#, fuzzy
-#| msgid "ldap_sasl_minssf (integer)"
 msgid "ldap_sasl_minssf = 56"
-msgstr "ldap_sasl_minssf (enter)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:53
-#, fuzzy
-#| msgid "ldap_account_expire_policy (string)"
 msgid "ldap_account_expire_policy = ipa"
-msgstr "ldap_account_expire_policy (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/ipa_modified_defaults.xml:64
@@ -15754,116 +16146,68 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:68
-#, fuzzy
-#| msgid "ldap_user_member_of (string)"
 msgid "ldap_user_member_of = memberOf"
-msgstr "ldap_user_member_of (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:73
-#, fuzzy
-#| msgid "ldap_user_uuid (string)"
 msgid "ldap_user_uuid = ipaUniqueID"
-msgstr "ldap_user_uuid (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:78
-#, fuzzy
-#| msgid "ldap_user_ssh_public_key"
 msgid "ldap_user_ssh_public_key = ipaSshPubKey"
-msgstr "ldap_user_ssh_public_key"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:83
 msgid "ldap_user_auth_type = ipaUserAuthType"
 msgstr ""
 
-#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:88
-#, fuzzy
-#| msgid "ldap_user_certificate (string)"
-msgid "ldap_user_certificate = userCertificate;binary"
-msgstr "ldap_user_certificate (cadena)"
-
 #. type: Content of: <refsect1><refsect2><title>
-#: include/ipa_modified_defaults.xml:94
+#: include/ipa_modified_defaults.xml:89
 msgid "LDAP Provider - Group options"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:98
-#, fuzzy
-#| msgid "ldap_group_object_class (string)"
+#: include/ipa_modified_defaults.xml:93
 msgid "ldap_group_object_class = ipaUserGroup"
-msgstr "ldap_group_object_class (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:103
-#, fuzzy
-#| msgid "ldap_group_object_class (string)"
+#: include/ipa_modified_defaults.xml:98
 msgid "ldap_group_object_class_alt = posixGroup"
-msgstr "ldap_group_object_class (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:108
-#, fuzzy
-#| msgid "ldap_group_member (string)"
+#: include/ipa_modified_defaults.xml:103
 msgid "ldap_group_member = member"
-msgstr "ldap_group_member (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:113
-#, fuzzy
-#| msgid "ldap_group_uuid (string)"
+#: include/ipa_modified_defaults.xml:108
 msgid "ldap_group_uuid = ipaUniqueID"
-msgstr "ldap_group_uuid (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:118
-#, fuzzy
-#| msgid "ldap_group_objectsid (string)"
+#: include/ipa_modified_defaults.xml:113
 msgid "ldap_group_objectsid = ipaNTSecurityIdentifier"
-msgstr "ldap_group_objectsid (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:123
+#: include/ipa_modified_defaults.xml:118
 msgid "ldap_group_external_member = ipaExternalMember"
 msgstr ""
 
 #~ msgid ""
-#~ "Comma separated list of services that are started when sssd itself starts."
+#~ "<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
+#~ "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
+#~ "running."
 #~ msgstr ""
-#~ "Llista de serveis separats per comes que s'inicien quan s'inicia el propi "
-#~ "sssd."
-
-#~ msgid "force_timeout (integer)"
-#~ msgstr "force_timeout (enter)"
-
-#~ msgid "Default: uid"
-#~ msgstr "Per defecte: uid"
-
-#~ msgid "Default: automountMap"
-#~ msgstr "Per defecte: automountMap"
-
-#~ msgid "Default: ou"
-#~ msgstr "Per defecte: ou"
-
-#~ msgid ""
-#~ "Verify with the help of krb5_keytab that the TGT obtained has not been "
-#~ "spoofed."
-#~ msgstr ""
-#~ "Comproveu amb l'ajuda de krb5_keytab que la TGT obtinguda no ha sigut "
-#~ "suplantada."
-
-#~ msgid ""
-#~ "Note that this default differs from the traditional Kerberos provider "
-#~ "back end."
-#~ msgstr ""
-#~ "Tingueu en compte que aquesta opció per defecte difereix del tradicional "
-#~ "proveïdor Kerberos."
-
-#~ msgid "Default: try"
-#~ msgstr "Per defecte: try"
+#~ "<command>sss_debuglevel</command> canvia el nivell de depuració del "
+#~ "monitor i dels proveïdors de l'SSSD monitor al "
+#~ "<replaceable>NOU_NIVELL_DE_DEPURACIÓ</replaceable> mentre s'està "
+#~ "executant l'SSSD."
 
-#~ msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-#~ msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+#~ msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+#~ msgstr "<replaceable>NOU_NIVELL_DE_DEPURACIÓ</replaceable>"
diff --git a/src/man/po/cs.po b/src/man/po/cs.po
index d89b472e7..43ac0c14a 100644
--- a/src/man/po/cs.po
+++ b/src/man/po/cs.po
@@ -4,13 +4,14 @@
 #
 # Translators:
 # sgallagh <sgallagh@redhat.com>, 2011
+# Zdenek <chmelarz@gmail.com>, 2017. #zanata
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.12.90\n"
+"Project-Id-Version: sssd-docs 1.15.3\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2017-07-25 11:51+0200\n"
-"PO-Revision-Date: 2014-12-14 11:52-0500\n"
-"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
+"POT-Creation-Date: 2017-10-20 16:15+0200\n"
+"PO-Revision-Date: 2017-09-11 08:53-0400\n"
+"Last-Translator: Zdenek <chmelarz@gmail.com>\n"
 "Language-Team: Czech (http://www.transifex.com/projects/p/sssd/language/"
 "cs/)\n"
 "Language: cs\n"
@@ -30,7 +31,8 @@ msgstr ""
 #: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
 #: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
 #: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5
-#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-kcm.8.xml:5
+#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-session-recording.5.xml:5
+#: sssd-kcm.8.xml:5 sssd-systemtap.5.xml:5
 msgid "SSSD Manual pages"
 msgstr "Manuálové stránky SSSD"
 
@@ -72,7 +74,8 @@ msgstr ""
 #: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31
 #: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
 #: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30
-#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-kcm.8.xml:21
+#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-session-recording.5.xml:21
+#: sssd-kcm.8.xml:21 sssd-systemtap.5.xml:21
 msgid "DESCRIPTION"
 msgstr "POPIS"
 
@@ -87,8 +90,8 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "VOLBY"
 
@@ -126,19 +129,22 @@ msgstr ""
 msgid "sssd.conf"
 msgstr ""
 
+# auto translated by TM merge from project: Fedora Elections Guide, version: master, DocId: Methods
 #. type: Content of: <reference><refentry><refmeta><manvolnum>
 #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
 #: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11
 #: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
-#: sssd-files.5.xml:11 sssd-secrets.5.xml:11
+#: sssd-files.5.xml:11 sssd-secrets.5.xml:11 sssd-session-recording.5.xml:11
+#: sssd-systemtap.5.xml:11
 msgid "5"
-msgstr ""
+msgstr "5"
 
 #. type: Content of: <reference><refentry><refmeta><refmiscinfo>
 #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
 #: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12
 #: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
-#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-kcm.8.xml:12
+#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-session-recording.5.xml:12
+#: sssd-kcm.8.xml:12 sssd-systemtap.5.xml:12
 msgid "File Formats and Conventions"
 msgstr ""
 
@@ -289,11 +295,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:813
-#: sssd.conf.5.xml:1422 sssd-ldap.5.xml:1695 sssd-ldap.5.xml:1792
-#: sssd-ldap.5.xml:1854 sssd-ldap.5.xml:2411 sssd-ldap.5.xml:2476
-#: sssd-ldap.5.xml:2494 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:284 sssd-secrets.5.xml:297
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
+#: sssd.conf.5.xml:1467 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1881 sssd-ldap.5.xml:2447 sssd-ldap.5.xml:2512
+#: sssd-ldap.5.xml:2530 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
+#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr ""
 
@@ -310,17 +316,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:697
-#: sssd.conf.5.xml:1376 sssd.conf.5.xml:2691 sssd-ldap.5.xml:708
-#: sssd-ldap.5.xml:1569 sssd-ldap.5.xml:1588 sssd-ldap.5.xml:1764
-#: sssd-ldap.5.xml:2181 sssd-ipa.5.xml:144 sssd-ipa.5.xml:231
-#: sssd-ipa.5.xml:496 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
+#: sssd.conf.5.xml:1400 sssd.conf.5.xml:2865 sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:1596 sssd-ldap.5.xml:1615 sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:2217 sssd-ipa.5.xml:145 sssd-ipa.5.xml:232
+#: sssd-ipa.5.xml:540 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
 #: sssd-krb5.5.xml:471
 msgid "Default: false"
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2219
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2255
+#: sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:210
+#: sssd-systemtap.5.xml:248 sssd-systemtap.5.xml:304
 msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
@@ -343,8 +351,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1328 sssd.conf.5.xml:2707
-#: sssd-ldap.5.xml:1440 include/ldap_id_mapping.xml:264
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1352 sssd.conf.5.xml:2881
+#: sssd-ldap.5.xml:1467 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr ""
 
@@ -359,7 +367,7 @@ msgid "The [sssd] section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:2796
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:2970
 msgid "Section parameters"
 msgstr ""
 
@@ -407,19 +415,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:589
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
 msgid "reconnection_retries (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:592
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:597
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
 msgid "Default: 3"
 msgstr ""
 
@@ -439,7 +447,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2508
 msgid "re_expression (string)"
 msgstr ""
 
@@ -459,12 +467,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2391
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2559
 msgid "full_name_format (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2394
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2562
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -472,39 +480,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2405
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2573
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2574
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2577
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2412
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2580
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2418
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2586
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2421
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2589
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2402
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2570
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -628,11 +636,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1132 sssd-ldap.5.xml:679
-#: sssd-ldap.5.xml:1528 sssd-ldap.5.xml:1540 sssd-ldap.5.xml:1622
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1156 sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:1555 sssd-ldap.5.xml:1567 sssd-ldap.5.xml:1649
 #: sssd-ad.5.xml:667 sssd-ad.5.xml:742 sssd-krb5.5.xml:410 sssd-krb5.5.xml:556
-#: sssd-secrets.5.xml:272 sssd-secrets.5.xml:310 sssd-secrets.5.xml:323
-#: sssd-secrets.5.xml:337 sssd-secrets.5.xml:348
+#: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
+#: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415
 #: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
 msgid "Default: not set"
 msgstr ""
@@ -803,8 +811,24 @@ msgid ""
 "be looked up in a random order for each parent domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:563
+msgid ""
+"Please, note that when this option is set the output format of all commands "
+"is always fully-qualified even when using short names for input.  In case "
+"the administrator wants the output not fully-qualified, the full_name_format "
+"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
+"However, keep in mind that during login, login applications often "
+"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
+"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
+"shortname is returned for a qualified input (while trying to reach a user "
+"which exists in multiple domains) might re-route the login attempt into the "
+"domain which users shortnames, making this workaround totally not "
+"recommended in cases where usernames may overlap between domains."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563 sssd.conf.5.xml:1340 sssd.conf.5.xml:2757
+#: sssd.conf.5.xml:587 sssd.conf.5.xml:1364 sssd.conf.5.xml:2931
 #: sssd-ad.5.xml:148 sssd-ad.5.xml:286 sssd-ad.5.xml:300
 msgid "Default: Not set"
 msgstr ""
@@ -821,12 +845,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:574
+#: sssd.conf.5.xml:598
 msgid "SERVICES SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:600
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -835,22 +859,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:607
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:609
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:626
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:605
+#: sssd.conf.5.xml:629
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -860,17 +884,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:614
+#: sssd.conf.5.xml:638
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:643
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:646
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -880,18 +904,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:631 sssd.conf.5.xml:663 sssd.conf.5.xml:944
-#: sssd.conf.5.xml:1198 sssd-ldap.5.xml:1267
+#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
+#: sssd.conf.5.xml:1222 sssd-ldap.5.xml:1294
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:660
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:663
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -899,24 +923,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:670
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:673
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:678
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:681
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -924,12 +948,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:692
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:695
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -941,58 +965,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685 sssd.conf.5.xml:956 sssd.conf.5.xml:1514
+#: sssd.conf.5.xml:709 sssd.conf.5.xml:980 sssd.conf.5.xml:1559
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:690
+#: sssd.conf.5.xml:714
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:717
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:729
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:731
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:712
+#: sssd.conf.5.xml:736
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715
+#: sssd.conf.5.xml:739
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:719
+#: sssd.conf.5.xml:743
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:748
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
+#: sssd.conf.5.xml:751
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1000,7 +1024,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:733
+#: sssd.conf.5.xml:757
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1010,7 +1034,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:767
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1019,17 +1043,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:775 sssd.conf.5.xml:1421
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:780
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:783
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1037,34 +1061,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:765 sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:789 sssd.conf.5.xml:1445
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:770
+#: sssd.conf.5.xml:794
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:773
+#: sssd.conf.5.xml:797
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778 sssd.conf.5.xml:1186 sssd.conf.5.xml:2641 sssd.8.xml:79
+#: sssd.conf.5.xml:802 sssd.conf.5.xml:1210 sssd.conf.5.xml:2815 sssd.8.xml:79
 msgid "Default: 0"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:807
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:786
+#: sssd.conf.5.xml:810
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1073,7 +1097,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:817
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1082,41 +1106,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:801
+#: sssd.conf.5.xml:825
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:830
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:833
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:820
+#: sssd.conf.5.xml:844
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:847
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:852
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:834
+#: sssd.conf.5.xml:858
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1124,23 +1148,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1265 sssd.conf.5.xml:1284
+#: sssd.conf.5.xml:856 sssd.conf.5.xml:1289 sssd.conf.5.xml:1308
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:862
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:868
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:871
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1148,47 +1172,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:877
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:883
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:886
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:889
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:869
+#: sssd.conf.5.xml:893
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:898
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:879
+#: sssd.conf.5.xml:903
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:906
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1196,105 +1220,105 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:913
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:892
+#: sssd.conf.5.xml:916
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:920
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:925
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:904
+#: sssd.conf.5.xml:928
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:909
+#: sssd.conf.5.xml:933
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:936
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:940
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:945
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:948
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:954
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:937 sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:961 sssd.conf.5.xml:1215
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1218
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:973
 msgid "memcache_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:952
+#: sssd.conf.5.xml:976
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:983
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:967 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:991 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:994
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1305,96 +1329,96 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1007
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1012
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:993
+#: sssd.conf.5.xml:1017
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:996
+#: sssd.conf.5.xml:1020
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1025 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1004
+#: sssd.conf.5.xml:1028
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1012
+#: sssd.conf.5.xml:1036
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1038
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1043
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1022
+#: sssd.conf.5.xml:1046
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027 sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1051 sssd.conf.5.xml:1064
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1057
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1060
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1070
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1073
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1078
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1402,122 +1426,122 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1084 sssd.conf.5.xml:1182
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1090
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1093
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1098
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1101
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1104
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1108
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1111
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.8.xml:63
+#: sssd.conf.5.xml:1115 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1121
 msgid "pam_response_filter (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1124
 msgid ""
-"A comma separated list of strings which allows to remove (filter) data send "
+"A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
-"responses send to pam_sss e.g. messages displayed to the user or environment "
+"responses sent to pam_sss e.g. messages displayed to the user or environment "
 "variables which should be set by pam_sss."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1132
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1139
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1116
-msgid "Do not sent any environment variables to any service."
+#: sssd.conf.5.xml:1140
+msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1143
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
-msgid "Do not sent environment variable var_name to any service."
+#: sssd.conf.5.xml:1144
+msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1148
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1125
-msgid "Do not sent environment variable var_name to service."
+#: sssd.conf.5.xml:1149
+msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1137
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1159
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1165
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1168
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1525,7 +1549,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1174
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1534,17 +1558,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1188
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1167 sssd.conf.5.xml:1866
+#: sssd.conf.5.xml:1191 sssd.conf.5.xml:2010
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1194
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1552,26 +1576,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1869
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2013
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1205
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1227
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1206
+#: sssd.conf.5.xml:1230
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1581,74 +1605,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1240
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1220
+#: sssd.conf.5.xml:1244
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1251
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1254
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1258
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1238
+#: sssd.conf.5.xml:1262
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1242
+#: sssd.conf.5.xml:1266
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1246 sssd.conf.5.xml:1271 sssd.conf.5.xml:1290
-#: sssd.conf.5.xml:1663 sssd.conf.5.xml:2577 sssd-ldap.5.xml:1823
+#: sssd.conf.5.xml:1270 sssd.conf.5.xml:1295 sssd.conf.5.xml:1314
+#: sssd.conf.5.xml:1807 sssd.conf.5.xml:2751 sssd-ldap.5.xml:1850
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1275
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1254
+#: sssd.conf.5.xml:1278
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1283
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:1291
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1656,19 +1680,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1276
+#: sssd.conf.5.xml:1300
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1303
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1310
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1676,12 +1700,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1319
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1322
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1689,58 +1713,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1304 sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1078
-#: sssd-ldap.5.xml:1369 sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1896
+#: sssd.conf.5.xml:1328 sssd-ldap.5.xml:1078 sssd-ldap.5.xml:1105
+#: sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1417 sssd-ldap.5.xml:1923
 #: include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1309
+#: sssd.conf.5.xml:1333
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1312
+#: sssd.conf.5.xml:1336
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1340
 msgid "Default: /etc/pki/nssdb (NSS version)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1345
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1348
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1357
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1360
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1349
+#: sssd.conf.5.xml:1373
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1351
+#: sssd.conf.5.xml:1375
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1751,34 +1775,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1392
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1371
+#: sssd.conf.5.xml:1395
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1407
+msgid "sudo_threshold (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1410
+msgid ""
+"Maximum number of expired rules that can be refreshed at once. If number of "
+"expired rules is below threshold, those rules are refreshed with "
+"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
+"<quote>full refresh</quote> of sudo rules is triggered instead. This "
+"threshold number also applies to IPA sudo command and command group searches."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1429
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1431
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1390
+#: sssd.conf.5.xml:1435
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1393
+#: sssd.conf.5.xml:1438
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1786,68 +1825,68 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1409
+#: sssd.conf.5.xml:1454
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1411
+#: sssd.conf.5.xml:1456
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1415
+#: sssd.conf.5.xml:1460
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1463
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1427
+#: sssd.conf.5.xml:1472
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430
+#: sssd.conf.5.xml:1475
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1434
+#: sssd.conf.5.xml:1479
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1484
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1487
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1447
+#: sssd.conf.5.xml:1492
 msgid "Default: /etc/pki/nssdb"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1455
+#: sssd.conf.5.xml:1500
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1457
+#: sssd.conf.5.xml:1502
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1858,7 +1897,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1466
+#: sssd.conf.5.xml:1511
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1869,24 +1908,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1519
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1525
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1484 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1529 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1487
+#: sssd.conf.5.xml:1532
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1894,12 +1933,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1538
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1497
+#: sssd.conf.5.xml:1542
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -1908,29 +1947,142 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
+#: sssd.conf.5.xml:1551
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1554
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1567
+msgid "Session recording configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1569
+msgid ""
+"Session recording works in conjunction with <citerefentry> "
+"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>, a part of tlog package, to log what users see and type when "
+"they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
+"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1582
+msgid "These options can be used to configure session recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1586 sssd-session-recording.5.xml:64
+msgid "scope (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:71
+msgid "\"none\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:74
+msgid "No users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1601 sssd-session-recording.5.xml:79
+msgid "\"some\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1604 sssd-session-recording.5.xml:82
+msgid ""
+"Users/groups specified by <replaceable>users</replaceable> and "
+"<replaceable>groups</replaceable> options are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1613 sssd-session-recording.5.xml:91
+msgid "\"all\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1616 sssd-session-recording.5.xml:94
+msgid "All users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1589 sssd-session-recording.5.xml:67
+msgid ""
+"One of the following strings specifying the scope of session recording: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:101
+msgid "Default: \"none\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1628 sssd-session-recording.5.xml:106
+msgid "users (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1631 sssd-session-recording.5.xml:109
+msgid ""
+"A comma-separated list of users which should have session recording enabled. "
+"Matches user names as returned by NSS. I.e. after the possible space "
+"replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1637 sssd-session-recording.5.xml:115
+msgid "Default: Empty. Matches no users."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1642 sssd-session-recording.5.xml:120
+msgid "groups (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1645 sssd-session-recording.5.xml:123
+msgid ""
+"A comma-separated list of groups, members of which should have session "
+"recording enabled. Matches group names as returned by NSS. I.e. after the "
+"possible space replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1651 sssd-session-recording.5.xml:129
+msgid ""
+"NOTE: using this option (having it set to anything) has a considerable "
+"performance cost, because each uncached request for a user requires "
+"retrieving and matching the groups the user is member of."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:136
+msgid "Default: Empty. Matches no groups."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1668
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1531
+#: sssd.conf.5.xml:1675
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1534
+#: sssd.conf.5.xml:1678
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -1939,14 +2091,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1542
+#: sssd.conf.5.xml:1686
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546
+#: sssd.conf.5.xml:1690
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -1955,38 +2107,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1698
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1702
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1562
+#: sssd.conf.5.xml:1706
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1568
+#: sssd.conf.5.xml:1712
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1715
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1720
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1995,46 +2147,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1727
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1731
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1737
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596
+#: sssd.conf.5.xml:1740
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1744
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603
+#: sssd.conf.5.xml:1747
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1821 sssd.conf.5.xml:1988
+#: sssd.conf.5.xml:1750 sssd.conf.5.xml:1965 sssd.conf.5.xml:2132
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1609
+#: sssd.conf.5.xml:1753
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2046,14 +2198,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1766
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1771
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2062,39 +2214,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:1779
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1643
+#: sssd.conf.5.xml:1787
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1650
+#: sssd.conf.5.xml:1794
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1651
+#: sssd.conf.5.xml:1795
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1798
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1799
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1790
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2103,19 +2255,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1813
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672
+#: sssd.conf.5.xml:1816
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1820
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2126,151 +2278,151 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1689
+#: sssd.conf.5.xml:1833
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1695
+#: sssd.conf.5.xml:1839
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1698
+#: sssd.conf.5.xml:1842
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1702 sssd.conf.5.xml:1715 sssd.conf.5.xml:1728
-#: sssd.conf.5.xml:1741 sssd.conf.5.xml:1754 sssd.conf.5.xml:1768
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1846 sssd.conf.5.xml:1859 sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1885 sssd.conf.5.xml:1898 sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1926
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1708
+#: sssd.conf.5.xml:1852
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1711
+#: sssd.conf.5.xml:1855
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1721
+#: sssd.conf.5.xml:1865
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1868
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1878
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1881
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1891
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1750
+#: sssd.conf.5.xml:1894
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1760
+#: sssd.conf.5.xml:1904
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1763
+#: sssd.conf.5.xml:1907
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1774
+#: sssd.conf.5.xml:1918
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1921
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1932
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1791
+#: sssd.conf.5.xml:1935
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1796
+#: sssd.conf.5.xml:1940
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1944
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1804 sssd-ldap.5.xml:746 sssd-ipa.5.xml:247
+#: sssd.conf.5.xml:1948 sssd-ldap.5.xml:746 sssd-ipa.5.xml:248
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1810
+#: sssd.conf.5.xml:1954
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1957
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1961
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1827
+#: sssd.conf.5.xml:1971
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1830
+#: sssd.conf.5.xml:1974
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2278,24 +2430,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1981
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1986
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1992
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1995
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2304,17 +2456,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1858
+#: sssd.conf.5.xml:2002
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:2007
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1874
+#: sssd.conf.5.xml:2018
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2323,33 +2475,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1881
+#: sssd.conf.5.xml:2025
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:2031
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2034
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1894
+#: sssd.conf.5.xml:2038
 msgid "<quote>proxy</quote>: Support a legacy NSS provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897 sssd.conf.5.xml:2034
+#: sssd.conf.5.xml:2041 sssd.conf.5.xml:2178
 msgid "<quote>local</quote>: SSSD internal provider for local users"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:2045
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2357,8 +2509,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1909 sssd.conf.5.xml:2014 sssd.conf.5.xml:2069
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2053 sssd.conf.5.xml:2158 sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2367,8 +2519,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1918 sssd.conf.5.xml:2023 sssd.conf.5.xml:2078
-#: sssd.conf.5.xml:2141
+#: sssd.conf.5.xml:2062 sssd.conf.5.xml:2167 sssd.conf.5.xml:2222
+#: sssd.conf.5.xml:2285
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2376,19 +2528,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2073
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:2076
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2081
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2397,7 +2549,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1945
+#: sssd.conf.5.xml:2089
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2405,22 +2557,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1952
+#: sssd.conf.5.xml:2096
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2102
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1961
+#: sssd.conf.5.xml:2105
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2108
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2432,7 +2584,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1982
+#: sssd.conf.5.xml:2126
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2440,19 +2592,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1993
+#: sssd.conf.5.xml:2137
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1996
+#: sssd.conf.5.xml:2140
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000 sssd.conf.5.xml:2062
+#: sssd.conf.5.xml:2144 sssd.conf.5.xml:2206
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2460,7 +2612,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2007
+#: sssd.conf.5.xml:2151
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2468,30 +2620,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2175
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2182
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2041
+#: sssd.conf.5.xml:2185
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2191
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2194
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2499,19 +2651,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
+#: sssd.conf.5.xml:2200
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059
+#: sssd.conf.5.xml:2203
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2086
+#: sssd.conf.5.xml:2230
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2520,7 +2672,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2093
+#: sssd.conf.5.xml:2237
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -2528,29 +2680,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2244
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2247
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2108
+#: sssd.conf.5.xml:2252
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2111
+#: sssd.conf.5.xml:2255
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2116
+#: sssd.conf.5.xml:2260
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2558,7 +2710,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2124
+#: sssd.conf.5.xml:2268
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2566,35 +2718,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2149
+#: sssd.conf.5.xml:2293
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2153
+#: sssd.conf.5.xml:2297
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2300
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2163
+#: sssd.conf.5.xml:2307
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2166
+#: sssd.conf.5.xml:2310
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2314
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2602,32 +2754,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2178
+#: sssd.conf.5.xml:2322
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2326
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2186
+#: sssd.conf.5.xml:2330
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189 sssd.conf.5.xml:2267 sssd.conf.5.xml:2308
-#: sssd.conf.5.xml:2333
+#: sssd.conf.5.xml:2333 sssd.conf.5.xml:2411 sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2501
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2337
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2638,12 +2790,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2210
+#: sssd.conf.5.xml:2354
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2357
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -2651,7 +2803,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2219
+#: sssd.conf.5.xml:2363
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2659,31 +2811,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2227
+#: sssd.conf.5.xml:2371
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2230
+#: sssd.conf.5.xml:2374
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2380
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2383
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2245
+#: sssd.conf.5.xml:2389
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2691,7 +2843,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2254
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2700,23 +2852,54 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2263
+#: sssd.conf.5.xml:2407
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2417
+msgid "session_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2420
+msgid ""
+"The provider which configures and manages user session related tasks. The "
+"only user session task currently provided is the integration with Fleet "
+"Commander, which works only with IPA.  Supported session providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2427
+msgid "<quote>ipa</quote> to allow performing user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2431
+msgid ""
+"<quote>none</quote> does not perform any kind of user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2435
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can perform "
+"session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2442
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2445
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2449
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2724,7 +2907,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2288
+#: sssd.conf.5.xml:2456
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2732,7 +2915,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2296
+#: sssd.conf.5.xml:2464
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2740,24 +2923,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2305
+#: sssd.conf.5.xml:2473
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2483
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2486
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2322
+#: sssd.conf.5.xml:2490
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2765,12 +2948,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2330
+#: sssd.conf.5.xml:2498
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2343
+#: sssd.conf.5.xml:2511
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -2780,7 +2963,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2520
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2788,30 +2971,31 @@ msgid ""
 "user names:"
 msgstr ""
 
+# auto translated by TM merge from project: Fedora Websites, version: fedorahosted.org, DocId: po/fedorahosted
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2525
 msgid "username"
-msgstr ""
+msgstr "username"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2528
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2363
+#: sssd.conf.5.xml:2531
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2366
+#: sssd.conf.5.xml:2534
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2371
+#: sssd.conf.5.xml:2539
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2819,7 +3003,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2377
+#: sssd.conf.5.xml:2545
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2827,137 +3011,145 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2384
+#: sssd.conf.5.xml:2552
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2431
+#: sssd.conf.5.xml:2599
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2437
+#: sssd.conf.5.xml:2605
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2440
+#: sssd.conf.5.xml:2608
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2444
+#: sssd.conf.5.xml:2612
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2447
+#: sssd.conf.5.xml:2615
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2450
+#: sssd.conf.5.xml:2618
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2621
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2456
+#: sssd.conf.5.xml:2624
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2459
+#: sssd.conf.5.xml:2627
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2633
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2468
+#: sssd.conf.5.xml:2636
+msgid ""
+"Defines the amount of time (in seconds) to wait for a reply from the "
+"internal fail over service before assuming that the service is unreachable. "
+"If this timeout is reached, the domain will continue to operate in offline "
+"mode."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2643
 msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
+"Please see the section <quote>FAILOVER</quote> for more information about "
+"the service resolution."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2474 sssd-ldap.5.xml:1251 sssd-ldap.5.xml:1293
-#: sssd-ldap.5.xml:1311 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2648 sssd-ldap.5.xml:1278 sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1338 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2654
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2483
+#: sssd.conf.5.xml:2657
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2661
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2493
+#: sssd.conf.5.xml:2667
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2496
+#: sssd.conf.5.xml:2670
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2502
+#: sssd.conf.5.xml:2676
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2510
+#: sssd.conf.5.xml:2684
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2513
+#: sssd.conf.5.xml:2687
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2519
+#: sssd.conf.5.xml:2693
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2695
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2525
+#: sssd.conf.5.xml:2699
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2528
+#: sssd.conf.5.xml:2702
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -2965,7 +3157,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2505
+#: sssd.conf.5.xml:2679
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -2973,17 +3165,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2540
+#: sssd.conf.5.xml:2714
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2546
+#: sssd.conf.5.xml:2720
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2549
+#: sssd.conf.5.xml:2723
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -2991,34 +3183,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2729
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2558
+#: sssd.conf.5.xml:2732
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2561 sssd-ldap.5.xml:1084
+#: sssd.conf.5.xml:2735 sssd-ldap.5.xml:1111
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2564
+#: sssd.conf.5.xml:2738
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2567
+#: sssd.conf.5.xml:2741
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2573
+#: sssd.conf.5.xml:2747
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3026,32 +3218,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2571 sssd-secrets.5.xml:381
+#: sssd.conf.5.xml:2745 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2580
+#: sssd.conf.5.xml:2754
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2587
+#: sssd.conf.5.xml:2761
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2772
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2599
+#: sssd.conf.5.xml:2773
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2764
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3061,34 +3253,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:2778
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:2782
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2613
+#: sssd.conf.5.xml:2787
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2616
+#: sssd.conf.5.xml:2790
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2622
+#: sssd.conf.5.xml:2796
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2625
+#: sssd.conf.5.xml:2799
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3096,12 +3288,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2805
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2635
+#: sssd.conf.5.xml:2809
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3109,7 +3301,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1670
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3117,29 +3309,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2653
+#: sssd.conf.5.xml:2827
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2656
+#: sssd.conf.5.xml:2830
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2659
+#: sssd.conf.5.xml:2833
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2841
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2670
+#: sssd.conf.5.xml:2844
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3147,12 +3339,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2680
+#: sssd.conf.5.xml:2854
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2683
+#: sssd.conf.5.xml:2857
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3161,12 +3353,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2697
+#: sssd.conf.5.xml:2871
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2700
+#: sssd.conf.5.xml:2874
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3174,19 +3366,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2823
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2890
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2892
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3203,7 +3395,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2738
+#: sssd.conf.5.xml:2912
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3211,17 +3403,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2744
+#: sssd.conf.5.xml:2918
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2746
+#: sssd.conf.5.xml:2920
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2749
+#: sssd.conf.5.xml:2923
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3230,18 +3422,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2937
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
-"through the NSS responder. In addition, the application domains also "
-"requests the telephoneNumber attribute, stores it as the phone attribute in "
-"the cache and makes the phone attribute reachable through the D-Bus "
-"interface."
+"through the NSS responder. In addition, the application domain also requests "
+"the telephoneNumber attribute, stores it as the phone attribute in the cache "
+"and makes the phone attribute reachable through the D-Bus interface."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:2771
+#: sssd.conf.5.xml:2945
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3261,12 +3452,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2963
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2791
+#: sssd.conf.5.xml:2965
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3274,73 +3465,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2798
+#: sssd.conf.5.xml:2972
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2975
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2805
+#: sssd.conf.5.xml:2979
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2810
+#: sssd.conf.5.xml:2984
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2987
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2992
 msgid "Default: <filename>/home</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2823
+#: sssd.conf.5.xml:2997
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:3000
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830 sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:3004 sssd.conf.5.xml:3016
 msgid "Default: TRUE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2835
+#: sssd.conf.5.xml:3009
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2838
+#: sssd.conf.5.xml:3012
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2847
+#: sssd.conf.5.xml:3021
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2850
+#: sssd.conf.5.xml:3024
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3348,17 +3539,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2858
+#: sssd.conf.5.xml:3032
 msgid "Default: 077"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:3037
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2866
+#: sssd.conf.5.xml:3040
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3367,17 +3558,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2876
+#: sssd.conf.5.xml:3050
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2881
+#: sssd.conf.5.xml:3055
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2884
+#: sssd.conf.5.xml:3058
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3385,17 +3576,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2891
+#: sssd.conf.5.xml:3065
 msgid "Default: <filename>/var/mail</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:3070
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2899
+#: sssd.conf.5.xml:3073
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3403,86 +3594,85 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2905
+#: sssd.conf.5.xml:3079
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2915
+#: sssd.conf.5.xml:3089
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:3091
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
 "<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
-"replaceable>]</quote>.  Currently supported options in the trusted domain "
-"section are:"
+"replaceable>]</quote>.  Where DOMAIN_NAME is the actual joined-to base "
+"domain. Please refer to examples below for explanation.  Currently supported "
+"options in the trusted domain section are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2922
+#: sssd.conf.5.xml:3098
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:3099
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2924
+#: sssd.conf.5.xml:3100
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2925
+#: sssd.conf.5.xml:3101
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:3102
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2927
+#: sssd.conf.5.xml:3103
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2928
+#: sssd.conf.5.xml:3104
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2929
+#: sssd.conf.5.xml:3105
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2930
+#: sssd.conf.5.xml:3106
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2932
+#: sssd.conf.5.xml:3108
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2938 sssd-ldap.5.xml:2662 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:673 sssd-ad.5.xml:1018 sssd-krb5.5.xml:570
-#: sss_rpcidmapd.5.xml:98 sssd-files.5.xml:71
-msgid "EXAMPLE"
+#: sssd.conf.5.xml:3114 idmap_sss.8.xml:43
+msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2944
+#: sssd.conf.5.xml:3120
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3512,14 +3702,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2940
+#: sssd.conf.5.xml:3116
 msgid ""
-"The following example shows a typical SSSD config. It does not describe "
+"1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 "id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:3153
+#, no-wrap
+msgid ""
+"[domain/ipa.com/child.ad.com]\n"
+"use_fully_qualified_names = false\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3147
+msgid ""
+"2. The following example shows configuration of IPA AD trust where the AD "
+"forest consists of two domains in a parent-child structure.  Suppose IPA "
+"domain (ipa.com) has trust with AD domain(ad.com).  ad.com has child domain "
+"(child.ad.com). To enable shortnames in the child domain the following "
+"configuration should be used.  <placeholder type=\"programlisting\" id=\"0\"/"
+">"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
 msgid "sssd-ldap"
@@ -3560,7 +3769,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:75 sssd-ad.5.xml:99
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
-#: sssd-secrets.5.xml:94 sssd-kcm.8.xml:141
+#: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
 msgstr ""
 
@@ -3580,7 +3789,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:197
+#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:264
 msgid "The format of the URI must match the format defined in RFC 2732:"
 msgstr ""
 
@@ -3777,10 +3986,11 @@ msgstr ""
 msgid "The two mechanisms currently supported are:"
 msgstr ""
 
+# auto translated by TM merge from project: FreeIPA, version: ipa-4-5, DocId: po/ipa
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:229
 msgid "password"
-msgstr ""
+msgstr "heslo"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:232
@@ -3860,7 +4070,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:893
+#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:920
 msgid "Default: gidNumber"
 msgstr ""
 
@@ -3938,7 +4148,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:919
+#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:946
 msgid ""
 "Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
 "IPA"
@@ -3957,7 +4167,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:961
 msgid "Default: objectSid for ActiveDirectory, not set for other servers."
 msgstr ""
 
@@ -3967,14 +4177,14 @@ msgid "ldap_user_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:944 sssd-ldap.5.xml:1167
+#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:971 sssd-ldap.5.xml:1194
 msgid ""
 "The LDAP attribute that contains timestamp of the last modification of the "
 "parent object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:948 sssd-ldap.5.xml:1174
+#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:975 sssd-ldap.5.xml:1201
 msgid "Default: modifyTimestamp"
 msgstr ""
 
@@ -4369,8 +4579,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1199
-#: sssd-ldap.5.xml:2240 sssd-ipa.5.xml:544
+#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1152 sssd-ldap.5.xml:1226
+#: sssd-ldap.5.xml:2276 sssd-ipa.5.xml:588
 msgid "Default: cn"
 msgstr ""
 
@@ -4457,130 +4667,163 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:833
-msgid "ldap_user_certificate (string)"
+msgid "ldap_user_authorized_rhost (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:836
+msgid ""
+"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
+"presence of the rhost attribute in the user's LDAP entry to determine access "
+"privilege. Similarly to host verification process."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:843
+msgid ""
+"An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
+"explicit allow (rhost) and finally for allow_all (*)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:848
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>rhost</quote> in order for the "
+"ldap_user_authorized_rhost option to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:855
+msgid "Default: rhost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:861
+msgid "ldap_user_certificate (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
 msgid "Name of the LDAP attribute containing the X509 certificate of the user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:840
-msgid "Default: no set in the general case, userCertificate;binary for IPA"
+#: sssd-ldap.5.xml:868
+msgid "Default: userCertificate;binary"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:847
+#: sssd-ldap.5.xml:874
 msgid "ldap_user_email (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:850
+#: sssd-ldap.5.xml:877
 msgid "Name of the LDAP attribute containing the email address of the user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
+#: sssd-ldap.5.xml:881
 msgid "Default: mail"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:860
+#: sssd-ldap.5.xml:887
 msgid "ldap_group_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:890
 msgid "The object class of a group entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:893
 msgid "Default: posixGroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:872
+#: sssd-ldap.5.xml:899
 msgid "ldap_group_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:875
+#: sssd-ldap.5.xml:902
 msgid "The LDAP attribute that corresponds to the group name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:879
+#: sssd-ldap.5.xml:906
 msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:886
+#: sssd-ldap.5.xml:913
 msgid "ldap_group_gid_number (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:916
 msgid "The LDAP attribute that corresponds to the group's id."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:926
 msgid "ldap_group_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:902
+#: sssd-ldap.5.xml:929
 msgid "The LDAP attribute that contains the names of the group's members."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:933
 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:939
 msgid "ldap_group_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:942
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:953
 msgid "ldap_group_objectsid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:929
+#: sssd-ldap.5.xml:956
 msgid ""
 "The LDAP attribute that contains the objectSID of an LDAP group object. This "
 "is usually only necessary for ActiveDirectory servers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:968
 msgid "ldap_group_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:981
 msgid "ldap_group_type (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:957
+#: sssd-ldap.5.xml:984
 msgid ""
 "The LDAP attribute that contains an integer value indicating the type of the "
 "group and maybe other flags."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:962
+#: sssd-ldap.5.xml:989
 msgid ""
 "This attribute is currently only used by the AD provider to determine if a "
 "group is a domain local groups and has to be filtered out for trusted "
@@ -4588,34 +4831,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:968
+#: sssd-ldap.5.xml:995
 msgid "Default: groupType in the AD provider, otherwise not set"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:975
+#: sssd-ldap.5.xml:1002
 msgid "ldap_group_external_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:978
+#: sssd-ldap.5.xml:1005
 msgid ""
 "The LDAP attribute that references group members that are defined in an "
 "external domain. At the moment, only IPA's external members are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:1011
 msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1018
 msgid "ldap_group_nesting_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1021
 msgid ""
 "If ldap_schema is set to a schema format that supports nested groups (e.g. "
 "RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -4623,7 +4866,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
+#: sssd-ldap.5.xml:1028
 msgid ""
 "Note: This option specifies the guaranteed level of nested groups to be "
 "processed for any lookup. However, nested groups beyond this limit "
@@ -4633,7 +4876,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1037
 msgid ""
 "If ldap_group_nesting_level is set to 0 then no nested groups are processed "
 "at all. However, when connected to Active-Directory Server 2008 and later "
@@ -4643,17 +4886,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1046
 msgid "Default: 2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1025
+#: sssd-ldap.5.xml:1052
 msgid "ldap_groups_use_matching_rule_in_chain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1028
+#: sssd-ldap.5.xml:1055
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which may speed up group lookup operations on deployments with "
@@ -4661,14 +4904,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1034
+#: sssd-ldap.5.xml:1061
 msgid ""
 "In most common cases, it is best to leave this option disabled. It generally "
 "only provides a performance increase on very complex nestings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039 sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1093
 msgid ""
 "If this option is enabled, SSSD will use it if it detects that the server "
 "supports it during initial connection. So \"True\" here essentially means "
@@ -4676,7 +4919,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1072
+#: sssd-ldap.5.xml:1072 sssd-ldap.5.xml:1099
 msgid ""
 "Note: This feature is currently known to work only with Active Directory "
 "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4685,12 +4928,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1057
+#: sssd-ldap.5.xml:1084
 msgid "ldap_initgroups_use_matching_rule_in_chain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1087
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which might speed up initgroups operations (most notably when "
@@ -4698,168 +4941,168 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1114
 msgid ""
 "This options enables or disables use of Token-Groups attribute when "
 "performing initgroup for users from Active Directory Server 2008 and later."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1092
+#: sssd-ldap.5.xml:1119
 msgid "Default: True for AD and IPA otherwise False."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1125
 msgid "ldap_netgroup_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1101
+#: sssd-ldap.5.xml:1128
 msgid "The object class of a netgroup entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1104
+#: sssd-ldap.5.xml:1131
 msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1108
+#: sssd-ldap.5.xml:1135
 msgid "Default: nisNetgroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1114
+#: sssd-ldap.5.xml:1141
 msgid "ldap_netgroup_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1117
+#: sssd-ldap.5.xml:1144
 msgid "The LDAP attribute that corresponds to the netgroup name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1121
+#: sssd-ldap.5.xml:1148
 msgid "In IPA provider, ipa_netgroup_name should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1131
+#: sssd-ldap.5.xml:1158
 msgid "ldap_netgroup_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1134
+#: sssd-ldap.5.xml:1161
 msgid "The LDAP attribute that contains the names of the netgroup's members."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1165
 msgid "In IPA provider, ipa_netgroup_member should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1142
+#: sssd-ldap.5.xml:1169
 msgid "Default: memberNisNetgroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1175
 msgid "ldap_netgroup_triple (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1178
 msgid ""
 "The LDAP attribute that contains the (host, user, domain) netgroup triples."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1155 sssd-ldap.5.xml:1171
+#: sssd-ldap.5.xml:1182 sssd-ldap.5.xml:1198
 msgid "This option is not available in IPA provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1158
+#: sssd-ldap.5.xml:1185
 msgid "Default: nisNetgroupTriple"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1191
 msgid "ldap_netgroup_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1207
 msgid "ldap_service_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1210
 msgid "The object class of a service entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1186
+#: sssd-ldap.5.xml:1213
 msgid "Default: ipService"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1192
+#: sssd-ldap.5.xml:1219
 msgid "ldap_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1195
+#: sssd-ldap.5.xml:1222
 msgid ""
 "The LDAP attribute that contains the name of service attributes and their "
 "aliases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1205
+#: sssd-ldap.5.xml:1232
 msgid "ldap_service_port (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1235
 msgid "The LDAP attribute that contains the port managed by this service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1239
 msgid "Default: ipServicePort"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1245
 msgid "ldap_service_proto (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1248
 msgid ""
 "The LDAP attribute that contains the protocols understood by this service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1252
 msgid "Default: ipServiceProtocol"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1231
+#: sssd-ldap.5.xml:1258
 msgid "ldap_service_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1236
+#: sssd-ldap.5.xml:1263
 msgid "ldap_search_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1266
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches are allowed to run "
 "before they are cancelled and cached results are returned (and offline mode "
@@ -4867,7 +5110,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1245
+#: sssd-ldap.5.xml:1272
 msgid ""
 "Note: this option is subject to change in future versions of the SSSD. It "
 "will likely be replaced at some point by a series of timeouts for specific "
@@ -4875,12 +5118,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1257
+#: sssd-ldap.5.xml:1284
 msgid "ldap_enumeration_search_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1260
+#: sssd-ldap.5.xml:1287
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches for user and group "
 "enumerations are allowed to run before they are cancelled and cached results "
@@ -4888,12 +5131,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1273
+#: sssd-ldap.5.xml:1300
 msgid "ldap_network_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1303
 msgid ""
 "Specifies the timeout (in seconds) after which the <citerefentry> "
 "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4904,12 +5147,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1326
 msgid "ldap_opt_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1329
 msgid ""
 "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
 "will abort if no response is received. Also controls the timeout when "
@@ -4918,12 +5161,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1344
 msgid "ldap_connection_expire_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1347
 msgid ""
 "Specifies a timeout (in seconds) that a connection to an LDAP server will be "
 "maintained. After this time, the connection will be re-established. If used "
@@ -4932,34 +5175,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1328 sssd-ldap.5.xml:2397
+#: sssd-ldap.5.xml:1355 sssd-ldap.5.xml:2433
 msgid "Default: 900 (15 minutes)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1361
 msgid "ldap_page_size (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1364
 msgid ""
 "Specify the number of records to retrieve from LDAP in a single request. "
 "Some LDAP servers enforce a maximum limit per-request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1342
+#: sssd-ldap.5.xml:1369
 msgid "Default: 1000"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1375
 msgid "ldap_disable_paging (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1378
 msgid ""
 "Disable the LDAP paging control. This option should be used if the LDAP "
 "server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4967,14 +5210,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1384
 msgid ""
 "Example: OpenLDAP servers with the paging control module installed on the "
 "server but not enabled will report it in the RootDSE but be unable to use it."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1363
+#: sssd-ldap.5.xml:1390
 msgid ""
 "Example: 389 DS has a bug where it can only support a one paging control at "
 "a time on a single connection. On busy clients, this can result in some "
@@ -4982,17 +5225,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1375
+#: sssd-ldap.5.xml:1402
 msgid "ldap_disable_range_retrieval (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1378
+#: sssd-ldap.5.xml:1405
 msgid "Disable Active Directory range retrieval."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1381
+#: sssd-ldap.5.xml:1408
 msgid ""
 "Active Directory limits the number of members to be retrieved in a single "
 "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -5002,12 +5245,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1396
+#: sssd-ldap.5.xml:1423
 msgid "ldap_sasl_minssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1426
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -5015,17 +5258,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1432
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1439
 msgid "ldap_deref_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1415
+#: sssd-ldap.5.xml:1442
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -5033,13 +5276,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1448
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1452
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -5048,7 +5291,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1433
+#: sssd-ldap.5.xml:1460
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -5056,26 +5299,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1473
 msgid "ldap_tls_reqcert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1449
+#: sssd-ldap.5.xml:1476
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1482
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1486
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5083,7 +5326,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466
+#: sssd-ldap.5.xml:1493
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5091,7 +5334,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1472
+#: sssd-ldap.5.xml:1499
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -5099,41 +5342,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1478
+#: sssd-ldap.5.xml:1505
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1509
 msgid "Default: hard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1515
 msgid "ldap_tls_cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1518
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1496 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1523 sssd-ldap.5.xml:1541 sssd-ldap.5.xml:1582
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1530
 msgid "ldap_tls_cacertdir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1533
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -5142,32 +5385,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1548
 msgid "ldap_tls_cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1524
+#: sssd-ldap.5.xml:1551
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1534
+#: sssd-ldap.5.xml:1561
 msgid "ldap_tls_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1564
 msgid "Specifies the file that contains the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1573
 msgid "ldap_tls_cipher_suite (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1576
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -5175,24 +5418,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1589
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1565
+#: sssd-ldap.5.xml:1592
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem class="
 "\"protocol\">tls</systemitem> to protect the channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1602
 msgid "ldap_id_mapping (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1605
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -5200,17 +5443,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1584
+#: sssd-ldap.5.xml:1611
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1621
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1624
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -5221,29 +5464,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1636
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1642
 msgid "ldap_sasl_mech (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1645
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
 "supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1655
 msgid "ldap_sasl_authid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1658
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI is used, this "
 "represents the Kerberos principal used for authentication to the directory.  "
@@ -5252,17 +5495,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1666
 msgid "Default: host/hostname@REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1672
 msgid "ldap_sasl_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1648
+#: sssd-ldap.5.xml:1675
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -5270,49 +5513,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1681
 msgid "Default: the value of krb5_realm."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1687
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1663
+#: sssd-ldap.5.xml:1690
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1668
+#: sssd-ldap.5.xml:1695
 msgid "Default: false;"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1701
 msgid "ldap_krb5_keytab (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1677
+#: sssd-ldap.5.xml:1704
 msgid "Specify the keytab to use when using SASL/GSSAPI."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1680
+#: sssd-ldap.5.xml:1707
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1686
+#: sssd-ldap.5.xml:1713
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1689
+#: sssd-ldap.5.xml:1716
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -5320,27 +5563,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1728
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1704
+#: sssd-ldap.5.xml:1731
 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1708 sssd-ad.5.xml:914
+#: sssd-ldap.5.xml:1735 sssd-ad.5.xml:914
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1714 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1741 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1717
+#: sssd-ldap.5.xml:1744
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -5352,7 +5595,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1756 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -5360,7 +5603,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1761 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -5368,39 +5611,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1743 sssd-ipa.5.xml:418 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1770 sssd-ipa.5.xml:432 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1746
+#: sssd-ldap.5.xml:1773
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1749
+#: sssd-ldap.5.xml:1776
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1755 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1782 sssd-krb5.5.xml:462
 msgid "krb5_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1785
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1770 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1797 sssd-krb5.5.xml:477
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1773 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1800 sssd-krb5.5.xml:480
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -5410,7 +5653,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1811 sssd-krb5.5.xml:491
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -5418,26 +5661,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1825
 msgid "ldap_pwd_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1828
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1806
+#: sssd-ldap.5.xml:1833
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1811
+#: sssd-ldap.5.xml:1838
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -5445,7 +5688,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1817
+#: sssd-ldap.5.xml:1844
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5453,31 +5696,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1826
+#: sssd-ldap.5.xml:1853
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1861
 msgid "ldap_referrals (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1864
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1868
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1873
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5486,56 +5729,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1887
 msgid "ldap_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1890
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1894
 msgid "Default: ldap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1900
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1876
+#: sssd-ldap.5.xml:1903
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1881
+#: sssd-ldap.5.xml:1908
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1887
+#: sssd-ldap.5.xml:1914
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1890
+#: sssd-ldap.5.xml:1917
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1902
+#: sssd-ldap.5.xml:1929
 msgid "ldap_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1932
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -5551,12 +5794,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1952
 msgid "Example:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1928
+#: sssd-ldap.5.xml:1955
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -5565,14 +5808,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1959
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1964
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -5581,24 +5824,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1945 sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:1972 sssd-ldap.5.xml:2029
 msgid "Default: Empty"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1951
+#: sssd-ldap.5.xml:1978
 msgid "ldap_account_expire_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1981
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1958
+#: sssd-ldap.5.xml:1985
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5606,19 +5849,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1965
+#: sssd-ldap.5.xml:1992
 msgid "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1995
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1973
+#: sssd-ldap.5.xml:2000
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5627,7 +5870,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:2007
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5635,7 +5878,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1986
+#: sssd-ldap.5.xml:2013
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5644,7 +5887,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2022
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -5652,22 +5895,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2035
 msgid "ldap_access_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2011
+#: sssd-ldap.5.xml:2038
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2042
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2045
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5677,14 +5920,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2028
+#: sssd-ldap.5.xml:2055
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2062
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5697,12 +5940,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2052
+#: sssd-ldap.5.xml:2079
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2056
+#: sssd-ldap.5.xml:2083
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5712,7 +5955,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2093
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5722,49 +5965,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2101
 msgid ""
 "Note If user password is expired no explicit message is prompted by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2105
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2083
+#: sssd-ldap.5.xml:2110
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2115
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2092
+#: sssd-ldap.5.xml:2119
+msgid ""
+"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
+"remote host can access"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2123
+msgid ""
+"Please note, rhost field in pam is set by application, it is better to check "
+"what the application sends to pam, before enabling this access control option"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2128
 msgid "Default: filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2095
+#: sssd-ldap.5.xml:2131
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2102
+#: sssd-ldap.5.xml:2138
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2105
+#: sssd-ldap.5.xml:2141
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -5773,74 +6030,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2113
+#: sssd-ldap.5.xml:2149
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2152
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2122
+#: sssd-ldap.5.xml:2158
 msgid "ldap_deref (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2125
+#: sssd-ldap.5.xml:2161
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2130
+#: sssd-ldap.5.xml:2166
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2134
+#: sssd-ldap.5.xml:2170
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2139
+#: sssd-ldap.5.xml:2175
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2144
+#: sssd-ldap.5.xml:2180
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2149
+#: sssd-ldap.5.xml:2185
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2157
+#: sssd-ldap.5.xml:2193
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2196
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2200
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -5851,7 +6108,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2175
+#: sssd-ldap.5.xml:2211
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -5859,24 +6116,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187 sssd-ifp.5.xml:136
-msgid "wildcart_limit (integer)"
+#: sssd-ldap.5.xml:2223 sssd-ifp.5.xml:136
+msgid "wildcard_limit (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2226
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2194
+#: sssd-ldap.5.xml:2230
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2234
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
@@ -5891,12 +6148,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2244
 msgid "SUDO OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2210
+#: sssd-ldap.5.xml:2246
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5904,208 +6161,208 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2221
+#: sssd-ldap.5.xml:2257
 msgid "ldap_sudorule_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2260
 msgid "The object class of a sudo rule entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2227
+#: sssd-ldap.5.xml:2263
 msgid "Default: sudoRole"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2233
+#: sssd-ldap.5.xml:2269
 msgid "ldap_sudorule_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2272
 msgid "The LDAP attribute that corresponds to the sudo rule name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2246
+#: sssd-ldap.5.xml:2282
 msgid "ldap_sudorule_command (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2249
+#: sssd-ldap.5.xml:2285
 msgid "The LDAP attribute that corresponds to the command name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2253
+#: sssd-ldap.5.xml:2289
 msgid "Default: sudoCommand"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2259
+#: sssd-ldap.5.xml:2295
 msgid "ldap_sudorule_host (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2262
+#: sssd-ldap.5.xml:2298
 msgid ""
 "The LDAP attribute that corresponds to the host name (or host IP address, "
 "host IP network, or host netgroup)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2303
 msgid "Default: sudoHost"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2273
+#: sssd-ldap.5.xml:2309
 msgid "ldap_sudorule_user (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2276
+#: sssd-ldap.5.xml:2312
 msgid ""
 "The LDAP attribute that corresponds to the user name (or UID, group name or "
 "user's netgroup)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2316
 msgid "Default: sudoUser"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2286
+#: sssd-ldap.5.xml:2322
 msgid "ldap_sudorule_option (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2289
+#: sssd-ldap.5.xml:2325
 msgid "The LDAP attribute that corresponds to the sudo options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2329
 msgid "Default: sudoOption"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2335
 msgid "ldap_sudorule_runasuser (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2302
+#: sssd-ldap.5.xml:2338
 msgid ""
 "The LDAP attribute that corresponds to the user name that commands may be "
 "run as."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2306
+#: sssd-ldap.5.xml:2342
 msgid "Default: sudoRunAsUser"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2312
+#: sssd-ldap.5.xml:2348
 msgid "ldap_sudorule_runasgroup (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2351
 msgid ""
 "The LDAP attribute that corresponds to the group name or group GID that "
 "commands may be run as."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2319
+#: sssd-ldap.5.xml:2355
 msgid "Default: sudoRunAsGroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2361
 msgid "ldap_sudorule_notbefore (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2328
+#: sssd-ldap.5.xml:2364
 msgid ""
 "The LDAP attribute that corresponds to the start date/time for when the sudo "
 "rule is valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2332
+#: sssd-ldap.5.xml:2368
 msgid "Default: sudoNotBefore"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2338
+#: sssd-ldap.5.xml:2374
 msgid "ldap_sudorule_notafter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2341
+#: sssd-ldap.5.xml:2377
 msgid ""
 "The LDAP attribute that corresponds to the expiration date/time, after which "
 "the sudo rule will no longer be valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2346
+#: sssd-ldap.5.xml:2382
 msgid "Default: sudoNotAfter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2352
+#: sssd-ldap.5.xml:2388
 msgid "ldap_sudorule_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2391
 msgid "The LDAP attribute that corresponds to the ordering index of the rule."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2359
+#: sssd-ldap.5.xml:2395
 msgid "Default: sudoOrder"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2365
+#: sssd-ldap.5.xml:2401
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2368
+#: sssd-ldap.5.xml:2404
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2373
+#: sssd-ldap.5.xml:2409
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2378
+#: sssd-ldap.5.xml:2414
 msgid "Default: 21600 (6 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2420
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387
+#: sssd-ldap.5.xml:2423
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest USN "
@@ -6113,101 +6370,101 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2429
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2403
+#: sssd-ldap.5.xml:2439
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2406
+#: sssd-ldap.5.xml:2442
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2417
+#: sssd-ldap.5.xml:2453
 msgid "ldap_sudo_hostnames (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2420
+#: sssd-ldap.5.xml:2456
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2425
+#: sssd-ldap.5.xml:2461
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2430 sssd-ldap.5.xml:2453 sssd-ldap.5.xml:2471
-#: sssd-ldap.5.xml:2489
+#: sssd-ldap.5.xml:2466 sssd-ldap.5.xml:2489 sssd-ldap.5.xml:2507
+#: sssd-ldap.5.xml:2525
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2435 sssd-ldap.5.xml:2458
+#: sssd-ldap.5.xml:2471 sssd-ldap.5.xml:2494
 msgid "Default: not specified"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2477
 msgid "ldap_sudo_ip (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2444
+#: sssd-ldap.5.xml:2480
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2449
+#: sssd-ldap.5.xml:2485
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2464
+#: sssd-ldap.5.xml:2500
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2467
+#: sssd-ldap.5.xml:2503
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2482
+#: sssd-ldap.5.xml:2518
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2485
+#: sssd-ldap.5.xml:2521
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2501
+#: sssd-ldap.5.xml:2537
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -6216,111 +6473,111 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2547
 msgid "AUTOFS OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2513
+#: sssd-ldap.5.xml:2549
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2555
 msgid "ldap_autofs_map_master_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2522
+#: sssd-ldap.5.xml:2558
 msgid "The name of the automount master map in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2525
+#: sssd-ldap.5.xml:2561
 msgid "Default: auto.master"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2532
+#: sssd-ldap.5.xml:2568
 msgid "ldap_autofs_map_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2535
+#: sssd-ldap.5.xml:2571
 msgid "The object class of an automount map entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2538
+#: sssd-ldap.5.xml:2574
 msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2546
+#: sssd-ldap.5.xml:2582
 msgid "ldap_autofs_map_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2549
+#: sssd-ldap.5.xml:2585
 msgid "The name of an automount map entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2552
+#: sssd-ldap.5.xml:2588
 msgid ""
 "Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2596
 msgid "ldap_autofs_entry_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2563
+#: sssd-ldap.5.xml:2599
 msgid ""
 "The object class of an automount entry in LDAP. The entry usually "
 "corresponds to a mount point."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2568
+#: sssd-ldap.5.xml:2604
 msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2576
+#: sssd-ldap.5.xml:2612
 msgid "ldap_autofs_entry_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2579 sssd-ldap.5.xml:2594
+#: sssd-ldap.5.xml:2615 sssd-ldap.5.xml:2630
 msgid ""
 "The key of an automount entry in LDAP. The entry usually corresponds to a "
 "mount point."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2583
+#: sssd-ldap.5.xml:2619
 msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2627
 msgid "ldap_autofs_entry_value (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2598
+#: sssd-ldap.5.xml:2634
 msgid ""
 "Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
 "automountInformation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2517
+#: sssd-ldap.5.xml:2553
 msgid ""
 "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
 "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -6329,56 +6586,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2609
+#: sssd-ldap.5.xml:2645
 msgid "ADVANCED OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2616
+#: sssd-ldap.5.xml:2652
 msgid "ldap_netgroup_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2621
+#: sssd-ldap.5.xml:2657
 msgid "ldap_user_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2626
+#: sssd-ldap.5.xml:2662
 msgid "ldap_group_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2631
+#: sssd-ldap.5.xml:2667
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2633
+#: sssd-ldap.5.xml:2669
 msgid ""
-"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
+"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
 "memberships, even with no GID mapping. It is recommended to disable this "
 "feature, if group names are not being displayed correctly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2640
+#: sssd-ldap.5.xml:2676
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2642
+#: sssd-ldap.5.xml:2678
 msgid "ldap_sudo_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2647
+#: sssd-ldap.5.xml:2683
 msgid "ldap_autofs_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2611
+#: sssd-ldap.5.xml:2647
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -6386,8 +6643,15 @@ msgid ""
 "\"variablelist\" id=\"1\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2698 sssd-simple.5.xml:131 sssd-ipa.5.xml:717
+#: sssd-ad.5.xml:1018 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+msgid "EXAMPLE"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2664
+#: sssd-ldap.5.xml:2700
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -6395,7 +6659,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2670
+#: sssd-ldap.5.xml:2706
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -6408,26 +6672,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2669 sssd-ldap.5.xml:2687 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:681 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 include/ldap_id_mapping.xml:105
+#: sssd-ldap.5.xml:2705 sssd-ldap.5.xml:2723 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2681
+#: sssd-ldap.5.xml:2717
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2683
+#: sssd-ldap.5.xml:2719
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2688
+#: sssd-ldap.5.xml:2724
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -6443,13 +6708,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2703 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2739 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1041 sssd.8.xml:195 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2705
+#: sssd-ldap.5.xml:2741
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -6637,10 +6902,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:190
-#, fuzzy
-#| msgid "<option>-h</option>,<option>--help</option>"
 msgid "<option>prompt_always</option>"
-msgstr "<option>-h</option>,<option>--help</option>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:194
@@ -6952,9 +7215,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:45
 msgid ""
-"The rules are process by priority while the number '0' (zero)  indicates the "
-"highest priority. The higher the number the lower is the priority. A missing "
-"value indicates the lowest priority."
+"The rules are processed by priority while the number '0' (zero)  indicates "
+"the highest priority. The higher the number the lower is the priority. A "
+"missing value indicates the lowest priority."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
@@ -7038,7 +7301,7 @@ msgstr ""
 #: sss-certmap.5.xml:112
 msgid ""
 "This option can be used to specify which key usage values the certificate "
-"should have. The following value can be used in a comma separate list:"
+"should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
@@ -7415,7 +7678,7 @@ msgid ""
 "exception is the proxy provider which is not of relevance here). Because of "
 "this the mapping rule is based on LDAP search filter syntax with templates "
 "to add certificate content to the filter. It is expected that the filter "
-"will only contain the specific data needed for the mapping an that the "
+"will only contain the specific data needed for the mapping and that the "
 "caller will embed it in another filter to do the actual search. Because of "
 "this the filter string should start and stop with '(' and ')' respectively."
 msgstr ""
@@ -7435,8 +7698,8 @@ msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
 "is that the user specific data in LDAP might change for various reasons "
-"would would break the mapping. On the other hand it would be hard to break "
-"the mapping on purpose for a specific user."
+"would break the mapping. On the other hand it would be hard to break the "
+"mapping on purpose for a specific user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -7530,7 +7793,7 @@ msgstr ""
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
-"represent the first part of the principal before the '@' sign."
+"represents the first part of the principal before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7548,8 +7811,8 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:459
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by pkinit. The 'short_name' component represent the first part of the "
+"This template will add the Kerberos principal which is given by the SAN used "
+"by pkinit. The 'short_name' component represents the first part of the "
 "principal before the '@' sign."
 msgstr ""
 
@@ -7568,9 +7831,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:473
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by AD. The 'short_name' component represent the first part of the "
-"principal before the '@' sign."
+"This template will add the Kerberos principal which is given by the SAN used "
+"by AD. The 'short_name' component represent the first part of the principal "
+"before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -7583,7 +7846,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
-"represent the first part of the address before the '@' sign."
+"represents the first part of the address before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7603,7 +7866,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
-"component represent the first part of the name before the first '.' sign."
+"component represents the first part of the name before the first '.' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7719,7 +7982,7 @@ msgstr ""
 #: sss-certmap.5.xml:367
 msgid ""
 "The templates to add certificate data to the search filter are based on "
-"Python-style formatting strings. They consists of a keyword in curly braces "
+"Python-style formatting strings. They consist of a keyword in curly braces "
 "with an optional sub-component specifier separated by a '.' or an optional "
 "conversion/formatting option separated by a '!'.  Allowed values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -7839,16 +8102,17 @@ msgstr ""
 #: sssd-ipa.5.xml:113
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
+"fully qualified name used in the IPA domain to identify this host.  The "
+"hostname must be fully qualified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121 sssd-ad.5.xml:843
+#: sssd-ipa.5.xml:122 sssd-ad.5.xml:843
 msgid "dyndns_update (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:125
 msgid ""
 "Optional. This option tells SSSD to automatically update the DNS server "
 "built into FreeIPA with the IP address of this client. The update is secured "
@@ -7858,14 +8122,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:133 sssd-ad.5.xml:857
+#: sssd-ipa.5.xml:134 sssd-ad.5.xml:857
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:139
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_update</"
@@ -7873,12 +8137,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:150 sssd-ad.5.xml:868
+#: sssd-ipa.5.xml:151 sssd-ad.5.xml:868
 msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:153 sssd-ad.5.xml:871
+#: sssd-ipa.5.xml:154 sssd-ad.5.xml:871
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -7886,7 +8150,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:159
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
@@ -7894,17 +8158,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:164
+#: sssd-ipa.5.xml:165
 msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:170 sssd-ad.5.xml:882
+#: sssd-ipa.5.xml:171 sssd-ad.5.xml:882
 msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173 sssd-ad.5.xml:885
+#: sssd-ipa.5.xml:174 sssd-ad.5.xml:885
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -7913,7 +8177,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180
+#: sssd-ipa.5.xml:181
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -7921,24 +8185,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:186
+#: sssd-ipa.5.xml:187
 msgid ""
 "Default: Use the IP addresses of the interface which is used for IPA LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:190 sssd-ad.5.xml:896
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:896
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196 sssd-ad.5.xml:947
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:947
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199 sssd-ad.5.xml:950
+#: sssd-ipa.5.xml:200 sssd-ad.5.xml:950
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -7946,22 +8210,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:205 sssd-ad.5.xml:956
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:956
 msgid "Default: GSS-TSIG"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:212
 msgid "ipa_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:197
+#: sssd-ipa.5.xml:215 sssd-ad.5.xml:197
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:218
+#: sssd-ipa.5.xml:219
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, then the SSSD will first attempt location "
@@ -7973,12 +8237,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:237 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:238 sssd-ad.5.xml:902
 msgid "dyndns_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:240
+#: sssd-ipa.5.xml:241
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -7986,234 +8250,276 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:920
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:920
 msgid "dyndns_update_ptr (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:923
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:923
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:261
+#: sssd-ipa.5.xml:262
 msgid ""
 "This option should be False in most IPA deployments as the IPA server "
 "generates the PTR records automatically when forward records are changed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:268
 msgid "Default: False (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273 sssd-ad.5.xml:934
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:934
 msgid "dyndns_force_tcp (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276 sssd-ad.5.xml:937
+#: sssd-ipa.5.xml:277 sssd-ad.5.xml:937
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:941
+#: sssd-ipa.5.xml:281 sssd-ad.5.xml:941
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:286 sssd-ad.5.xml:962
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:962
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:289 sssd-ad.5.xml:965
+#: sssd-ipa.5.xml:290 sssd-ad.5.xml:965
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:294 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:295 sssd-ad.5.xml:970
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:299 sssd-ad.5.xml:975
+#: sssd-ipa.5.xml:300 sssd-ad.5.xml:975
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:304 sssd-ad.5.xml:980
+#: sssd-ipa.5.xml:305 sssd-ad.5.xml:980
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:310
-msgid "ipa_hbac_search_base (string)"
+#: sssd-ipa.5.xml:311
+msgid "ipa_deskprofile_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Optional. Use the given string as search base for HBAC related objects."
+#: sssd-ipa.5.xml:314
+msgid ""
+"Optional. Use the given string as search base for Desktop Profile related "
+"objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:317
+#: sssd-ipa.5.xml:318 sssd-ipa.5.xml:331
 msgid "Default: Use base DN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:324
+msgid "ipa_hbac_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:327
+msgid "Optional. Use the given string as search base for HBAC related objects."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:337
 msgid "ipa_host_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:326
+#: sssd-ipa.5.xml:340
 msgid "Optional. Use the given string as search base for host objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:330 sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 sssd-ipa.5.xml:387
-#: sssd-ipa.5.xml:406
+#: sssd-ipa.5.xml:344 sssd-ipa.5.xml:363 sssd-ipa.5.xml:382 sssd-ipa.5.xml:401
+#: sssd-ipa.5.xml:420
 msgid ""
 "See <quote>ldap_search_base</quote> for information about configuring "
 "multiple search bases."
 msgstr ""
 
 #. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:335 sssd-ipa.5.xml:354 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 include/ldap_search_bases.xml:27
 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:356
 msgid "ipa_selinux_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:345
+#: sssd-ipa.5.xml:359
 msgid "Optional. Use the given string as search base for SELinux user maps."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:375
 msgid "ipa_subdomains_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364
+#: sssd-ipa.5.xml:378
 msgid "Optional. Use the given string as search base for trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:373
+#: sssd-ipa.5.xml:387
 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:380
+#: sssd-ipa.5.xml:394
 msgid "ipa_master_domain_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:383
+#: sssd-ipa.5.xml:397
 msgid "Optional. Use the given string as search base for master domain object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:406
 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:399
+#: sssd-ipa.5.xml:413
 msgid "ipa_views_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:402
+#: sssd-ipa.5.xml:416
 msgid "Optional. Use the given string as search base for views containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:411
+#: sssd-ipa.5.xml:425
 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:435
 msgid ""
 "The name of the Kerberos realm. This is optional and defaults to the value "
 "of <quote>ipa_domain</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:425
+#: sssd-ipa.5.xml:439
 msgid ""
 "The name of the Kerberos realm has a special meaning in IPA - it is "
 "converted into the base DN to use for performing LDAP operations."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:433 sssd-ad.5.xml:989
+#: sssd-ipa.5.xml:447 sssd-ad.5.xml:989
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:436 sssd-ad.5.xml:992
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:992
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:440 sssd-ad.5.xml:996
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:996
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:444 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1000
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:465
+msgid "ipa_deskprofile_refresh (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:468
 msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server. This will reduce the latency and load on the IPA server if there "
+"are many desktop profiles requests made in a short period."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ipa.5.xml:477 sssd-ad.5.xml:408
+#: sssd-ipa.5.xml:475 sssd-ipa.5.xml:505 sssd-ipa.5.xml:521 sssd-ad.5.xml:408
 msgid "Default: 5 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:481
+msgid "ipa_deskprofile_request_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:484
+msgid ""
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server in case the last request did not return any rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:489
+msgid "Default: 60 (minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:495
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:498
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:511
 msgid "ipa_hbac_selinux (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:470
+#: sssd-ipa.5.xml:514
 msgid ""
 "The amount of time between lookups of the SELinux maps against the IPA "
 "server. This will reduce the latency and load on the IPA server if there are "
@@ -8221,192 +8527,192 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:527
 msgid "ipa_server_mode (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:486
+#: sssd-ipa.5.xml:530
 msgid ""
 "This option will be set by the IPA installer (ipa-server-install) "
 "automatically and denotes if SSSD is running on an IPA server or not."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:535
 msgid ""
 "On an IPA server SSSD will lookup users and groups from trusted domains "
 "directly while on a client it will ask an IPA server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:502
+#: sssd-ipa.5.xml:546
 msgid "ipa_automount_location (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:505
+#: sssd-ipa.5.xml:549
 msgid "The automounter location this IPA client will be using"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508
+#: sssd-ipa.5.xml:552
 msgid "Default: The location named \"default\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:516
+#: sssd-ipa.5.xml:560
 msgid "VIEWS AND OVERRIDES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:525
+#: sssd-ipa.5.xml:569
 msgid "ipa_view_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:572
 msgid "Objectclass of the view container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:575
 msgid "Default: nsContainer"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:537
+#: sssd-ipa.5.xml:581
 msgid "ipa_view_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:540
+#: sssd-ipa.5.xml:584
 msgid "Name of the attribute holding the name of the view."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:550
+#: sssd-ipa.5.xml:594
 msgid "ipa_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:597
 msgid "Objectclass of the override objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:556
+#: sssd-ipa.5.xml:600
 msgid "Default: ipaOverrideAnchor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:606
 msgid "ipa_anchor_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:565
+#: sssd-ipa.5.xml:609
 msgid ""
 "Name of the attribute containing the reference to the original object in a "
 "remote domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:613
 msgid "Default: ipaAnchorUUID"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:619
 msgid "ipa_user_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:578
+#: sssd-ipa.5.xml:622
 msgid ""
 "Name of the objectclass for user overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:583
+#: sssd-ipa.5.xml:627
 msgid "User overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:586
+#: sssd-ipa.5.xml:630
 msgid "ldap_user_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:589
+#: sssd-ipa.5.xml:633
 msgid "ldap_user_uid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:592
+#: sssd-ipa.5.xml:636
 msgid "ldap_user_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:595
+#: sssd-ipa.5.xml:639
 msgid "ldap_user_gecos"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:598
+#: sssd-ipa.5.xml:642
 msgid "ldap_user_home_directory"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:601
+#: sssd-ipa.5.xml:645
 msgid "ldap_user_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:604
+#: sssd-ipa.5.xml:648
 msgid "ldap_user_ssh_public_key"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:653
 msgid "Default: ipaUserOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:615
+#: sssd-ipa.5.xml:659
 msgid "ipa_group_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:618
+#: sssd-ipa.5.xml:662
 msgid ""
 "Name of the objectclass for group overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:623
+#: sssd-ipa.5.xml:667
 msgid "Group overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:626
+#: sssd-ipa.5.xml:670
 msgid "ldap_group_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:629
+#: sssd-ipa.5.xml:673
 msgid "ldap_group_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
+#: sssd-ipa.5.xml:678
 msgid "Default: ipaGroupOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:518
+#: sssd-ipa.5.xml:562
 msgid ""
 "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
 "later version. Since all paths and objectclasses are fixed on the server "
@@ -8416,19 +8722,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:646
+#: sssd-ipa.5.xml:690
 msgid "SUBDOMAINS PROVIDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:692
 msgid ""
 "The IPA subdomains provider behaves slightly differently if it is configured "
 "explicitly or implicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:652
+#: sssd-ipa.5.xml:696
 msgid ""
 "If the option 'subdomains_provider = ipa' is found in the domain section of "
 "sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -8436,7 +8742,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:658
+#: sssd-ipa.5.xml:702
 msgid ""
 "If the option 'subdomains_provider' is not set in the domain section of sssd."
 "conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -8448,7 +8754,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:675
+#: sssd-ipa.5.xml:719
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -8456,7 +8762,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:682
+#: sssd-ipa.5.xml:726
 #, no-wrap
 msgid ""
 "[domain/example.com]\n"
@@ -9344,10 +9650,10 @@ msgstr ""
 #: sssd-ad.5.xml:828
 msgid ""
 "This option should only be used to test the machine account renewal task. "
-"The option expect 2 integers seperated by a colon (':'). The first integer "
+"The option expects 2 integers separated by a colon (':'). The first integer "
 "defines the interval in seconds how often the task is run. The second "
-"specifies the inital timeout in seconds before the task is run for the first "
-"time after startup."
+"specifies the initial timeout in seconds before the task is run for the "
+"first time after startup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -9451,8 +9757,8 @@ msgid ""
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
+#. type: Content of: <reference><refentry><refmeta><refentrytitle>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
 msgid "sssd-sudo"
 msgstr ""
 
@@ -9775,12 +10081,12 @@ msgid "Run in the foreground, don't become a daemon."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117 sss_debuglevel.8.xml:42
+#: sssd.8.xml:117
 msgid "<option>-c</option>,<option>--config</option>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121 sss_debuglevel.8.xml:46
+#: sssd.8.xml:121
 msgid ""
 "Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
 "conf</filename>. For reference on the config file syntax and options, "
@@ -9963,19 +10269,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_override.8.xml:21
-#, fuzzy
-#| msgid ""
-#| "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-#| "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-#| "arg>"
 msgid ""
 "<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</"
 "replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
 "arg>"
 msgstr ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>volby</"
-"replaceable> </arg> <arg choice='plain'><replaceable>SKUPINA</replaceable></"
-"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:32
@@ -10044,12 +10342,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:94
-#, fuzzy
-#| msgid "<option>-h</option>,<option>--help</option>"
 msgid ""
 "<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
 "optional>"
-msgstr "<option>-h</option>,<option>--help</option>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:99
@@ -10216,10 +10512,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sss_override.8.xml:261 sssctl.8.xml:50
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "COMMON OPTIONS"
-msgstr "VOLBY"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:263 sssctl.8.xml:52
@@ -11426,12 +11720,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:186
-#, fuzzy
-#| msgid "<option>-h</option>,<option>--help</option>"
 msgid ""
 "<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
 "replaceable>"
-msgstr "<option>-h</option>,<option>--help</option>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:191
@@ -11440,10 +11732,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:197
-#, fuzzy
-#| msgid "<option>-h</option>,<option>--help</option>"
 msgid "<option>-R</option>,<option>--sudo-rules</option>"
-msgstr "<option>-h</option>,<option>--help</option>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:201
@@ -11471,7 +11761,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_debuglevel.8.xml:16
-msgid "change debug level while SSSD is running"
+msgid "[DEPRECATED] change debug level while SSSD is running"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
@@ -11485,14 +11775,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_debuglevel.8.xml:32
 msgid ""
-"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
-"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
-"running."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_debuglevel.8.xml:59
-msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl "
+"debug-level command. Please refer to the <command>sssctl</command> man page "
+"for more information on sssctl usage."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
@@ -11889,7 +12174,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><title>
-#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:182 include/seealso.xml:2
+#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:180 include/seealso.xml:2
 msgid "SEE ALSO"
 msgstr "VIZ TAKÉ"
 
@@ -12062,7 +12347,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: idmap_sss.8.xml:16
-msgid "SSSSD's idmap_sss Backend for Winbind"
+msgid "SSSD's idmap_sss Backend for Winbind"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
@@ -12074,10 +12359,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: idmap_sss.8.xml:29
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "IDMAP OPTIONS"
-msgstr "VOLBY"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: idmap_sss.8.xml:33
@@ -12091,11 +12374,6 @@ msgid ""
 "authoritative."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><title>
-#: idmap_sss.8.xml:43
-msgid "EXAMPLES"
-msgstr ""
-
 #. type: Content of: <reference><refentry><refsect1><para>
 #: idmap_sss.8.xml:45
 msgid ""
@@ -12127,19 +12405,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sssctl.8.xml:21
-#, fuzzy
-#| msgid ""
-#| "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-#| "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-#| "arg>"
 msgid ""
 "<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</"
 "replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
 "arg>"
 msgstr ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>volby</"
-"replaceable> </arg> <arg choice='plain'><replaceable>SKUPINA</replaceable></"
-"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssctl.8.xml:32
@@ -12269,20 +12539,53 @@ msgid ""
 "nested."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:69
+msgid "secrets"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:70
+msgid "secrets for general usage"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:73
+msgid "kcm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:75
+msgid ""
+"used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:61
+msgid ""
+"Since the secrets responder can be used both externally to store general "
+"secrets, as described in the rest of this man page, but also internally by "
+"other SSSD components to store their secret material, some configuration "
+"options, like quotas can be configured per <quote>hive</quote> in a "
+"configuration subsection named after the hive. The currently supported hives "
+"are: <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:63
+#: sssd-secrets.5.xml:89
 msgid "USING THE SECRETS RESPONDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:65
+#: sssd-secrets.5.xml:91
 msgid ""
 "The UNIX socket the SSSD responder listens on is located at <filename>/var/"
 "run/secrets.socket</filename>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:84 sssd-kcm.8.xml:132
+#: sssd-secrets.5.xml:110
 #, no-wrap
 msgid ""
 "systemctl start sssd-secrets.socket\n"
@@ -12292,7 +12595,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:69
+#: sssd-secrets.5.xml:95
 msgid ""
 "The secrets responder is socket-activated by <citerefentry> "
 "<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </"
@@ -12307,7 +12610,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:96
+#: sssd-secrets.5.xml:122
 msgid ""
 "The generic SSSD responder options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the secrets responder.  Please refer "
@@ -12316,18 +12619,27 @@ msgid ""
 "there are some secrets-specific options as well."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:132
+msgid ""
+"The secrets responder is configured with a global <quote>[secrets]</quote> "
+"section and an optional per-user <quote>[secrets/users/$uid]</quote> section "
+"in <filename>sssd.conf</filename>. Please note that some options, notably as "
+"the provider type, can only be specified in the per-user subsections."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:107
+#: sssd-secrets.5.xml:141
 msgid "provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:120
+#: sssd-secrets.5.xml:157
 msgid "local"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:123
+#: sssd-secrets.5.xml:160
 msgid ""
 "The secrets are stored in a local database, encrypted at rest with a master "
 "key. The local provider does not have any additional config options at the "
@@ -12335,141 +12647,190 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:131
+#: sssd-secrets.5.xml:168
 msgid "proxy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:134
+#: sssd-secrets.5.xml:171
 msgid ""
 "The secrets responder forwards the requests to a Custodia server. The proxy "
 "provider supports several additional options (see below)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:110
+#: sssd-secrets.5.xml:144
 msgid ""
 "This option specifies where should the secrets be stored. The secrets "
-"responder can configure a per-user subsections that define which provider "
-"store the secrets for this particular user. The per-user subsections should "
-"contain all options for that user's provider. If a per-user section does not "
-"exist, the global settings from the secret responder's section are used.  "
-"The following providers are supported: <placeholder type=\"variablelist\" id="
-"\"0\"/>"
+"responder can configure a per-user subsections (e.g. <quote>[secrets/"
+"users/123]</quote> - see bottom of this manual page for a full example using "
+"Custodia for a particular user) that define which provider store the secrets "
+"for this particular user. The per-user subsections should contain all "
+"options for that user's provider. Please note that currently the global "
+"provider is always local, the proxy provider can only be specified in a per-"
+"user section. The following providers are supported: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:143
+#: sssd-secrets.5.xml:180
 msgid "Default: local"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:186
+msgid ""
+"The following options affect only the secrets <quote>hive</quote> and "
+"therefore should be set in a per-hive subsection. Setting the option to 0 "
+"means \"unlimited\"."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:148
+#: sssd-secrets.5.xml:192
 msgid "containers_nest_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:151
+#: sssd-secrets.5.xml:195
 msgid "This option specifies the maximum allowed number of nested containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:155
+#: sssd-secrets.5.xml:199
 msgid "Default: 4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:160
+#: sssd-secrets.5.xml:204
 msgid "max_secrets (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:163
-msgid "This option specifies the maximum number of secrets that can be stored."
+#: sssd-secrets.5.xml:207
+msgid ""
+"This option specifies the maximum number of secrets that can be stored in "
+"the hive."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:211
+msgid "Default: 1024 (secrets hive), 256 (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:216
+msgid "max_uid_secrets (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:219
+msgid ""
+"This option specifies the maximum number of secrets that can be stored per-"
+"UID in the hive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:167
-msgid "Default: 1024"
+#: sssd-secrets.5.xml:223
+msgid "Default: 256 (secrets hive), 64 (kcm hive)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:172
+#: sssd-secrets.5.xml:228
 msgid "max_payload_size (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:175
+#: sssd-secrets.5.xml:231
 msgid ""
 "This option specifies the maximum payload size allowed for a secret payload "
 "in kilobytes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:179
-msgid "Default: 16"
+#: sssd-secrets.5.xml:235
+msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-secrets.5.xml:244
+#, no-wrap
+msgid ""
+"[secrets/secrets]\n"
+"max_payload_size = 128\n"
+"\n"
+"[secrets/kcm]\n"
+"max_payload_size = 256\n"
+"            "
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:185
+#: sssd-secrets.5.xml:241
+msgid ""
+"For example, to adjust quotas differently for both the <quote>secrets</"
+"quote> and the <quote>kcm</quote> hives, configure the following: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:252
 msgid ""
 "The following options are only applicable for configurations that use the "
 "<quote>proxy</quote> provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:190
+#: sssd-secrets.5.xml:257
 msgid "proxy_url (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:193
+#: sssd-secrets.5.xml:260
 msgid ""
 "The URL the Custodia server is listening on. At the moment, http and https "
 "protocols are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:200
+#: sssd-secrets.5.xml:267
 msgid "http[s]://&lt;host&gt;[:port]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:203
+#: sssd-secrets.5.xml:270
 msgid "Example: http://localhost:8080"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:208
+#: sssd-secrets.5.xml:275
 msgid "auth_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:211
+#: sssd-secrets.5.xml:278
 msgid ""
 "The method to use when authenticating to a Custodia server. The following "
 "authentication methods are supported:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:216
+#: sssd-secrets.5.xml:283
 msgid "basic_auth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:219
+#: sssd-secrets.5.xml:286
 msgid ""
 "Authenticate with a username and a password as set in the <quote>username</"
 "quote> and <quote>password</quote> options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:226
+#: sssd-secrets.5.xml:293
 msgid "header"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:229
+#: sssd-secrets.5.xml:296
 msgid ""
 "Authenticate with HTTP header value as defined in the "
 "<quote>auth_header_name</quote> and <quote>auth_header_value</quote> "
@@ -12477,12 +12838,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:240
+#: sssd-secrets.5.xml:307
 msgid "auth_header_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:243
+#: sssd-secrets.5.xml:310
 msgid ""
 "If set, the secrets responder would put a header with this name into the "
 "HTTP request with the value defined in the <quote>auth_header_value</quote> "
@@ -12490,81 +12851,81 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:248
+#: sssd-secrets.5.xml:315
 msgid "Example: MYSECRETNAME"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:253
+#: sssd-secrets.5.xml:320
 msgid "auth_header_value (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:256
+#: sssd-secrets.5.xml:323
 msgid ""
 "The value sssd-secrets would use for the <quote>auth_header_name</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:260
+#: sssd-secrets.5.xml:327
 msgid "Example: mysecret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:265
+#: sssd-secrets.5.xml:332
 msgid "forward_headers (list of strings)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:268
+#: sssd-secrets.5.xml:335
 msgid ""
 "The list of HTTP headers to forward to the Custodia server together with the "
 "request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:277
+#: sssd-secrets.5.xml:344
 msgid "verify_peer (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:280
+#: sssd-secrets.5.xml:347
 msgid ""
 "Whether peer's certificate should be verified and valid if HTTPS protocol is "
 "used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:289
+#: sssd-secrets.5.xml:356
 msgid "verify_host (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:292
+#: sssd-secrets.5.xml:359
 msgid ""
 "Whether peer's hostname must match with hostname in its certificate if HTTPS "
 "protocol is used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:302
+#: sssd-secrets.5.xml:369
 msgid "capath (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:305
+#: sssd-secrets.5.xml:372
 msgid ""
 "Path to directory containing stored certificate authority certificates. "
 "System default path is used if this option is not set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:315
+#: sssd-secrets.5.xml:382
 msgid "cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:318
+#: sssd-secrets.5.xml:385
 msgid ""
 "Path to file containing server's certificate authority certificate. If this "
 "option is not set then the CA's certificate is looked up in <quote>capath</"
@@ -12572,12 +12933,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:328
+#: sssd-secrets.5.xml:395
 msgid "cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:331
+#: sssd-secrets.5.xml:398
 msgid ""
 "Path to file containing client's certificate if required by the server. This "
 "file may also contain private key or the private key may be in separate file "
@@ -12585,22 +12946,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:342
+#: sssd-secrets.5.xml:409
 msgid "key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:345
+#: sssd-secrets.5.xml:412
 msgid "Path to file containing client's private key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:355
+#: sssd-secrets.5.xml:422
 msgid "USING THE REST API"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:357
+#: sssd-secrets.5.xml:424
 msgid ""
 "This section lists the available commands and includes examples using the "
 "<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> "
@@ -12615,19 +12976,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:374
+#: sssd-secrets.5.xml:441
 msgid "Listing secrets"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:377
+#: sssd-secrets.5.xml:444
 msgid ""
 "To list the available secrets, send a HTTP GET request with a trailing slash "
 "appended to the container path."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:383
+#: sssd-secrets.5.xml:450
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12637,19 +12998,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:391
+#: sssd-secrets.5.xml:458
 msgid "Retrieving a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:394
+#: sssd-secrets.5.xml:461
 msgid ""
 "To read a value of a single secret, send a HTTP GET request without a "
 "trailing slash. The last portion of the URI is the name of the secret."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:401
+#: sssd-secrets.5.xml:468
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12659,7 +13020,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:406
+#: sssd-secrets.5.xml:473
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -12669,19 +13030,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:399
+#: sssd-secrets.5.xml:466
 msgid ""
 "Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
 "\"programlisting\" id=\"1\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:414
+#: sssd-secrets.5.xml:481
 msgid "Setting a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:417
+#: sssd-secrets.5.xml:484
 msgid ""
 "To set a secret using the <quote>application/json</quote> type, send a HTTP "
 "PUT request with a JSON payload that includes type and value. The type "
@@ -12690,14 +13051,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:425
+#: sssd-secrets.5.xml:492
 msgid ""
 "The <quote>application/json</quote> type just sends the secret as the "
 "message payload."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:434
+#: sssd-secrets.5.xml:501
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12708,7 +13069,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:440
+#: sssd-secrets.5.xml:507
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -12719,7 +13080,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:429
+#: sssd-secrets.5.xml:496
 msgid ""
 "The following example sets a secret named 'foo' to a value of 'foosecret' "
 "and a secret named 'bar' to a value of 'barsecret' using a different Content "
@@ -12728,12 +13089,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:449
+#: sssd-secrets.5.xml:516
 msgid "Creating a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:452
+#: sssd-secrets.5.xml:519
 msgid ""
 "Containers provide an additional namespace for this user's secrets. To "
 "create a container, send a HTTP POST request, whose URI ends with the "
@@ -12741,7 +13102,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:462
+#: sssd-secrets.5.xml:529
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12751,14 +13112,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:459
+#: sssd-secrets.5.xml:526
 msgid ""
 "The following example creates a container named 'mycontainer': <placeholder "
 "type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:471
+#: sssd-secrets.5.xml:538
 #, no-wrap
 msgid ""
 "http://localhost/secrets/mycontainer/mysecret\n"
@@ -12766,26 +13127,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:468
+#: sssd-secrets.5.xml:535
 msgid ""
 "To manipulate secrets under this container, just nest the secrets underneath "
 "the container path: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:477
+#: sssd-secrets.5.xml:544
 msgid "Deleting a secret or a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:480
+#: sssd-secrets.5.xml:547
 msgid ""
 "To delete a secret or a container, send a HTTP DELETE request with a path to "
 "the secret or the container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:486
+#: sssd-secrets.5.xml:553
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12795,19 +13156,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:484
+#: sssd-secrets.5.xml:551
 msgid ""
 "The following example deletes a secret named 'foo'.  <placeholder type="
 "\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:496
+#: sssd-secrets.5.xml:563
 msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:498
+#: sssd-secrets.5.xml:565
 msgid ""
 "For testing the proxy provider, you need to set up a Custodia server to "
 "proxy requests to. Please always consult the Custodia documentation, the "
@@ -12815,7 +13176,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:509
+#: sssd-secrets.5.xml:576
 #, no-wrap
 msgid ""
 "[global]\n"
@@ -12845,7 +13206,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:503
+#: sssd-secrets.5.xml:570
 msgid ""
 "This configuration will set up a Custodia server listening on http://"
 "localhost:8080, allowing anyone with header named MYSECRETNAME set to "
@@ -12855,14 +13216,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:535
+#: sssd-secrets.5.xml:602
 msgid ""
 "Then run the <replaceable>custodia</replaceable> command, pointing it at the "
 "config file as a command line argument."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:539
+#: sssd-secrets.5.xml:606
 msgid ""
 "Please note that currently it's not possible to proxy all requests globally "
 "to a Custodia instance. Instead, per-user subsections for user IDs that "
@@ -12873,7 +13234,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><programlisting>
-#: sssd-secrets.5.xml:547
+#: sssd-secrets.5.xml:614
 #, no-wrap
 msgid ""
 "[secrets]\n"
@@ -12888,6 +13249,71 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-session-recording.5.xml:16
+msgid "sssd-session-recording"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-session-recording.5.xml:17
+msgid "Configuring session recording with SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:23
+msgid ""
+"This manual page describes how to configure <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to "
+"implement user session recording on text terminals.  For a detailed "
+"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> "
+"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:41
+msgid ""
+"SSSD can be set up to enable recording of everything specific users see or "
+"type during their sessions on text terminals. E.g.  when users log in on the "
+"console, or via SSH. SSSD itself doesn't record anything, but makes sure "
+"tlog-rec-session is started upon user login, so it can record according to "
+"its configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:48
+msgid ""
+"For users with session recording enabled, SSSD replaces the user shell with "
+"tlog-rec-session in NSS responses, and adds a variable specifying the "
+"original shell to the user environment, upon PAM session setup. This way "
+"tlog-rec-session can be started in place of the user shell, and know which "
+"actual shell to start, once it set up the recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:60
+msgid "These options can be used to configure the session recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:146
+msgid ""
+"The following snippet of sssd.conf enables session recording for users "
+"\"contractor1\" and \"contractor2\", and group \"students\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-session-recording.5.xml:151
+#, no-wrap
+msgid ""
+"[session_recording]\n"
+"scope = some\n"
+"users = contractor1, contractor2\n"
+"groups = students\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
 msgid "sssd-kcm"
 msgstr ""
@@ -13004,7 +13430,6 @@ msgstr ""
 msgid ""
 "systemctl start sssd-kcm.socket\n"
 "systemctl enable sssd-kcm.socket\n"
-"systemctl enable sssd-kcm.service\n"
 "            "
 msgstr ""
 
@@ -13021,12 +13446,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-kcm.8.xml:123
+#: sssd-kcm.8.xml:122
 msgid "THE CREDENTIAL CACHE STORAGE"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:131
+#, no-wrap
+msgid ""
+"systemctl start sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.socket\n"
+"            "
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:125
+#: sssd-kcm.8.xml:124
 msgid ""
 "The credential caches are stored in the SSSD secrets service (see "
 "<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
@@ -13037,7 +13471,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:143
+#: sssd-kcm.8.xml:141
 msgid ""
 "The KCM service is configured in the <quote>kcm</quote> section of the sssd."
 "conf file. Please note that currently, is it not sufficient to restart the "
@@ -13050,7 +13484,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:157
+#: sssd-kcm.8.xml:155
 msgid ""
 "The generic SSSD service options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the kcm service.  Please refer to "
@@ -13060,28 +13494,408 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-kcm.8.xml:168
+#: sssd-kcm.8.xml:166
 msgid "socket_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:171
+#: sssd-kcm.8.xml:169
 msgid "The socket the KCM service will listen on."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:174
+#: sssd-kcm.8.xml:172
 msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:184
+#: sssd-kcm.8.xml:182
 msgid ""
 "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>,"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
+msgid "sssd-systemtap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-systemtap.5.xml:17
+msgid "SSSD systemtap information"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:23
+msgid ""
+"This manual page provides information about the systemtap functionality in "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:32
+msgid ""
+"SystemTap Probe points have been added into various locations in SSSD code "
+"to assist in troubleshooting and analyzing performance related issues."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:40
+msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:46
+msgid ""
+"Probes and miscellaneous functions are defined in /usr/share/systemtap/"
+"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp "
+"respectively."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-systemtap.5.xml:57
+msgid "PROBE POINTS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:341
+msgid ""
+"The information below lists the probe points and arguments available in the "
+"following format:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:64
+msgid "probe $name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:67
+msgid "Description of probe point"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:70
+#, no-wrap
+msgid ""
+"variable1:datatype\n"
+"variable2:datatype\n"
+"variable3:datatype\n"
+"...\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:80
+msgid "Database Transaction Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:84
+msgid "probe sssd_transaction_start"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:87
+msgid ""
+"Start of a sysdb transaction, probes the sysdb_transaction_start() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118
+#: sssd-systemtap.5.xml:131
+#, no-wrap
+msgid ""
+"nesting:integer\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:97
+msgid "probe sssd_transaction_cancel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:100
+msgid ""
+"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel()  "
+"function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:111
+msgid "probe sssd_transaction_commit_before"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:114
+msgid "Probes the sysdb_transaction_commit_before()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:124
+msgid "probe sssd_transaction_commit_after"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:127
+msgid "Probes the sysdb_transaction_commit_after()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:141
+msgid "LDAP Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:145
+msgid "probe sdap_search_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:148
+msgid "Probes the sdap_get_generic_ext_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:152 sssd-systemtap.5.xml:167 sssd-systemtap.5.xml:196
+#, no-wrap
+msgid ""
+"base:string\n"
+"scope:integer\n"
+"filter:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:160
+msgid "probe sdap_search_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:163
+msgid "Probes the sdap_get_generic_ext_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:175
+msgid "probe sdap_deref_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:178
+msgid "Probes the sdap_deref_search_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:182
+#, no-wrap
+msgid ""
+"base_dn:string\n"
+"deref_attr:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:189
+msgid "probe sdap_deref_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:192
+msgid "Probes the sdap_deref_search_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:208
+msgid "LDAP Account Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:212
+msgid "probe sdap_acct_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:215
+msgid "Probes the sdap_acct_req_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:219 sssd-systemtap.5.xml:234
+#, no-wrap
+msgid ""
+"entry_type:int\n"
+"filter_type:int\n"
+"filter_value:string\n"
+"extra_value:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:227
+msgid "probe sdap_acct_req_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:230
+msgid "Probes the sdap_acct_req_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:246
+msgid "LDAP User Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:250
+msgid "probe sdap_search_user_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:253
+msgid "Probes the sdap_search_user_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
+#: sssd-systemtap.5.xml:293
+#, no-wrap
+msgid ""
+"filter:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:262
+msgid "probe sdap_search_user_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:265
+msgid "Probes the sdap_search_user_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:274
+msgid "probe sdap_search_user_save_begin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:277
+msgid "Probes the sdap_search_user_save_begin()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:286
+msgid "probe sdap_search_user_save_end"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:289
+msgid "Probes the sdap_search_user_save_end()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:302
+msgid "Data Provider Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:306
+msgid "probe dp_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:309
+msgid "A Data Provider request is submitted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:312
+#, no-wrap
+msgid ""
+"dp_req_domain:string\n"
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:320
+msgid "probe dp_req_done"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:323
+msgid "A Data Provider request is completed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:326
+#, no-wrap
+msgid ""
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"dp_ret:int\n"
+"dp_errorstr:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:339
+msgid "MISCELLANEOUS FUNCTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:346
+msgid "function acct_req_desc(entry_type)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:349
+msgid "Convert entry_type to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:354
+msgid ""
+"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
+"filter_value, extra_value)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:358
+msgid "Create probe string based on filter type"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:363
+msgid "function dp_target_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:366
+msgid "Convert target to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:371
+msgid "function dp_method_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:374
+msgid "Convert method to string and return string"
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
 msgid "SERVICE DISCOVERY"
@@ -13150,16 +13964,10 @@ msgstr ""
 
 #. type: Content of: <refentryinfo>
 #: include/upstream.xml:2
-#, fuzzy
-#| msgid ""
-#| "<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-#| "fedorahosted.org/sssd</orgname>"
 msgid ""
 "<productname>SSSD</productname> <orgname>The SSSD upstream - https://pagure."
 "io/SSSD/sssd/</orgname>"
 msgstr ""
-"<productname>SSSD</productname> <orgname>Vývojáři SSSD - http://fedorahosted."
-"org/sssd</orgname>"
 
 #. type: Content of: outside any tag (error?)
 #: include/upstream.xml:1
@@ -13237,6 +14045,67 @@ msgid ""
 "offline mode, and then attempts to reconnect every 30 seconds."
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:53
+msgid "Failover time outs and tuning"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:55
+msgid ""
+"Resolving a server to connect to can be as simple as running a single DNS "
+"query or can involve several steps, such as finding the correct site or "
+"trying out multiple host names in case some of the configured servers are "
+"not reachable. The more complex scenarios can take some time and SSSD needs "
+"to balance between providing enough time to finish the resolution process "
+"but on the other hand, not trying for too long before falling back to "
+"offline mode. If the SSSD debug logs show that the server resolution is "
+"timing out before a live server is contacted, you can consider changing the "
+"time outs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:76
+msgid "dns_resolver_op_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:80
+msgid "How long would SSSD talk to a single DNS server."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:86
+msgid "dns_resolver_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:90
+msgid ""
+"How long would SSSD try to resolve a failover service. This service "
+"resolution internally might include several steps, such as resolving DNS SRV "
+"queries or locating the site."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:67
+msgid ""
+"This section lists the available tunables. Please refer to their description "
+"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, manual page.  <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:100
+msgid ""
+"For LDAP-based providers, the resolve operation is performed as part of an "
+"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"quote> timeout should be set to a larger value than "
+"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
+"value than <quote>dns_resolver_op_timeout</quote>."
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/ldap_id_mapping.xml:2
 msgid "ID MAPPING"
@@ -13816,34 +14685,37 @@ msgid ""
 "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> "
 "<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
+"citerefentry>, </phrase> <citerefentry> <refentrytitle>sssd-session-"
+"recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, "
+"<citerefentry> <refentrytitle>sss_cache</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
-"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
+"\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
 "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>.  <citerefentry> "
 "<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
+"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
+"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> </phrase>"
 msgstr ""
 
 #. type: Content of: <listitem><para>
@@ -14134,42 +15006,37 @@ msgstr ""
 msgid "ldap_user_auth_type = ipaUserAuthType"
 msgstr ""
 
-#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:88
-msgid "ldap_user_certificate = userCertificate;binary"
-msgstr ""
-
 #. type: Content of: <refsect1><refsect2><title>
-#: include/ipa_modified_defaults.xml:94
+#: include/ipa_modified_defaults.xml:89
 msgid "LDAP Provider - Group options"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:98
+#: include/ipa_modified_defaults.xml:93
 msgid "ldap_group_object_class = ipaUserGroup"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:103
+#: include/ipa_modified_defaults.xml:98
 msgid "ldap_group_object_class_alt = posixGroup"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:108
+#: include/ipa_modified_defaults.xml:103
 msgid "ldap_group_member = member"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:113
+#: include/ipa_modified_defaults.xml:108
 msgid "ldap_group_uuid = ipaUniqueID"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:118
+#: include/ipa_modified_defaults.xml:113
 msgid "ldap_group_objectsid = ipaNTSecurityIdentifier"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:123
+#: include/ipa_modified_defaults.xml:118
 msgid "ldap_group_external_member = ipaExternalMember"
 msgstr ""
diff --git a/src/man/po/de.po b/src/man/po/de.po
index a60a70b7a..99520311d 100644
--- a/src/man/po/de.po
+++ b/src/man/po/de.po
@@ -8,9 +8,9 @@
 # Mario Blättermann <mario.blaettermann@gmail.com>, 2014
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.12.90\n"
+"Project-Id-Version: sssd-docs 1.15.3\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2017-07-25 11:51+0200\n"
+"POT-Creation-Date: 2017-10-20 16:15+0200\n"
 "PO-Revision-Date: 2014-12-14 11:53-0500\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: German (http://www.transifex.com/projects/p/sssd/language/"
@@ -32,7 +32,8 @@ msgstr ""
 #: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
 #: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
 #: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5
-#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-kcm.8.xml:5
+#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-session-recording.5.xml:5
+#: sssd-kcm.8.xml:5 sssd-systemtap.5.xml:5
 msgid "SSSD Manual pages"
 msgstr "SSSD-Handbuchseiten"
 
@@ -77,7 +78,8 @@ msgstr ""
 #: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31
 #: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
 #: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30
-#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-kcm.8.xml:21
+#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-session-recording.5.xml:21
+#: sssd-kcm.8.xml:21 sssd-systemtap.5.xml:21
 msgid "DESCRIPTION"
 msgstr "BESCHREIBUNG"
 
@@ -94,8 +96,8 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "OPTIONEN"
 
@@ -147,7 +149,8 @@ msgstr "sssd.conf"
 #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
 #: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11
 #: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
-#: sssd-files.5.xml:11 sssd-secrets.5.xml:11
+#: sssd-files.5.xml:11 sssd-secrets.5.xml:11 sssd-session-recording.5.xml:11
+#: sssd-systemtap.5.xml:11
 msgid "5"
 msgstr "5"
 
@@ -155,7 +158,8 @@ msgstr "5"
 #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
 #: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12
 #: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
-#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-kcm.8.xml:12
+#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-session-recording.5.xml:12
+#: sssd-kcm.8.xml:12 sssd-systemtap.5.xml:12
 msgid "File Formats and Conventions"
 msgstr "Dateiformate und Konventionen"
 
@@ -295,10 +299,8 @@ msgstr "debug_level (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:112
-#, fuzzy
-#| msgid "debug_level (integer)"
 msgid "debug (integer)"
-msgstr "debug_level (Ganzzahl)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:115
@@ -322,11 +324,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:813
-#: sssd.conf.5.xml:1422 sssd-ldap.5.xml:1695 sssd-ldap.5.xml:1792
-#: sssd-ldap.5.xml:1854 sssd-ldap.5.xml:2411 sssd-ldap.5.xml:2476
-#: sssd-ldap.5.xml:2494 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:284 sssd-secrets.5.xml:297
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
+#: sssd.conf.5.xml:1467 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1881 sssd-ldap.5.xml:2447 sssd-ldap.5.xml:2512
+#: sssd-ldap.5.xml:2530 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
+#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr "Voreinstellung: »true«"
 
@@ -343,17 +345,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:697
-#: sssd.conf.5.xml:1376 sssd.conf.5.xml:2691 sssd-ldap.5.xml:708
-#: sssd-ldap.5.xml:1569 sssd-ldap.5.xml:1588 sssd-ldap.5.xml:1764
-#: sssd-ldap.5.xml:2181 sssd-ipa.5.xml:144 sssd-ipa.5.xml:231
-#: sssd-ipa.5.xml:496 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
+#: sssd.conf.5.xml:1400 sssd.conf.5.xml:2865 sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:1596 sssd-ldap.5.xml:1615 sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:2217 sssd-ipa.5.xml:145 sssd-ipa.5.xml:232
+#: sssd-ipa.5.xml:540 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
 #: sssd-krb5.5.xml:471
 msgid "Default: false"
 msgstr "Voreinstellung: »false«"
 
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2219
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2255
+#: sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:210
+#: sssd-systemtap.5.xml:248 sssd-systemtap.5.xml:304
 msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
 
@@ -369,22 +373,15 @@ msgstr "timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:162
-#, fuzzy
-#| msgid ""
-#| "Timeout in seconds between heartbeats for this service. This is used to "
-#| "ensure that the process is alive and capable of answering requests."
 msgid ""
 "Timeout in seconds between heartbeats for this service. This is used to "
 "ensure that the process is alive and capable of answering requests. Note "
 "that after three missed heartbeats the process will terminate itself."
 msgstr ""
-"Zeitüberschreitung in Sekunden zwischen Herzschlägen dieses Dienstes. Dies "
-"dient dazu, sicherzustellen, dass ein Prozess läuft und in der Lage ist, "
-"Anfragen zu beantworten."
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1328 sssd.conf.5.xml:2707
-#: sssd-ldap.5.xml:1440 include/ldap_id_mapping.xml:264
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1352 sssd.conf.5.xml:2881
+#: sssd-ldap.5.xml:1467 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr "Voreinstellung: 10"
 
@@ -399,7 +396,7 @@ msgid "The [sssd] section"
 msgstr "Der Abschnitt [sssd]"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:2796
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:2970
 msgid "Section parameters"
 msgstr "Abschnittsparameter"
 
@@ -453,12 +450,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:589
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
 msgid "reconnection_retries (integer)"
 msgstr "reconnection_retries (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:592
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
@@ -468,7 +465,7 @@ msgstr ""
 "startet."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:597
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
 msgid "Default: 3"
 msgstr "Voreinstellung: 3"
 
@@ -488,7 +485,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2508
 msgid "re_expression (string)"
 msgstr "re_expression (Zeichenkette)"
 
@@ -504,28 +501,19 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:267
-#, fuzzy
-#| msgid ""
-#| "Each domain can have an individual regular expression configured. For "
-#| "some ID providers there are also default regular expressions.  See DOMAIN "
-#| "SECTIONS for more info on these regular expressions."
 msgid ""
 "Each domain can have an individual regular expression configured. For some "
 "ID providers there are also default regular expressions. See DOMAIN SECTIONS "
 "for more info on these regular expressions."
 msgstr ""
-"Für jede Domain kann ein individueller regulärer Ausdruck konfiguriert "
-"werden. Für einige ID-Anbieter gibt es auch voreingestellte reguläre "
-"Ausdrücke. Weitere Informationen über diese regulären Ausdrücke finden Sie "
-"unter DOMAIN-ABSCHNITTE."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2391
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2559
 msgid "full_name_format (string)"
 msgstr "full_name_format (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2394
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2562
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -537,32 +525,32 @@ msgstr ""
 "zusammengestellt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2405
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2573
 msgid "%1$s"
 msgstr "%1$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2574
 msgid "user name"
 msgstr "Benutzername"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2577
 msgid "%2$s"
 msgstr "%2$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2412
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2580
 msgid "domain name as specified in the SSSD config file."
 msgstr "Domain-Name, wie er durch die SSSD-Konfigurationsdatei angegeben wird"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2418
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2586
 msgid "%3$s"
 msgstr "%3$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2421
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2589
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
@@ -571,7 +559,7 @@ msgstr ""
 "direkt konfiguriert als auch über IPA-Trust"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2402
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2570
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -725,11 +713,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1132 sssd-ldap.5.xml:679
-#: sssd-ldap.5.xml:1528 sssd-ldap.5.xml:1540 sssd-ldap.5.xml:1622
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1156 sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:1555 sssd-ldap.5.xml:1567 sssd-ldap.5.xml:1649
 #: sssd-ad.5.xml:667 sssd-ad.5.xml:742 sssd-krb5.5.xml:410 sssd-krb5.5.xml:556
-#: sssd-secrets.5.xml:272 sssd-secrets.5.xml:310 sssd-secrets.5.xml:323
-#: sssd-secrets.5.xml:337 sssd-secrets.5.xml:348
+#: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
+#: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415
 #: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
 msgid "Default: not set"
 msgstr "Voreinstellung: nicht gesetzt"
@@ -765,10 +753,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:448
-#, fuzzy
-#| msgid "re_expression (string)"
 msgid "certificate_verification (string)"
-msgstr "re_expression (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:456
@@ -829,12 +815,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:497
-#, fuzzy
-#| msgid "These options can be used to configure the InfoPipe responder."
 msgid "This option must be used together with ocsp_default_responder."
 msgstr ""
-"Diese Optionen können zur Konfiguration des InfoPipe-Responders verwendet "
-"werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:451
@@ -851,17 +833,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:507
-#, fuzzy
-#| msgid "Default: not set, i.e. service discovery is disabled"
 msgid "Default: not set, i.e. do not restrict certificate verification"
-msgstr "Voreinstellung: nicht gesetzt, d.h. Dienstsuche ist deaktiviert"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:513
-#, fuzzy
-#| msgid "ldap_disable_paging (boolean)"
 msgid "disable_netlink (boolean)"
-msgstr "ldap_disable_paging (Boolesch)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:516
@@ -879,17 +857,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:526
-#, fuzzy
-#| msgid "Default: False (disabled)"
 msgid "Default: false (netlink changes are detected)"
-msgstr "Voreinstellung: False (deaktiviert)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:531
-#, fuzzy
-#| msgid "ad_enable_dns_sites (boolean)"
 msgid "enable_files_domain (boolean)"
-msgstr "ad_enable_dns_sites (Boolesch)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:534
@@ -914,8 +888,24 @@ msgid ""
 "be looked up in a random order for each parent domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:563
+msgid ""
+"Please, note that when this option is set the output format of all commands "
+"is always fully-qualified even when using short names for input.  In case "
+"the administrator wants the output not fully-qualified, the full_name_format "
+"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
+"However, keep in mind that during login, login applications often "
+"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
+"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
+"shortname is returned for a qualified input (while trying to reach a user "
+"which exists in multiple domains) might re-route the login attempt into the "
+"domain which users shortnames, making this workaround totally not "
+"recommended in cases where usernames may overlap between domains."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563 sssd.conf.5.xml:1340 sssd.conf.5.xml:2757
+#: sssd.conf.5.xml:587 sssd.conf.5.xml:1364 sssd.conf.5.xml:2931
 #: sssd-ad.5.xml:148 sssd-ad.5.xml:286 sssd-ad.5.xml:300
 msgid "Default: Not set"
 msgstr "Voreinstellung: Nicht gesetzt"
@@ -938,12 +928,12 @@ msgstr ""
 "verwendet. <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:574
+#: sssd.conf.5.xml:598
 msgid "SERVICES SECTIONS"
 msgstr "DIENSTABSCHNITTE"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:600
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -956,22 +946,22 @@ msgstr ""
 "Abschnitt zum Beispiel <quote>[nss]</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:607
 msgid "General service configuration options"
 msgstr "Allgemeine Optionen zum Konfigurieren von Diensten"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:609
 msgid "These options can be used to configure any service."
 msgstr "Diese Optionen können zur Konfiguration jedes Dienstes benutzt werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:626
 msgid "fd_limit"
 msgstr "fd_limit"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:605
+#: sssd.conf.5.xml:629
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -987,22 +977,17 @@ msgstr ""
 "Begrenzung in der »limit.conf« sein."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:614
+#: sssd.conf.5.xml:638
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr "Voreinstellung: 8192 (oder die »harte« Begrenzung der »limit.conf«)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:643
 msgid "client_idle_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
-#, fuzzy
-#| msgid ""
-#| "This option specifies the number of seconds that a client of an SSSD "
-#| "process can hold onto a file descriptor without communicating on it. This "
-#| "value is limited in order to avoid resource exhaustion on the system."
+#: sssd.conf.5.xml:646
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -1010,24 +995,20 @@ msgid ""
 "can't be shorter than 10 seconds. If a lower value is configured, it will be "
 "adjusted to 10 seconds."
 msgstr ""
-"Diese Option gibt die Anzahl der Sekunden an, während der ein Client eines "
-"SSSD-Prozesses einen Dateideskriptor behalten kann, ohne damit zu "
-"kommunizieren. Dieser Wert wird begrenzt, um zu verhindern, dass Ressourcen "
-"des Systems blockiert werden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:631 sssd.conf.5.xml:663 sssd.conf.5.xml:944
-#: sssd.conf.5.xml:1198 sssd-ldap.5.xml:1267
+#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
+#: sssd.conf.5.xml:1222 sssd-ldap.5.xml:1294
 msgid "Default: 60"
 msgstr "Voreinstellung: 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:660
 msgid "offline_timeout (integer)"
 msgstr "offline_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:663
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -1035,24 +1016,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:670
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:673
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:678
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:681
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -1060,14 +1041,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:668
-#, fuzzy
-#| msgid "client_idle_timeout"
+#: sssd.conf.5.xml:692
 msgid "responder_idle_timeout"
-msgstr "client_idle_timeout"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:695
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1079,30 +1058,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685 sssd.conf.5.xml:956 sssd.conf.5.xml:1514
+#: sssd.conf.5.xml:709 sssd.conf.5.xml:980 sssd.conf.5.xml:1559
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr "Voreinstellung: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:690
+#: sssd.conf.5.xml:714
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:717
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:729
 msgid "NSS configuration options"
 msgstr "NSS-Konfigurationsoptionen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:731
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
@@ -1110,12 +1089,12 @@ msgstr ""
 "benutzt werden"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:712
+#: sssd.conf.5.xml:736
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715
+#: sssd.conf.5.xml:739
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
@@ -1124,17 +1103,17 @@ msgstr ""
 "über alle Nutzer) zwischenspeichern?"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:719
+#: sssd.conf.5.xml:743
 msgid "Default: 120"
 msgstr "Voreinstellung: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:748
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr "entry_cache_nowait_percentage (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
+#: sssd.conf.5.xml:751
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1146,7 +1125,7 @@ msgstr ""
 "werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:733
+#: sssd.conf.5.xml:757
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1163,7 +1142,7 @@ msgstr ""
 "Zwischenspeicheraktualisierung zu warten."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:767
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1176,17 +1155,17 @@ msgstr ""
 "Sekunden senken. (0 schaltet diese Funktionalität aus.)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:775 sssd.conf.5.xml:1421
 msgid "Default: 50"
 msgstr "Voreinstellung: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:780
 msgid "entry_negative_timeout (integer)"
 msgstr "entry_negative_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:783
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1198,64 +1177,43 @@ msgstr ""
 "Backend erneut gefragt wird)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:765 sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:789 sssd.conf.5.xml:1445
 msgid "Default: 15"
 msgstr "Voreinstellung: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:770
-#, fuzzy
-#| msgid "autofs_negative_timeout (integer)"
+#: sssd.conf.5.xml:794
 msgid "local_negative_timeout (integer)"
-msgstr "autofs_negative_timeout (Ganzzahl)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:773
-#, fuzzy
-#| msgid ""
-#| "Specifies for how many seconds nss_sss should cache negative cache hits "
-#| "(that is, queries for invalid database entries, like nonexistent ones)  "
-#| "before asking the back end again."
+#: sssd.conf.5.xml:797
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again."
 msgstr ""
-"gibt an, für wie viele Sekunden lang »nss_sss« negative "
-"Zwischenspeichertreffer zwischenspeichern soll (das heißt, Abfragen "
-"ungültiger Datenbankeinträge, wie solche, die nicht existieren), bevor das "
-"Backend erneut gefragt wird)."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778 sssd.conf.5.xml:1186 sssd.conf.5.xml:2641 sssd.8.xml:79
+#: sssd.conf.5.xml:802 sssd.conf.5.xml:1210 sssd.conf.5.xml:2815 sssd.8.xml:79
 msgid "Default: 0"
 msgstr "Voreinstellung: 0"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:807
 msgid "filter_users, filter_groups (string)"
 msgstr "filter_users, filter_groups (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:786
-#, fuzzy
-#| msgid ""
-#| "Exclude certain users from being fetched from the sss NSS database. This "
-#| "is particularly useful for system accounts. This option can also be set "
-#| "per-domain or include fully-qualified names to filter only users from the "
-#| "particular domain."
+#: sssd.conf.5.xml:810
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
 "also be set per-domain or include fully-qualified names to filter only users "
 "from the particular domain."
 msgstr ""
-"schließt bestimmte Nutzer von der Abfrage aus der SSS-NSS-Datenbank aus, was "
-"insbesondere für Systemkonten nützlich ist. Diese Option kann auch pro "
-"Domain gesetzt werden oder voll qualifizierte Namen enthalten, um nur Nutzer "
-"von einer bestimmten Domain herauszufiltern."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:817
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1264,17 +1222,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:801
+#: sssd.conf.5.xml:825
 msgid "Default: root"
 msgstr "Voreinstellung: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:830
 msgid "filter_users_in_groups (bool)"
 msgstr "filter_users_in_groups (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:833
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
@@ -1282,12 +1240,12 @@ msgstr ""
 "setzen Sie diese Option auf »false«."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:820
+#: sssd.conf.5.xml:844
 msgid "fallback_homedir (string)"
 msgstr "fallback_homedir (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:847
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
@@ -1296,7 +1254,7 @@ msgstr ""
 "es nicht explizit durch den Datenanbieter der Domain angegeben wurde."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:852
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
@@ -1304,7 +1262,7 @@ msgstr ""
 "»override_homedir«."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:834
+#: sssd.conf.5.xml:858
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1314,25 +1272,25 @@ msgstr ""
 "                            "
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1265 sssd.conf.5.xml:1284
+#: sssd.conf.5.xml:856 sssd.conf.5.xml:1289 sssd.conf.5.xml:1308
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "Beispiel: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:862
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 "Voreinstellung: nicht gesetzt (kein Ersetzen nicht gesetzter Home-"
 "Verzeichnisse)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:868
 msgid "override_shell (string)"
 msgstr "override_shell (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:871
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1343,19 +1301,19 @@ msgstr ""
 "entweder im Abschnitt [nss] oder für jede Domain gesetzt werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:877
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 "Voreinstellung: nicht gesetzt (SSSD wird den von LDAP erhaltenen Wert "
 "benutzen)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:883
 msgid "allowed_shells (string)"
 msgstr "allowed_shells (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:886
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
@@ -1363,12 +1321,12 @@ msgstr ""
 "Reihenfolge der Auswertung ist:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:889
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr "1. Falls die Shell in »/etc/shells« vorhanden ist, wird sie benutzt."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:869
+#: sssd.conf.5.xml:893
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
@@ -1377,7 +1335,7 @@ msgstr ""
 "shells« steht, wird der Wert des Parameters »shell_fallback« verwendet."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:898
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
@@ -1386,12 +1344,12 @@ msgstr ""
 "steht, wird eine Nicht-Login-Shell benutzt."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:879
+#: sssd.conf.5.xml:903
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:906
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1399,13 +1357,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:913
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 "Eine leere Zeichenkette als Shell wird, so wie sie ist, an Libc übergeben."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:892
+#: sssd.conf.5.xml:916
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
@@ -1414,28 +1372,28 @@ msgstr ""
 "Fall einer neu installierten Shell ein Neustart von SSSD nötig ist."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:920
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 "Voreinstellung: nicht gesetzt. Die Benutzer-Shell wird automatisch verwendet."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:925
 msgid "vetoed_shells (string)"
 msgstr "vetoed_shells (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:904
+#: sssd.conf.5.xml:928
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr "ersetzt jedwede Instanz dieser Shells durch die aus »shell_fallback«."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:909
+#: sssd.conf.5.xml:933
 msgid "shell_fallback (string)"
 msgstr "shell_fallback (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:936
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
@@ -1443,17 +1401,17 @@ msgstr ""
 "auf dem Rechner installiert ist."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:940
 msgid "Default: /bin/sh"
 msgstr "Voreinstellung: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:945
 msgid "default_shell"
 msgstr "default_shell"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:948
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
@@ -1463,7 +1421,7 @@ msgstr ""
 "jede Domain gesetzt werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:954
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
@@ -1473,12 +1431,12 @@ msgstr ""
 "Vernünftiges, üblicherweise /bin/sh, ersetzt.)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:937 sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:961 sssd.conf.5.xml:1215
 msgid "get_domains_timeout (int)"
 msgstr "get_domains_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1218
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
@@ -1487,44 +1445,31 @@ msgstr ""
 "gültig erachtet wird."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:973
 msgid "memcache_timeout (int)"
 msgstr "memcache_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:952
-#, fuzzy
-#| msgid ""
-#| "Specifies time in seconds for which records in the in-memory cache will "
-#| "be valid"
+#: sssd.conf.5.xml:976
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid."
 msgstr ""
-"gibt die Zeit in Sekunden an, in denen Datensätze im speicherinternen "
-"Zwischenspeicher als gültig erachtet werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
-#, fuzzy
-#| msgid ""
-#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
-#| "applications will not use the fast in memory cache."
+#: sssd.conf.5.xml:983
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
-"Falls die Umgebungsvariable SSS_NSS_USE_MEMCACHE auf »NO« gesetzt ist, "
-"nutzen Client-Anwendungen den schnellen speicherinternen Zwischenspeicher "
-"nicht."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:967 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:991 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr "user_attributes (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:994
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1535,50 +1480,48 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1007
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1012
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:993
-#, fuzzy
-#| msgid "skel_dir (string)"
+#: sssd.conf.5.xml:1017
 msgid "pwfield (string)"
-msgstr "skel_dir (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:996
+#: sssd.conf.5.xml:1020
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1025 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr "Diese Option kann auch pro Domain gesetzt werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1004
+#: sssd.conf.5.xml:1028
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1012
+#: sssd.conf.5.xml:1036
 msgid "PAM configuration options"
 msgstr "PAM-Konfigurationsoptionen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1038
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
@@ -1587,12 +1530,12 @@ msgstr ""
 "Authentication Module« (PAM) einzurichten."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1043
 msgid "offline_credentials_expiration (integer)"
 msgstr "offline_credentials_expiration (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1022
+#: sssd.conf.5.xml:1046
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
@@ -1602,17 +1545,17 @@ msgstr ""
 "erfolgreichen Anmeldung)?"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027 sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1051 sssd.conf.5.xml:1064
 msgid "Default: 0 (No limit)"
 msgstr "Voreinstellung: 0 (unbegrenzt)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1057
 msgid "offline_failed_login_attempts (integer)"
 msgstr "offline_failed_login_attempts (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1060
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
@@ -1621,12 +1564,12 @@ msgstr ""
 "Authentifizierungsanbieter offline ist?"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1070
 msgid "offline_failed_login_delay (integer)"
 msgstr "offline_failed_login_delay (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1073
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
@@ -1636,7 +1579,7 @@ msgstr ""
 "Anmeldeversuch möglich ist."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1078
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1648,17 +1591,17 @@ msgstr ""
 "Authentifizierung reaktivieren."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1084 sssd.conf.5.xml:1182
 msgid "Default: 5"
 msgstr "Voreinstellung: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1090
 msgid "pam_verbosity (integer)"
 msgstr "pam_verbosity (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1093
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
@@ -1667,114 +1610,106 @@ msgstr ""
 "angezeigt werden. Je höher die Zahl, desto mehr Nachrichten werden angezeigt."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1098
 msgid "Currently sssd supports the following values:"
 msgstr "Derzeit unterstützt SSSD folgende Werte:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1101
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr "<emphasis>0</emphasis>: keine Nachricht anzeigen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1104
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr "<emphasis>1</emphasis>: nur wichtige Nachrichten anzeigen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1108
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr "<emphasis>2</emphasis>: nur informative Nachrichten anzeigen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1111
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 "<emphasis>3</emphasis>: alle Nachrichten und Debug-Informationen anzeigen"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.8.xml:63
+#: sssd.conf.5.xml:1115 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Voreinstellung: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
-#, fuzzy
-#| msgid "pam_verbosity (integer)"
+#: sssd.conf.5.xml:1121
 msgid "pam_response_filter (integer)"
-msgstr "pam_verbosity (Ganzzahl)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1124
 msgid ""
-"A comma separated list of strings which allows to remove (filter) data send "
+"A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
-"responses send to pam_sss e.g. messages displayed to the user or environment "
+"responses sent to pam_sss e.g. messages displayed to the user or environment "
 "variables which should be set by pam_sss."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1132
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1139
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1116
-msgid "Do not sent any environment variables to any service."
+#: sssd.conf.5.xml:1140
+msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1143
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
-msgid "Do not sent environment variable var_name to any service."
+#: sssd.conf.5.xml:1144
+msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1148
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1125
-msgid "Do not sent environment variable var_name to service."
+#: sssd.conf.5.xml:1149
+msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
-#, fuzzy
-#| msgid ""
-#| "The following expansions are supported: <placeholder type=\"variablelist"
-#| "\" id=\"0\"/>"
+#: sssd.conf.5.xml:1137
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
-"Die folgenden Erweiterungen werden unterstützt: <placeholder type="
-"\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1159
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1165
 msgid "pam_id_timeout (integer)"
 msgstr "pam_id_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1168
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1786,7 +1721,7 @@ msgstr ""
 "den neusten Informationen erfolgt."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1174
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1800,17 +1735,17 @@ msgstr ""
 "viele Abfragen der Identitätsanbieter zu vermeiden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1188
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr "pam_pwd_expiration_warning (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1167 sssd.conf.5.xml:1866
+#: sssd.conf.5.xml:1191 sssd.conf.5.xml:2010
 msgid "Display a warning N days before the password expires."
 msgstr "zeigt N Tage vor Ablauf des Passworts eine Warnung an."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1194
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1821,7 +1756,7 @@ msgstr ""
 "SSSD keine Warnung anzeigen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1869
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2013
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
@@ -1831,7 +1766,7 @@ msgstr ""
 "automatisch angezeigt."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1205
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
@@ -1840,17 +1775,12 @@ msgstr ""
 "emphasis> für eine bestimmte Domain außer Kraft gesetzt werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1227
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1206
-#, fuzzy
-#| msgid ""
-#| "Specifies the comma-separated list of UID values or user names that are "
-#| "allowed to access the InfoPipe responder. User names are resolved to UIDs "
-#| "at startup."
+#: sssd.conf.5.xml:1230
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1858,79 +1788,76 @@ msgid ""
 "<quote>pam_public_domains</quote>.  User names are resolved to UIDs at "
 "startup."
 msgstr ""
-"Gibt eine durch Kommata getrennte Liste der Benutzer-ID-Werte oder "
-"Benutzernamen an, denen der Zugriff auf den InfoPipe-Responder erlaubt ist. "
-"Benutzernamen werden beim Start in Benutzer-IDs aufgelöst."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1240
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1220
+#: sssd.conf.5.xml:1244
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1251
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1254
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1258
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1238
+#: sssd.conf.5.xml:1262
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1242
+#: sssd.conf.5.xml:1266
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1246 sssd.conf.5.xml:1271 sssd.conf.5.xml:1290
-#: sssd.conf.5.xml:1663 sssd.conf.5.xml:2577 sssd-ldap.5.xml:1823
+#: sssd.conf.5.xml:1270 sssd.conf.5.xml:1295 sssd.conf.5.xml:1314
+#: sssd.conf.5.xml:1807 sssd.conf.5.xml:2751 sssd-ldap.5.xml:1850
 msgid "Default: none"
 msgstr "Voreinstellung: none"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1275
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1254
+#: sssd.conf.5.xml:1278
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1283
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:1291
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1938,21 +1865,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1276
-#, fuzzy
-#| msgid "ldap_ns_account_lock (string)"
+#: sssd.conf.5.xml:1300
 msgid "pam_account_locked_message (string)"
-msgstr "ldap_ns_account_lock (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1303
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1310
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1960,14 +1885,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
-#, fuzzy
-#| msgid "enumerate (bool)"
+#: sssd.conf.5.xml:1319
 msgid "pam_cert_auth (bool)"
-msgstr "enumerate (Boolesch)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1322
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1975,64 +1898,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1304 sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1078
-#: sssd-ldap.5.xml:1369 sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1896
+#: sssd.conf.5.xml:1328 sssd-ldap.5.xml:1078 sssd-ldap.5.xml:1105
+#: sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1417 sssd-ldap.5.xml:1923
 #: include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr "Voreinstellung: False"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1309
-#, fuzzy
-#| msgid "ipa_hbac_search_base (string)"
+#: sssd.conf.5.xml:1333
 msgid "pam_cert_db_path (string)"
-msgstr "ipa_hbac_search_base (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1312
+#: sssd.conf.5.xml:1336
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1340
 msgid "Default: /etc/pki/nssdb (NSS version)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
-#, fuzzy
-#| msgid "pam_id_timeout (integer)"
+#: sssd.conf.5.xml:1345
 msgid "p11_child_timeout (integer)"
-msgstr "pam_id_timeout (Ganzzahl)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1348
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
-#, fuzzy
-#| msgid "ldap_service_name (string)"
+#: sssd.conf.5.xml:1357
 msgid "pam_app_services (string)"
-msgstr "ldap_service_name (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1360
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1349
+#: sssd.conf.5.xml:1373
 msgid "SUDO configuration options"
 msgstr "Sudo-Konfigurationsoptionen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1351
+#: sssd.conf.5.xml:1375
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -2050,12 +1967,12 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1392
 msgid "sudo_timed (bool)"
 msgstr "sudo_timed (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1371
+#: sssd.conf.5.xml:1395
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
@@ -2064,24 +1981,41 @@ msgstr ""
 "zeitabhängige »sudoers«-Einträge implementieren, ausgewertet werden oder "
 "nicht."
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1407
+#, fuzzy
+#| msgid "ldap_deref_threshold (integer)"
+msgid "sudo_threshold (integer)"
+msgstr "ldap_deref_threshold (Ganzzahl)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1410
+msgid ""
+"Maximum number of expired rules that can be refreshed at once. If number of "
+"expired rules is below threshold, those rules are refreshed with "
+"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
+"<quote>full refresh</quote> of sudo rules is triggered instead. This "
+"threshold number also applies to IPA sudo command and command group searches."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1429
 msgid "AUTOFS configuration options"
 msgstr "AUTOFS-Konfigurationsoptionen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1431
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 "Diese Optionen können zum Konfigurieren des Dienstes »autofs« benutzt werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1390
+#: sssd.conf.5.xml:1435
 msgid "autofs_negative_timeout (integer)"
 msgstr "autofs_negative_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1393
+#: sssd.conf.5.xml:1438
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -2092,23 +2026,23 @@ msgstr ""
 "nicht existierende), bevor das Backend erneut befragt wird."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1409
+#: sssd.conf.5.xml:1454
 msgid "SSH configuration options"
 msgstr "SSH-Konfigurationsoptionen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1411
+#: sssd.conf.5.xml:1456
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 "Diese Optionen können zum Konfigurieren des SSH-Dienstes benutzt werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1415
+#: sssd.conf.5.xml:1460
 msgid "ssh_hash_known_hosts (bool)"
 msgstr "ssh_hash_known_hosts (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1463
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
@@ -2117,12 +2051,12 @@ msgstr ""
 "»known_hosts« zusammengemischt werden oder nicht."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1427
+#: sssd.conf.5.xml:1472
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr "ssh_known_hosts_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430
+#: sssd.conf.5.xml:1475
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
@@ -2131,47 +2065,34 @@ msgstr ""
 "»known_hosts« behalten wird, bevor seine Rechnerschlüssel abgefragt werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1434
+#: sssd.conf.5.xml:1479
 msgid "Default: 180"
 msgstr "Voreinstellung: 180"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1439
-#, fuzzy
-#| msgid "mail_dir (string)"
+#: sssd.conf.5.xml:1484
 msgid "ca_db (string)"
-msgstr "mail_dir (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1487
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1447
-#, fuzzy
-#| msgid "Default: /etc/krb5.keytab"
+#: sssd.conf.5.xml:1492
 msgid "Default: /etc/pki/nssdb"
-msgstr "Voreinstellung: /etc/krb5.keytab"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1455
+#: sssd.conf.5.xml:1500
 msgid "PAC responder configuration options"
 msgstr "PAC-Responder-Konfigurationsoptionen"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1457
-#, fuzzy
-#| msgid ""
-#| "The PAC responder works together with the authorization data plugin for "
-#| "MIT Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin "
-#| "sends the PAC data during a GSSAPI authentication to the PAC responder. "
-#| "The sub-domain provider collects domain SID and ID ranges of the domain "
-#| "the client is joined to and of remote trusted domains from the local "
-#| "domain controller.  If the PAC is decoded and evaluated some of the "
-#| "following operations are done:"
+#: sssd.conf.5.xml:1502
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2180,24 +2101,9 @@ msgid ""
 "joined to and of remote trusted domains from the local domain controller. If "
 "the PAC is decoded and evaluated some of the following operations are done:"
 msgstr ""
-"Der PAC-Responder arbeitet mit der Autorisierungsdatenerweiterung für "
-"»sssd_pac_plugin.so« von MIT Kerberos und einem Subdomain-Anbieter. Die "
-"Erweiterung sendet die PAC-Daten während einer GSSAPI-Authentifizierung an "
-"den PAC-Responder. Der Subdomain-Anbieter sammelt die SID- und ID-Bereiche "
-"der Domain, zu der der Client gehört, und die fernen vertrauenswürdigen "
-"Domains vom lokalen Domain-Controller. Falls der PAC entschlüsselt und "
-"ausgewertet wurde, werden einige der folgenden Transaktionen durchgeführt:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1466
-#, fuzzy
-#| msgid ""
-#| "If the remote user does not exist in the cache, it is created. The uid is "
-#| "determined with the help of the SID, trusted domains will have UPGs and "
-#| "the gid will have the same value as the uid. The home directory is set "
-#| "based on the subdomain_homedir parameter. The shell will be empty by "
-#| "default, i.e. the system defaults are used, but can be overwritten with "
-#| "the default_shell parameter."
+#: sssd.conf.5.xml:1511
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2206,16 +2112,9 @@ msgid ""
 "the system defaults are used, but can be overwritten with the default_shell "
 "parameter."
 msgstr ""
-"Falls der ferne Benutzer nicht im Zwischenspeicher existiert, wird er "
-"erstellt. Die UID wird mithilfe der SID bestimmt, vertrauenswürdige Domains "
-"werden UPGs und GID denselben Wert wie die UID haben. Das Home-Verzeichnis "
-"wird auf Basis des Parameters »subdomain_homedir« gesetzt. Die Shell wird "
-"standardmäßig leer sein, d.h. die Voreinstellungen des Systems werden "
-"benutzt, können jedoch mit dem Parameter »default_shell« überschrieben "
-"werden."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1519
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
@@ -2224,18 +2123,18 @@ msgstr ""
 "diesen Gruppen hinzugefügt."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1525
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 "Diese Optionen können zur Konfiguration des PAC-Responders verwendet werden."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1484 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1529 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr "allowed_uids (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1487
+#: sssd.conf.5.xml:1532
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -2246,14 +2145,14 @@ msgstr ""
 "beim Starten zu UIDs aufgelöst."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1538
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 "Voreinstellung: 0 (Nur dem Benutzer Root ist der Zugriff auf den PAC-"
 "Responder gestattet.)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1497
+#: sssd.conf.5.xml:1542
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -2266,33 +2165,186 @@ msgstr ""
 "der Liste der erlaubten UIDs auch die 0 hinzufügen."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
-#, fuzzy
-#| msgid "pam_id_timeout (integer)"
+#: sssd.conf.5.xml:1551
 msgid "pac_lifetime (integer)"
-msgstr "pam_id_timeout (Ganzzahl)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1554
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1567
+#, fuzzy
+#| msgid "PAC responder configuration options"
+msgid "Session recording configuration options"
+msgstr "PAC-Responder-Konfigurationsoptionen"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1569
+#, fuzzy
+#| msgid ""
+#| "This manual page describes the configuration of the AD provider for "
+#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
+#| "manvolnum> </citerefentry>.  For a detailed syntax reference, refer to "
+#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
+#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> manual page."
+msgid ""
+"Session recording works in conjunction with <citerefentry> "
+"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>, a part of tlog package, to log what users see and type when "
+"they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
+"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+"Diese Handbuchseite beschreibt die Konfiguration des AD-Anbieters für "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. Eine ausführliche Syntax-Referenz finden Sie im Abschnitt "
+"»DATEIFORMAT« der Handbuchseite <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1582
+#, fuzzy
+#| msgid "These options can be used to configure any service."
+msgid "These options can be used to configure session recording."
+msgstr "Diese Optionen können zur Konfiguration jedes Dienstes benutzt werden."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1586 sssd-session-recording.5.xml:64
+#, fuzzy
+#| msgid "sudo_provider (string)"
+msgid "scope (string)"
+msgstr "sudo_provider (Zeichenkette)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:71
+#, fuzzy
+#| msgid "none"
+msgid "\"none\""
+msgstr "none"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:74
+msgid "No users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1601 sssd-session-recording.5.xml:79
+msgid "\"some\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1604 sssd-session-recording.5.xml:82
+#, fuzzy
+#| msgid ""
+#| "Append this user to groups specified by the <replaceable>GROUPS</"
+#| "replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter "
+#| "is a comma separated list of group names."
+msgid ""
+"Users/groups specified by <replaceable>users</replaceable> and "
+"<replaceable>groups</replaceable> options are recorded."
+msgstr ""
+"hängt diesen Benutzer an die Gruppen an, die durch den Parameter "
+"<replaceable>GRUPPEN</replaceable> angegeben werden. Der Parameter "
+"<replaceable>GRUPPEN</replaceable> ist eine durch Kommata getrennte Liste "
+"von Gruppennamen."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1613 sssd-session-recording.5.xml:91
+msgid "\"all\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1616 sssd-session-recording.5.xml:94
+msgid "All users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1589 sssd-session-recording.5.xml:67
+#, fuzzy
+#| msgid ""
+#| "The following expansions are supported: <placeholder type=\"variablelist"
+#| "\" id=\"0\"/>"
+msgid ""
+"One of the following strings specifying the scope of session recording: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+"Die folgenden Erweiterungen werden unterstützt: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:101
+#, fuzzy
+#| msgid "Default: none"
+msgid "Default: \"none\""
+msgstr "Voreinstellung: none"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1628 sssd-session-recording.5.xml:106
+#, fuzzy
+#| msgid "skel_dir (string)"
+msgid "users (string)"
+msgstr "skel_dir (Zeichenkette)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1631 sssd-session-recording.5.xml:109
+msgid ""
+"A comma-separated list of users which should have session recording enabled. "
+"Matches user names as returned by NSS. I.e. after the possible space "
+"replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1637 sssd-session-recording.5.xml:115
+#, fuzzy
+#| msgid "Default: empty, i.e. ldap_uri is used."
+msgid "Default: Empty. Matches no users."
+msgstr "Voreinstellung: leer, d.h., dass »ldap_uri« benutzt wird"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1642 sssd-session-recording.5.xml:120
+#, fuzzy
+#| msgid "ldap_group_name (string)"
+msgid "groups (string)"
+msgstr "ldap_group_name (Zeichenkette)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1645 sssd-session-recording.5.xml:123
+msgid ""
+"A comma-separated list of groups, members of which should have session "
+"recording enabled. Matches group names as returned by NSS. I.e. after the "
+"possible space replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1651 sssd-session-recording.5.xml:129
+msgid ""
+"NOTE: using this option (having it set to anything) has a considerable "
+"performance cost, because each uncached request for a user requires "
+"retrieving and matching the groups the user is member of."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:136
+msgid "Default: Empty. Matches no groups."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1668
 msgid "DOMAIN SECTIONS"
 msgstr "DOMAIN-ABSCHNITTE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1531
-#, fuzzy
-#| msgid "ad_domain (string)"
+#: sssd.conf.5.xml:1675
 msgid "domain_type (string)"
-msgstr "ad_domain (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1534
+#: sssd.conf.5.xml:1678
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -2301,57 +2353,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1542
+#: sssd.conf.5.xml:1686
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546
-#, fuzzy
-#| msgid ""
-#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page for more details."
+#: sssd.conf.5.xml:1690
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
 "<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>) and the PAM responder."
 msgstr ""
-"Weitere Einzelheiten finden Sie in der Handbuchseite <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> beim Parameter »dns_discovery_domain«."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1698
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1702
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1562
-#, fuzzy
-#| msgid "Default: posixGroup"
+#: sssd.conf.5.xml:1706
 msgid "Default: posix"
-msgstr "Voreinstellung: posixGroup"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1568
+#: sssd.conf.5.xml:1712
 msgid "min_id,max_id (integer)"
 msgstr "min_id,max_id (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1715
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
@@ -2360,7 +2402,7 @@ msgstr ""
 "enthält, der jenseits dieser Beschränkungen liegt, wird er ignoriert."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1720
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2373,7 +2415,7 @@ msgstr ""
 "werden jene, die im Bereich liegen, wie erwartet gemeldet."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1727
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
@@ -2382,17 +2424,17 @@ msgstr ""
 "den Zwischenspeicher und nicht nur ihre Rückgabe über Name oder ID."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1731
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr "Voreinstellung: 1 für »min_id«, 0 (keine Beschränkung) für »max_id«"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1737
 msgid "enumerate (bool)"
 msgstr "enumerate (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596
+#: sssd.conf.5.xml:1740
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
@@ -2401,22 +2443,22 @@ msgstr ""
 "der folgenden Werte haben:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1744
 msgid "TRUE = Users and groups are enumerated"
 msgstr "TRUE = Benutzer und Gruppen werden aufgezählt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603
+#: sssd.conf.5.xml:1747
 msgid "FALSE = No enumerations for this domain"
 msgstr "FALSE = keine Aufzählungen für diese Domain"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1821 sssd.conf.5.xml:1988
+#: sssd.conf.5.xml:1750 sssd.conf.5.xml:1965 sssd.conf.5.xml:2132
 msgid "Default: FALSE"
 msgstr "Voreinstellung: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1609
+#: sssd.conf.5.xml:1753
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2436,7 +2478,7 @@ msgstr ""
 "die Mitgliedschaften neu berechnet werden müssen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1766
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
@@ -2446,7 +2488,7 @@ msgstr ""
 "Ergebnisse zurück."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1771
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2461,7 +2503,7 @@ msgstr ""
 "benutzten »id_provider«."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:1779
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
@@ -2470,32 +2512,32 @@ msgstr ""
 "insbesondere in großen Umgebungen, nicht empfohlen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1643
+#: sssd.conf.5.xml:1787
 msgid "subdomain_enumerate (string)"
 msgstr "subdomain_enumerate (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1650
+#: sssd.conf.5.xml:1794
 msgid "all"
 msgstr "all"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1651
+#: sssd.conf.5.xml:1795
 msgid "All discovered trusted domains will be enumerated"
 msgstr "Alle entdeckten vertrauenswürdigen Domains werden aufgezählt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1798
 msgid "none"
 msgstr "none"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1799
 msgid "No discovered trusted domains will be enumerated"
 msgstr "Keine der entdeckten vertrauenswürdigen Domains wird aufgezählt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1790
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2509,12 +2551,12 @@ msgstr ""
 "Domains aktivieren."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1813
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672
+#: sssd.conf.5.xml:1816
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
@@ -2523,7 +2565,7 @@ msgstr ""
 "soll, bevor das Backend erneut abgefragt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1820
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2541,17 +2583,17 @@ msgstr ""
 "wurden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1689
+#: sssd.conf.5.xml:1833
 msgid "Default: 5400"
 msgstr "Voreinstellung: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1695
+#: sssd.conf.5.xml:1839
 msgid "entry_cache_user_timeout (integer)"
 msgstr "entry_cache_user_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1698
+#: sssd.conf.5.xml:1842
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
@@ -2560,19 +2602,19 @@ msgstr ""
 "betrachten soll, bevor das Backend erneut abgefragt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1702 sssd.conf.5.xml:1715 sssd.conf.5.xml:1728
-#: sssd.conf.5.xml:1741 sssd.conf.5.xml:1754 sssd.conf.5.xml:1768
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1846 sssd.conf.5.xml:1859 sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1885 sssd.conf.5.xml:1898 sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1926
 msgid "Default: entry_cache_timeout"
 msgstr "Voreinstellung: entry_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1708
+#: sssd.conf.5.xml:1852
 msgid "entry_cache_group_timeout (integer)"
 msgstr "entry_cache_group_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1711
+#: sssd.conf.5.xml:1855
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
@@ -2581,12 +2623,12 @@ msgstr ""
 "betrachten soll, bevor das Backend erneut abgefragt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1721
+#: sssd.conf.5.xml:1865
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr "entry_cache_netgroup_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1868
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
@@ -2595,12 +2637,12 @@ msgstr ""
 "betrachten soll, bevor das Backend erneut abgefragt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1878
 msgid "entry_cache_service_timeout (integer)"
 msgstr "entry_cache_service_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1881
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
@@ -2609,12 +2651,12 @@ msgstr ""
 "betrachten soll, bevor das Backend erneut abgefragt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1891
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr "entry_cache_sudo_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1750
+#: sssd.conf.5.xml:1894
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
@@ -2623,12 +2665,12 @@ msgstr ""
 "bevor das Backend erneut abgefragt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1760
+#: sssd.conf.5.xml:1904
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr "entry_cache_autofs_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1763
+#: sssd.conf.5.xml:1907
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
@@ -2638,24 +2680,24 @@ msgstr ""
 "wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1774
+#: sssd.conf.5.xml:1918
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1921
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1932
 msgid "refresh_expired_interval (integer)"
 msgstr "refresh_expired_interval (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1791
+#: sssd.conf.5.xml:1935
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
@@ -2665,49 +2707,49 @@ msgstr ""
 "abgelaufenen oder beinahe abgelaufenen Daten aktualisiert werden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1796
+#: sssd.conf.5.xml:1940
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1944
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 "Sie können in Betracht ziehen, diesen Wert auf 3/4 * entry_cache_timeout zu "
 "setzen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1804 sssd-ldap.5.xml:746 sssd-ipa.5.xml:247
+#: sssd.conf.5.xml:1948 sssd-ldap.5.xml:746 sssd-ipa.5.xml:248
 msgid "Default: 0 (disabled)"
 msgstr "Voreinstellung: 0 (deaktiviert)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1810
+#: sssd.conf.5.xml:1954
 msgid "cache_credentials (bool)"
 msgstr "cache_credentials (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1957
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 "bestimmt, ob auch Benutzerberechtigungen im lokalen LDB-Zwischenspeicher "
 "zwischengespeichert werden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1961
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 "Benutzerberechtigungen werden in einem SHA512-Hash, nicht im Klartext "
 "gespeichert."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1827
+#: sssd.conf.5.xml:1971
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1830
+#: sssd.conf.5.xml:1974
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2715,24 +2757,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1981
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1986
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1992
 msgid "account_cache_expiration (integer)"
 msgstr "account_cache_expiration (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1995
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2745,17 +2787,17 @@ msgstr ""
 "Parameters muss größer oder gleich »offline_credentials_expiration« sein."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1858
+#: sssd.conf.5.xml:2002
 msgid "Default: 0 (unlimited)"
 msgstr "Voreinstellung: 0 (unbegrenzt)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:2007
 msgid "pwd_expiration_warning (integer)"
 msgstr "pwd_expiration_warning (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1874
+#: sssd.conf.5.xml:2018
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2768,17 +2810,17 @@ msgstr ""
 "Authentifizierungsanbieter konfiguriert werden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1881
+#: sssd.conf.5.xml:2025
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr "Voreinstellung: 7 (Kerberos), 0 (LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:2031
 msgid "id_provider (string)"
 msgstr "id_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2034
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
@@ -2786,17 +2828,17 @@ msgstr ""
 "werden unterstützt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1894
+#: sssd.conf.5.xml:2038
 msgid "<quote>proxy</quote>: Support a legacy NSS provider"
 msgstr "»proxy«: unterstützt einen veralteten NSS-Anbieter."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897 sssd.conf.5.xml:2034
+#: sssd.conf.5.xml:2041 sssd.conf.5.xml:2178
 msgid "<quote>local</quote>: SSSD internal provider for local users"
 msgstr "»local«: SSSDs interner Anbieter für lokale Benutzer"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:2045
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2807,8 +2849,8 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1909 sssd.conf.5.xml:2014 sssd.conf.5.xml:2069
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2053 sssd.conf.5.xml:2158 sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2821,8 +2863,8 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1918 sssd.conf.5.xml:2023 sssd.conf.5.xml:2078
-#: sssd.conf.5.xml:2141
+#: sssd.conf.5.xml:2062 sssd.conf.5.xml:2167 sssd.conf.5.xml:2222
+#: sssd.conf.5.xml:2285
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2834,12 +2876,12 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2073
 msgid "use_fully_qualified_names (bool)"
 msgstr "use_fully_qualified_names (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:2076
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
@@ -2849,7 +2891,7 @@ msgstr ""
 "Benutzers, der an NSS gemeldet wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2081
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2863,7 +2905,7 @@ msgstr ""
 "test@LOCAL</command> würde ihn hingegen finden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1945
+#: sssd.conf.5.xml:2089
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2875,22 +2917,22 @@ msgstr ""
 "nicht voll qualifizierter Name angefragt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1952
+#: sssd.conf.5.xml:2096
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2102
 msgid "ignore_group_members (bool)"
 msgstr "ignore_group_members (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1961
+#: sssd.conf.5.xml:2105
 msgid "Do not return group members for group lookups."
 msgstr "gibt beim Nachschlagen der Gruppe nicht die Gruppenmitglieder zurück."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2108
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2902,7 +2944,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1982
+#: sssd.conf.5.xml:2126
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2910,12 +2952,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1993
+#: sssd.conf.5.xml:2137
 msgid "auth_provider (string)"
 msgstr "auth_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1996
+#: sssd.conf.5.xml:2140
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
@@ -2924,7 +2966,7 @@ msgstr ""
 "Authentifizierungsanbieter werden unterstützt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000 sssd.conf.5.xml:2062
+#: sssd.conf.5.xml:2144 sssd.conf.5.xml:2206
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2935,7 +2977,7 @@ msgstr ""
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2007
+#: sssd.conf.5.xml:2151
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2947,19 +2989,19 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2175
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 "»proxy« zur Weitergabe der Authentifizierung an irgendein anderes PAM-Ziel"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2182
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr "»none« deaktiviert explizit die Authentifizierung."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2041
+#: sssd.conf.5.xml:2185
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
@@ -2968,12 +3010,12 @@ msgstr ""
 "mit Authentifizierungsanfragen umgehen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2191
 msgid "access_provider (string)"
 msgstr "access_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2194
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2984,7 +3026,7 @@ msgstr ""
 "Backends enthalten sind). Interne Spezialanbieter sind:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
+#: sssd.conf.5.xml:2200
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
@@ -2993,12 +3035,12 @@ msgstr ""
 "für eine lokale Domain."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059
+#: sssd.conf.5.xml:2203
 msgid "<quote>deny</quote> always deny access."
 msgstr "»deny« verweigert dem Zugriff immer."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2086
+#: sssd.conf.5.xml:2230
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -3011,44 +3053,30 @@ msgstr ""
 "simple</refentrytitle> <manvolnum>5</manvolnum></citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2093
-#, fuzzy
-#| msgid ""
-#| "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> for more information on configuring Kerberos."
+#: sssd.conf.5.xml:2237
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
 "citerefentry> for more information on configuring Kerberos."
 msgstr ""
-"»krb5« für Kerberos-Authentifizierung. Weitere Informationen über die "
-"Konfiguration von Kerberos finden Sie unter <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2100
-#, fuzzy
-#| msgid ""
-#| "<quote>proxy</quote> for relaying password changes to some other PAM "
-#| "target."
+#: sssd.conf.5.xml:2244
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
-"»proxy« zur Weitergabe der Passwortänderung an irgendein anderes PAM-Ziel"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2247
 msgid "Default: <quote>permit</quote>"
 msgstr "Voreinstellung: »permit«"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2108
+#: sssd.conf.5.xml:2252
 msgid "chpass_provider (string)"
 msgstr "chpass_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2111
+#: sssd.conf.5.xml:2255
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
@@ -3057,24 +3085,15 @@ msgstr ""
 "Folgende Anbieter von Passwortänderungen werden unterstützt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2116
-#, fuzzy
-#| msgid ""
-#| "<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-#| "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> for more information on configuring LDAP."
+#: sssd.conf.5.xml:2260
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry> for more information on configuring LDAP."
 msgstr ""
-"»ldap« zum Ändern eines auf einem LDAP-Server gespeicherten Passworts. "
-"Weitere Informationen über die Konfiguration von LDAP finden Sie unter "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2124
+#: sssd.conf.5.xml:2268
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3086,19 +3105,19 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2149
+#: sssd.conf.5.xml:2293
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 "»proxy« zur Weitergabe der Passwortänderung an irgendein anderes PAM-Ziel"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2153
+#: sssd.conf.5.xml:2297
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr "»none« verbietet explizit Passwortänderungen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2300
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
@@ -3107,19 +3126,19 @@ msgstr ""
 "kann mit Passwortänderungsanfragen umgehen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2163
+#: sssd.conf.5.xml:2307
 msgid "sudo_provider (string)"
 msgstr "sudo_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2166
+#: sssd.conf.5.xml:2310
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 "der für diese Domain benutzte Sudo-Anbieter. Folgende Sudo-Anbieter werden "
 "unterstützt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2314
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3130,7 +3149,7 @@ msgstr ""
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2178
+#: sssd.conf.5.xml:2322
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
@@ -3139,7 +3158,7 @@ msgstr ""
 "Vorgabeeinstellungen für IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2326
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
@@ -3148,19 +3167,19 @@ msgstr ""
 "Vorgabeeinstellungen für AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2186
+#: sssd.conf.5.xml:2330
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr "»none« deaktiviert explizit Sudo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189 sssd.conf.5.xml:2267 sssd.conf.5.xml:2308
-#: sssd.conf.5.xml:2333
+#: sssd.conf.5.xml:2333 sssd.conf.5.xml:2411 sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2501
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 "Voreinstellung: Falls gesetzt, wird der Wert von »id_provider« benutzt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2337
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -3177,12 +3196,12 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2210
+#: sssd.conf.5.xml:2354
 msgid "selinux_provider (string)"
 msgstr "selinux_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2357
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -3193,7 +3212,7 @@ msgstr ""
 "Zugriffsanbieter beendet hat. Folgende SELinux-Anbieter werden unterstützt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2219
+#: sssd.conf.5.xml:2363
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3205,12 +3224,12 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2227
+#: sssd.conf.5.xml:2371
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr "»none« verbietet explizit das Abholen von SELinux-Einstellungen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2230
+#: sssd.conf.5.xml:2374
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
@@ -3219,12 +3238,12 @@ msgstr ""
 "kann SELinux-Ladeanfragen handhaben."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2380
 msgid "subdomains_provider (string)"
 msgstr "subdomains_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2383
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
@@ -3234,7 +3253,7 @@ msgstr ""
 "werden unterstützt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2245
+#: sssd.conf.5.xml:2389
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3246,7 +3265,7 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2254
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -3255,17 +3274,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2263
+#: sssd.conf.5.xml:2407
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr "»none« deaktiviert explizit das Abholen von Subdomains."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2417
+#, fuzzy
+#| msgid "selinux_provider (string)"
+msgid "session_provider (string)"
+msgstr "selinux_provider (Zeichenkette)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2420
+msgid ""
+"The provider which configures and manages user session related tasks. The "
+"only user session task currently provided is the integration with Fleet "
+"Commander, which works only with IPA.  Supported session providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2427
+msgid "<quote>ipa</quote> to allow performing user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2431
+msgid ""
+"<quote>none</quote> does not perform any kind of user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2435
+#, fuzzy
+#| msgid ""
+#| "Default: <quote>id_provider</quote> is used if it is set and can handle "
+#| "selinux loading requests."
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can perform "
+"session related tasks."
+msgstr ""
+"Voreinstellung: Falls gesetzt, wird der Wert von »id_provider« benutzt. Er "
+"kann SELinux-Ladeanfragen handhaben."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2442
 msgid "autofs_provider (string)"
 msgstr "autofs_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2445
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
@@ -3273,7 +3331,7 @@ msgstr ""
 "»autofs« werden unterstützt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2449
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3285,7 +3343,7 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2288
+#: sssd.conf.5.xml:2456
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3297,34 +3355,25 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2296
-#, fuzzy
-#| msgid ""
-#| "<quote>ipa</quote> to load maps stored in an IPA server. See "
-#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> for more information on configuring IPA."
+#: sssd.conf.5.xml:2464
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry> for more information on configuring the AD provider."
 msgstr ""
-"»ipa«, um auf einem IPA-Server gespeicherte Abbilder zu laden. Weitere "
-"Informationen über die Konfiguration von IPA finden Sie unter <citerefentry> "
-"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2305
+#: sssd.conf.5.xml:2473
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr "»none« deaktiviert explizit »autofs«."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2483
 msgid "hostid_provider (string)"
 msgstr "hostid_provider (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2486
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
@@ -3333,7 +3382,7 @@ msgstr ""
 "wird. Folgende Anbieter von »hostid« werden unterstützt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2322
+#: sssd.conf.5.xml:2490
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3345,12 +3394,12 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2330
+#: sssd.conf.5.xml:2498
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr "»none« deaktiviert explizit »hostid«."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2343
+#: sssd.conf.5.xml:2511
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -3365,7 +3414,7 @@ msgstr ""
 "(NetBIOS-) Namen der Domain entsprechen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2520
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -3377,22 +3426,22 @@ msgstr ""
 "P&lt;Name&gt;[^@\\\\]+)$))« "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2525
 msgid "username"
 msgstr "Benutzername"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2528
 msgid "username@domain.name"
 msgstr "Benutzername@Domain.Name"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2363
+#: sssd.conf.5.xml:2531
 msgid "domain\\username"
 msgstr "Domain\\Benutzername"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2366
+#: sssd.conf.5.xml:2534
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
@@ -3402,7 +3451,7 @@ msgstr ""
 "Windows-Domains zu ermöglichen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2371
+#: sssd.conf.5.xml:2539
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -3412,7 +3461,7 @@ msgstr ""
 "bedeutet »der Name ist alles bis zum »@«-Zeichen, die Domain alles danach«"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2377
+#: sssd.conf.5.xml:2545
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -3424,7 +3473,7 @@ msgstr ""
 "eindeutig benannte Musterteile unterstützen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2384
+#: sssd.conf.5.xml:2552
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
@@ -3433,17 +3482,17 @@ msgstr ""
 "Beschriftungsmusterteile nur die Python-Syntax (?P&lt;Name&gt;)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2431
+#: sssd.conf.5.xml:2599
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "Voreinstellung: »%1$s@%2$s«"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2437
+#: sssd.conf.5.xml:2605
 msgid "lookup_family_order (string)"
 msgstr "lookup_family_order (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2440
+#: sssd.conf.5.xml:2608
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
@@ -3451,50 +3500,56 @@ msgstr ""
 "ermöglicht es, die bei DNS-Abfragen zu bevorzugende Adressfamilie zu wählen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2444
+#: sssd.conf.5.xml:2612
 msgid "Supported values:"
 msgstr "unterstützte Werte:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2447
+#: sssd.conf.5.xml:2615
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 "ipv4_first: versucht die IPv4- und, falls dies fehlschlägt, die IPv6-Adresse "
 "nachzuschlagen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2450
+#: sssd.conf.5.xml:2618
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr "ipv4_only: versucht, nur Rechnernamen zu IPv4-Adressen aufzulösen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2621
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 "ipv6_first: versucht die IPv6- und, falls dies fehlschlägt, die IPv4-Adresse "
 "nachzuschlagen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2456
+#: sssd.conf.5.xml:2624
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr "ipv6_only: versucht, nur Rechnernamen zu IPv6-Adressen aufzulösen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2459
+#: sssd.conf.5.xml:2627
 msgid "Default: ipv4_first"
 msgstr "Voreinstellung: ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2633
 msgid "dns_resolver_timeout (integer)"
 msgstr "dns_resolver_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2468
+#: sssd.conf.5.xml:2636
+#, fuzzy
+#| msgid ""
+#| "Defines the amount of time (in seconds) to wait for a reply from the DNS "
+#| "resolver before assuming that it is unreachable. If this timeout is "
+#| "reached, the domain will continue to operate in offline mode."
 msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
+"Defines the amount of time (in seconds) to wait for a reply from the "
+"internal fail over service before assuming that the service is unreachable. "
+"If this timeout is reached, the domain will continue to operate in offline "
+"mode."
 msgstr ""
 "definiert die Zeit (in Sekunden), die auf eine Antwort vom DNS-Resolver "
 "gewartet werden soll, bevor davon ausgegangen wird, dass er nicht erreichbar "
@@ -3502,18 +3557,25 @@ msgstr ""
 "Offline-Modus arbeiten."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2474 sssd-ldap.5.xml:1251 sssd-ldap.5.xml:1293
-#: sssd-ldap.5.xml:1311 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2643
+msgid ""
+"Please see the section <quote>FAILOVER</quote> for more information about "
+"the service resolution."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2648 sssd-ldap.5.xml:1278 sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1338 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr "Voreinstellung: 6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2654
 msgid "dns_discovery_domain (string)"
 msgstr "dns_discovery_domain (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2483
+#: sssd.conf.5.xml:2657
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
@@ -3522,52 +3584,52 @@ msgstr ""
 "DNS-Dienstabfrage an."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2661
 msgid "Default: Use the domain part of machine's hostname"
 msgstr "Voreinstellung: Der Domain-Teil des Rechnernamens wird benutzt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2493
+#: sssd.conf.5.xml:2667
 msgid "override_gid (integer)"
 msgstr "override_gid (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2496
+#: sssd.conf.5.xml:2670
 msgid "Override the primary GID value with the one specified."
 msgstr "überschreibt die Haupt-GID mit der angegebenen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2502
+#: sssd.conf.5.xml:2676
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2510
+#: sssd.conf.5.xml:2684
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2513
+#: sssd.conf.5.xml:2687
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2519
+#: sssd.conf.5.xml:2693
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2695
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2525
+#: sssd.conf.5.xml:2699
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2528
+#: sssd.conf.5.xml:2702
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -3575,7 +3637,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2505
+#: sssd.conf.5.xml:2679
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -3583,17 +3645,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2540
+#: sssd.conf.5.xml:2714
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2546
+#: sssd.conf.5.xml:2720
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2549
+#: sssd.conf.5.xml:2723
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3601,34 +3663,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2729
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2558
+#: sssd.conf.5.xml:2732
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2561 sssd-ldap.5.xml:1084
+#: sssd.conf.5.xml:2735 sssd-ldap.5.xml:1111
 msgid "ldap_use_tokengroups"
 msgstr "ldap_use_tokengroups"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2564
+#: sssd.conf.5.xml:2738
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2567
+#: sssd.conf.5.xml:2741
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2573
+#: sssd.conf.5.xml:2747
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3636,34 +3698,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2571 sssd-secrets.5.xml:381
+#: sssd.conf.5.xml:2745 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2580
-#, fuzzy
-#| msgid "This option is not available in IPA provider."
+#: sssd.conf.5.xml:2754
 msgid "Note: This option only works with the IPA and AD provider."
-msgstr "Diese Option ist für IPA-Anbieter nicht verfügbar."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2587
+#: sssd.conf.5.xml:2761
 msgid "subdomain_homedir (string)"
 msgstr "subdomain_homedir (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2772
 msgid "%F"
 msgstr "%F"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2599
+#: sssd.conf.5.xml:2773
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr "flacher (NetBIOS-) Name einer Subdomain"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2764
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3678,7 +3738,7 @@ msgstr ""
 "verwendet werden.  <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:2778
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
@@ -3686,17 +3746,17 @@ msgstr ""
 "überschrieben werden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:2782
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr "Voreinstellung: <filename>/home/%d/%u</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2613
+#: sssd.conf.5.xml:2787
 msgid "realmd_tags (string)"
 msgstr "realmd_tags (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2616
+#: sssd.conf.5.xml:2790
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
@@ -3704,14 +3764,12 @@ msgstr ""
 "Kennzeichnungen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2622
-#, fuzzy
-#| msgid "memcache_timeout (int)"
+#: sssd.conf.5.xml:2796
 msgid "cached_auth_timeout (int)"
-msgstr "memcache_timeout (Ganzzahl)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2625
+#: sssd.conf.5.xml:2799
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3719,12 +3777,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2805
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2635
+#: sssd.conf.5.xml:2809
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3732,7 +3790,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1670
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3744,17 +3802,17 @@ msgstr ""
 "\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2653
+#: sssd.conf.5.xml:2827
 msgid "proxy_pam_target (string)"
 msgstr "proxy_pam_target (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2656
+#: sssd.conf.5.xml:2830
 msgid "The proxy target PAM proxies to."
 msgstr "das Proxy-Ziel, an das PAM weiterleitet"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2659
+#: sssd.conf.5.xml:2833
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
@@ -3764,12 +3822,12 @@ msgstr ""
 "hinzufügen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2841
 msgid "proxy_lib_name (string)"
 msgstr "proxy_lib_name (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2670
+#: sssd.conf.5.xml:2844
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3780,12 +3838,12 @@ msgstr ""
 "$(libName)_$(function)«, zum Beispiel »_nss_files_getpwent«."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2680
+#: sssd.conf.5.xml:2854
 msgid "proxy_fast_alias (boolean)"
 msgstr "proxy_fast_alias (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2683
+#: sssd.conf.5.xml:2857
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3799,14 +3857,12 @@ msgstr ""
 "veranlassen, die ID im Zwischenspeicher nachzuschlagen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2697
-#, fuzzy
-#| msgid "min_id,max_id (integer)"
+#: sssd.conf.5.xml:2871
 msgid "proxy_max_children (integer)"
-msgstr "min_id,max_id (Ganzzahl)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2700
+#: sssd.conf.5.xml:2874
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3814,7 +3870,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2823
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
@@ -3823,12 +3879,12 @@ msgstr ""
 "\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2890
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2892
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3845,7 +3901,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2738
+#: sssd.conf.5.xml:2912
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3853,21 +3909,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2744
-#, fuzzy
-#| msgid "Section parameters"
+#: sssd.conf.5.xml:2918
 msgid "Application domain parameters"
-msgstr "Abschnittsparameter"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2746
-#, fuzzy
-#| msgid "full_name_format (string)"
+#: sssd.conf.5.xml:2920
 msgid "inherit_from (string)"
-msgstr "full_name_format (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2749
+#: sssd.conf.5.xml:2923
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3876,18 +3928,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2937
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
-"through the NSS responder. In addition, the application domains also "
-"requests the telephoneNumber attribute, stores it as the phone attribute in "
-"the cache and makes the phone attribute reachable through the D-Bus "
-"interface."
+"through the NSS responder. In addition, the application domain also requests "
+"the telephoneNumber attribute, stores it as the phone attribute in the cache "
+"and makes the phone attribute reachable through the D-Bus interface."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:2771
+#: sssd.conf.5.xml:2945
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3907,12 +3958,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2963
 msgid "The local domain section"
 msgstr "Der Abschnitt lokale Domain"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2791
+#: sssd.conf.5.xml:2965
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3923,29 +3974,29 @@ msgstr ""
 "<replaceable>ID_Anbieter=lokal</replaceable> benutzt."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2798
+#: sssd.conf.5.xml:2972
 msgid "default_shell (string)"
 msgstr "default_shell (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2975
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 "die Standard-Shell für Anwender, die mit den SSSD-Werkzeugen für den "
 "Benutzerbereich erstellt wurde."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2805
+#: sssd.conf.5.xml:2979
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr "Voreinstellung: <filename>/bin/bash</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2810
+#: sssd.conf.5.xml:2984
 msgid "base_directory (string)"
 msgstr "base_directory (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2987
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
@@ -3954,17 +4005,17 @@ msgstr ""
 "replaceable> und benutzen dies als Home-Verzeichnis."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2992
 msgid "Default: <filename>/home</filename>"
 msgstr "Voreinstellung: <filename>/home</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2823
+#: sssd.conf.5.xml:2997
 msgid "create_homedir (bool)"
 msgstr "create_homedir (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:3000
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
@@ -3973,17 +4024,17 @@ msgstr ""
 "werden soll; kann auf der Befehlszeile überschrieben werden"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830 sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:3004 sssd.conf.5.xml:3016
 msgid "Default: TRUE"
 msgstr "Voreinstellung: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2835
+#: sssd.conf.5.xml:3009
 msgid "remove_homedir (bool)"
 msgstr "remove_homedir (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2838
+#: sssd.conf.5.xml:3012
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
@@ -3992,12 +4043,12 @@ msgstr ""
 "entfernt werden soll; kann auf der Befehlszeile überschrieben werden"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2847
+#: sssd.conf.5.xml:3021
 msgid "homedir_umask (integer)"
 msgstr "homedir_umask (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2850
+#: sssd.conf.5.xml:3024
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -4008,17 +4059,17 @@ msgstr ""
 "Standardzugriffsrechte für ein neu erstelltes Home-Verzeichnis anzugeben."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2858
+#: sssd.conf.5.xml:3032
 msgid "Default: 077"
 msgstr "Voreinstellung: 077"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:3037
 msgid "skel_dir (string)"
 msgstr "skel_dir (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2866
+#: sssd.conf.5.xml:3040
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -4031,17 +4082,17 @@ msgstr ""
 "<manvolnum>8</manvolnum> </citerefentry> erstellt wird"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2876
+#: sssd.conf.5.xml:3050
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr "Voreinstellung: <filename>/etc/skel</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2881
+#: sssd.conf.5.xml:3055
 msgid "mail_dir (string)"
 msgstr "mail_dir (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2884
+#: sssd.conf.5.xml:3058
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -4052,17 +4103,17 @@ msgstr ""
 "wurde. Ist dies nicht angegeben wird ein Standardwert verwendet."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2891
+#: sssd.conf.5.xml:3065
 msgid "Default: <filename>/var/mail</filename>"
 msgstr "Voreinstellung: <filename>/var/mail</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:3070
 msgid "userdel_cmd (string)"
 msgstr "userdel_cmd (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2899
+#: sssd.conf.5.xml:3073
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -4074,102 +4125,85 @@ msgstr ""
 "berücksichtigt."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2905
+#: sssd.conf.5.xml:3079
 msgid "Default: None, no command is run"
 msgstr "Voreinstellung: keine, es wird kein Befehl ausgeführt"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2915
-#, fuzzy
-#| msgid "DOMAIN SECTIONS"
+#: sssd.conf.5.xml:3089
 msgid "TRUSTED DOMAIN SECTION"
-msgstr "DOMAIN-ABSCHNITTE"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:3091
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
 "<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
-"replaceable>]</quote>.  Currently supported options in the trusted domain "
-"section are:"
+"replaceable>]</quote>.  Where DOMAIN_NAME is the actual joined-to base "
+"domain. Please refer to examples below for explanation.  Currently supported "
+"options in the trusted domain section are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2922
-#, fuzzy
-#| msgid "ldap_search_base (string)"
+#: sssd.conf.5.xml:3098
 msgid "ldap_search_base,"
-msgstr "ldap_search_base (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2923
-#, fuzzy
-#| msgid "ldap_user_search_base (string)"
+#: sssd.conf.5.xml:3099
 msgid "ldap_user_search_base,"
-msgstr "ldap_user_search_base (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2924
-#, fuzzy
-#| msgid "ldap_group_search_base (string)"
+#: sssd.conf.5.xml:3100
 msgid "ldap_group_search_base,"
-msgstr "ldap_group_search_base (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2925
-#, fuzzy
-#| msgid "ldap_netgroup_search_base (string)"
+#: sssd.conf.5.xml:3101
 msgid "ldap_netgroup_search_base,"
-msgstr "ldap_netgroup_search_base (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2926
-#, fuzzy
-#| msgid "ldap_service_search_base (string)"
+#: sssd.conf.5.xml:3102
 msgid "ldap_service_search_base,"
-msgstr "ldap_service_search_base (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2927
+#: sssd.conf.5.xml:3103
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2928
-#, fuzzy
-#| msgid "ad_server, ad_backup_server (string)"
+#: sssd.conf.5.xml:3104
 msgid "ad_backup_server,"
-msgstr "ad_server, ad_backup_server (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2929
+#: sssd.conf.5.xml:3105
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2930
-#, fuzzy
-#| msgid "use_fully_qualified_names (bool)"
+#: sssd.conf.5.xml:3106
 msgid "use_fully_qualified_names"
-msgstr "use_fully_qualified_names (Boolesch)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2932
+#: sssd.conf.5.xml:3108
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2938 sssd-ldap.5.xml:2662 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:673 sssd-ad.5.xml:1018 sssd-krb5.5.xml:570
-#: sss_rpcidmapd.5.xml:98 sssd-files.5.xml:71
-msgid "EXAMPLE"
-msgstr "BEISPIEL"
+#: sssd.conf.5.xml:3114 idmap_sss.8.xml:43
+msgid "EXAMPLES"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2944
+#: sssd.conf.5.xml:3120
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -4223,9 +4257,15 @@ msgstr ""
 "enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2940
+#: sssd.conf.5.xml:3116
+#, fuzzy
+#| msgid ""
+#| "The following example shows a typical SSSD config. It does not describe "
+#| "configuration of the domains themselves - refer to documentation on "
+#| "configuring domains for more details.  <placeholder type=\"programlisting"
+#| "\" id=\"0\"/>"
 msgid ""
-"The following example shows a typical SSSD config. It does not describe "
+"1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 "id=\"0\"/>"
@@ -4235,6 +4275,25 @@ msgstr ""
 "in der Dokumentation zum Konfigurieren von Domains. <placeholder type="
 "\"programlisting\" id=\"0\"/>"
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:3153
+#, no-wrap
+msgid ""
+"[domain/ipa.com/child.ad.com]\n"
+"use_fully_qualified_names = false\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3147
+msgid ""
+"2. The following example shows configuration of IPA AD trust where the AD "
+"forest consists of two domains in a parent-child structure.  Suppose IPA "
+"domain (ipa.com) has trust with AD domain(ad.com).  ad.com has child domain "
+"(child.ad.com). To enable shortnames in the child domain the following "
+"configuration should be used.  <placeholder type=\"programlisting\" id=\"0\"/"
+">"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
 msgid "sssd-ldap"
@@ -4289,7 +4348,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:75 sssd-ad.5.xml:99
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
-#: sssd-secrets.5.xml:94 sssd-kcm.8.xml:141
+#: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
 msgstr "KONFIGURATIONSOPTIONEN"
 
@@ -4314,7 +4373,7 @@ msgstr ""
 "aktiviert. Weitere Informationen finden Sie im Abschnitt »DIENSTSUCHE«."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:197
+#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:264
 msgid "The format of the URI must match the format defined in RFC 2732:"
 msgstr ""
 "Das Format der URI muss dem in RFC 2732 definierten Format entsprechen:"
@@ -4641,16 +4700,14 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
 msgstr "das LDAP-Attribut, das zu der Hauptgruppen-ID des Benutzers gehört"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:893
+#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:920
 msgid "Default: gidNumber"
 msgstr "Voreinstellung: gidNumber"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:303
-#, fuzzy
-#| msgid "ldap_user_principal (string)"
 msgid "ldap_user_primary_group (string)"
-msgstr "ldap_user_principal (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:306
@@ -4724,7 +4781,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:919
+#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:946
 msgid ""
 "Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
 "IPA"
@@ -4745,7 +4802,7 @@ msgstr ""
 "Dies wird normalerweise nur für Active-Directory-Server benötigt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:961
 msgid "Default: objectSid for ActiveDirectory, not set for other servers."
 msgstr ""
 
@@ -4755,7 +4812,7 @@ msgid "ldap_user_modify_timestamp (string)"
 msgstr "ldap_user_modify_timestamp (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:944 sssd-ldap.5.xml:1167
+#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:971 sssd-ldap.5.xml:1194
 msgid ""
 "The LDAP attribute that contains timestamp of the last modification of the "
 "parent object."
@@ -4764,7 +4821,7 @@ msgstr ""
 "übergeordneten Objekt enthält"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:948 sssd-ldap.5.xml:1174
+#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:975 sssd-ldap.5.xml:1201
 msgid "Default: modifyTimestamp"
 msgstr "Voreinstellung: modifyTimestamp"
 
@@ -5232,8 +5289,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
 msgstr "das LDAP-Attribut, das dem vollständigen Benutzernamen entspricht"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1199
-#: sssd-ldap.5.xml:2240 sssd-ipa.5.xml:544
+#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1152 sssd-ldap.5.xml:1226
+#: sssd-ldap.5.xml:2276 sssd-ipa.5.xml:588
 msgid "Default: cn"
 msgstr "Voreinstellung: cn"
 
@@ -5337,112 +5394,167 @@ msgstr "Voreinstellung: host"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:833
-msgid "ldap_user_certificate (string)"
-msgstr ""
+#, fuzzy
+#| msgid "ldap_user_authorized_host (string)"
+msgid "ldap_user_authorized_rhost (string)"
+msgstr "ldap_user_authorized_host (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:836
-msgid "Name of the LDAP attribute containing the X509 certificate of the user."
+#, fuzzy
+#| msgid ""
+#| "If access_provider=ldap and ldap_access_order=host, SSSD will use the "
+#| "presence of the host attribute in the user's LDAP entry to determine "
+#| "access privilege."
+msgid ""
+"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
+"presence of the rhost attribute in the user's LDAP entry to determine access "
+"privilege. Similarly to host verification process."
 msgstr ""
+"Falls »access_provider=ldap« und »ldap_access_order=host« benutzt werden, "
+"wird SSSD die Anwesenheit das Attributs »host« im LDAP-Eintrag den Benutzers "
+"verwenden, um die Zugriffsrechte zu bestimmen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:840
-msgid "Default: no set in the general case, userCertificate;binary for IPA"
+#: sssd-ldap.5.xml:843
+#, fuzzy
+#| msgid ""
+#| "An explicit deny (!host) is resolved first. Second, SSSD searches for "
+#| "explicit allow (host) and finally for allow_all (*)."
+msgid ""
+"An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
+"explicit allow (rhost) and finally for allow_all (*)."
 msgstr ""
+"Ein explizites Verweigern (»!host«) wird zuerst aufgelöst. Als Zweites sucht "
+"SSSD eine explizite Erlaubnis (»host«) und zuletzt nach »allow_all« (*)."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:848
+#, fuzzy
+#| msgid ""
+#| "Please note that the ldap_access_order configuration option "
+#| "<emphasis>must</emphasis> include <quote>host</quote> in order for the "
+#| "ldap_user_authorized_host option to work."
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>rhost</quote> in order for the "
+"ldap_user_authorized_rhost option to work."
+msgstr ""
+"Bitte beachten Sie, dass die Konfigurationsoption »ldap_access_order« »host« "
+"enthalten <emphasis>muss</emphasis>, damit die Option "
+"»ldap_user_authorized_host« funktioniert."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:855
+#, fuzzy
+#| msgid "Default: host"
+msgid "Default: rhost"
+msgstr "Voreinstellung: host"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:847
+#: sssd-ldap.5.xml:861
+msgid "ldap_user_certificate (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "Name of the LDAP attribute containing the X509 certificate of the user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:868
 #, fuzzy
-#| msgid "ldap_user_shell (string)"
+#| msgid "Default: filter"
+msgid "Default: userCertificate;binary"
+msgstr "Voreinstellung: filter"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:874
 msgid "ldap_user_email (string)"
-msgstr "ldap_user_shell (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:850
-#, fuzzy
-#| msgid "The LDAP attribute that contains the names of the group's members."
+#: sssd-ldap.5.xml:877
 msgid "Name of the LDAP attribute containing the email address of the user."
-msgstr "das LDAP-Attribut, das die Namen der Gruppenmitglieder enthält"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-#, fuzzy
-#| msgid "Default: false"
+#: sssd-ldap.5.xml:881
 msgid "Default: mail"
-msgstr "Voreinstellung: »false«"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:860
+#: sssd-ldap.5.xml:887
 msgid "ldap_group_object_class (string)"
 msgstr "ldap_group_object_class (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:890
 msgid "The object class of a group entry in LDAP."
 msgstr "die Objektklasse eines Gruppeneintrags in LDAP"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:893
 msgid "Default: posixGroup"
 msgstr "Voreinstellung: posixGroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:872
+#: sssd-ldap.5.xml:899
 msgid "ldap_group_name (string)"
 msgstr "ldap_group_name (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:875
+#: sssd-ldap.5.xml:902
 msgid "The LDAP attribute that corresponds to the group name."
 msgstr "das LDAP-Attribut, das dem Gruppennamen entspricht"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:879
+#: sssd-ldap.5.xml:906
 msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:886
+#: sssd-ldap.5.xml:913
 msgid "ldap_group_gid_number (string)"
 msgstr "ldap_group_gid_number (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:916
 msgid "The LDAP attribute that corresponds to the group's id."
 msgstr "das LDAP-Attribut, das der Gruppen-ID entspricht"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:926
 msgid "ldap_group_member (string)"
 msgstr "ldap_group_member (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:902
+#: sssd-ldap.5.xml:929
 msgid "The LDAP attribute that contains the names of the group's members."
 msgstr "das LDAP-Attribut, das die Namen der Gruppenmitglieder enthält"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:933
 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
 msgstr "Voreinstellung: memberuid (rfc2307) / member (rfc2307bis)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:939
 msgid "ldap_group_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:942
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:953
 msgid "ldap_group_objectsid (string)"
 msgstr "ldap_group_objectsid (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:929
+#: sssd-ldap.5.xml:956
 msgid ""
 "The LDAP attribute that contains the objectSID of an LDAP group object. This "
 "is usually only necessary for ActiveDirectory servers."
@@ -5451,17 +5563,17 @@ msgstr ""
 "wird normalerweise nur für Active-Directory-Server benötigt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:968
 msgid "ldap_group_modify_timestamp (string)"
 msgstr "ldap_group_modify_timestamp (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:981
 msgid "ldap_group_type (integer)"
 msgstr "ldap_group_type (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:957
+#: sssd-ldap.5.xml:984
 msgid ""
 "The LDAP attribute that contains an integer value indicating the type of the "
 "group and maybe other flags."
@@ -5470,7 +5582,7 @@ msgstr ""
 "eventuell weitere Flags enthält."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:962
+#: sssd-ldap.5.xml:989
 msgid ""
 "This attribute is currently only used by the AD provider to determine if a "
 "group is a domain local groups and has to be filtered out for trusted "
@@ -5481,40 +5593,34 @@ msgstr ""
 "Domains herausgefiltert werden sollte."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:968
-#, fuzzy
-#| msgid "Default: groupType in the AD provider, othewise not set"
+#: sssd-ldap.5.xml:995
 msgid "Default: groupType in the AD provider, otherwise not set"
-msgstr "Voreinstellung: groupType im AD-Anbieter, anderenfalls nicht gesetzt"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:975
-#, fuzzy
-#| msgid "ldap_group_member (string)"
+#: sssd-ldap.5.xml:1002
 msgid "ldap_group_external_member (string)"
-msgstr "ldap_group_member (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:978
+#: sssd-ldap.5.xml:1005
 msgid ""
 "The LDAP attribute that references group members that are defined in an "
 "external domain. At the moment, only IPA's external members are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
-#, fuzzy
-#| msgid "Default: groupType in the AD provider, othewise not set"
+#: sssd-ldap.5.xml:1011
 msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
-msgstr "Voreinstellung: groupType im AD-Anbieter, anderenfalls nicht gesetzt"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1018
 msgid "ldap_group_nesting_level (integer)"
 msgstr "ldap_group_nesting_level (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1021
 msgid ""
 "If ldap_schema is set to a schema format that supports nested groups (e.g. "
 "RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -5526,7 +5632,7 @@ msgstr ""
 "das Schema RFC2307."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
+#: sssd-ldap.5.xml:1028
 msgid ""
 "Note: This option specifies the guaranteed level of nested groups to be "
 "processed for any lookup. However, nested groups beyond this limit "
@@ -5543,13 +5649,7 @@ msgstr ""
 "erfolgt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-#, fuzzy
-#| msgid ""
-#| "If ldap_group_nesting_level is set to 0 then no nested groups are "
-#| "processed at all. However, when connected to Active-Directory Server 2008 "
-#| "and later it is furthermore required to disable usage of Token-Groups by "
-#| "setting ldap_use_tokengroups to false."
+#: sssd-ldap.5.xml:1037
 msgid ""
 "If ldap_group_nesting_level is set to 0 then no nested groups are processed "
 "at all. However, when connected to Active-Directory Server 2008 and later "
@@ -5557,24 +5657,19 @@ msgid ""
 "usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
 "restrict group nesting."
 msgstr ""
-"Falls ldap_group_nesting_level auf 0 gesetzt ist, werden überhaupt keine "
-"verschachtelten Gruppen verarbeitet. Es ist außerdem notwendig, für den "
-"Active Directory Server 2008 und neuere Versionen die Verwendung von Token-"
-"Gruppen zu deaktivieren, indem der boolesche Wert von ldap_use_tokengroups "
-"auf »falsch« gesetzt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1046
 msgid "Default: 2"
 msgstr "Voreinstellung: 2"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1025
+#: sssd-ldap.5.xml:1052
 msgid "ldap_groups_use_matching_rule_in_chain"
 msgstr "ldap_groups_use_matching_rule_in_chain"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1028
+#: sssd-ldap.5.xml:1055
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which may speed up group lookup operations on deployments with "
@@ -5586,7 +5681,7 @@ msgstr ""
 "beschleunigen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1034
+#: sssd-ldap.5.xml:1061
 msgid ""
 "In most common cases, it is best to leave this option disabled. It generally "
 "only provides a performance increase on very complex nestings."
@@ -5596,7 +5691,7 @@ msgstr ""
 "Leistungssteigerung."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039 sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1093
 msgid ""
 "If this option is enabled, SSSD will use it if it detects that the server "
 "supports it during initial connection. So \"True\" here essentially means "
@@ -5607,7 +5702,7 @@ msgstr ""
 "»True« eigentlich »auto-detect«."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1072
+#: sssd-ldap.5.xml:1072 sssd-ldap.5.xml:1099
 msgid ""
 "Note: This feature is currently known to work only with Active Directory "
 "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -5620,12 +5715,12 @@ msgstr ""
 "aa746475%28v=vs.85%29.aspx\"> MSDN™-Dokumentation</ulink>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1057
+#: sssd-ldap.5.xml:1084
 msgid "ldap_initgroups_use_matching_rule_in_chain"
 msgstr "ldap_initgroups_use_matching_rule_in_chain"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1087
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which might speed up initgroups operations (most notably when "
@@ -5637,7 +5732,7 @@ msgstr ""
 "verschachtelten Gruppen)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1114
 msgid ""
 "This options enables or disables use of Token-Groups attribute when "
 "performing initgroup for users from Active Directory Server 2008 and later."
@@ -5647,76 +5742,76 @@ msgstr ""
 "und neuere Versionen ausgeführt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1092
+#: sssd-ldap.5.xml:1119
 msgid "Default: True for AD and IPA otherwise False."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1125
 msgid "ldap_netgroup_object_class (string)"
 msgstr "ldap_netgroup_object_class (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1101
+#: sssd-ldap.5.xml:1128
 msgid "The object class of a netgroup entry in LDAP."
 msgstr "die Objektklasse eines Netzgruppeneintrags in LDAP"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1104
+#: sssd-ldap.5.xml:1131
 msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
 msgstr ""
 "Beim IPA-Anbieter sollte stattdessen »ipa_netgroup_object_class« benutzt "
 "werden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1108
+#: sssd-ldap.5.xml:1135
 msgid "Default: nisNetgroup"
 msgstr "Voreinstellung: nisNetgroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1114
+#: sssd-ldap.5.xml:1141
 msgid "ldap_netgroup_name (string)"
 msgstr "ldap_netgroup_name (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1117
+#: sssd-ldap.5.xml:1144
 msgid "The LDAP attribute that corresponds to the netgroup name."
 msgstr "das LDAP-Attribut, das dem Netzgruppennamen entspricht"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1121
+#: sssd-ldap.5.xml:1148
 msgid "In IPA provider, ipa_netgroup_name should be used instead."
 msgstr ""
 "Beim IPA-Anbieter sollte stattdessen »ipa_netgroup_name« benutzt werden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1131
+#: sssd-ldap.5.xml:1158
 msgid "ldap_netgroup_member (string)"
 msgstr "ldap_netgroup_member (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1134
+#: sssd-ldap.5.xml:1161
 msgid "The LDAP attribute that contains the names of the netgroup's members."
 msgstr "das LDAP-Attribut, das die Namen der Netzgruppenmitglieder enthält"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1165
 msgid "In IPA provider, ipa_netgroup_member should be used instead."
 msgstr ""
 "Beim IPA-Anbieter sollte stattdessen »ipa_netgroup_member« benutzt werden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1142
+#: sssd-ldap.5.xml:1169
 msgid "Default: memberNisNetgroup"
 msgstr "Voreinstellung: memberNisNetgroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1175
 msgid "ldap_netgroup_triple (string)"
 msgstr "ldap_netgroup_triple (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1178
 msgid ""
 "The LDAP attribute that contains the (host, user, domain) netgroup triples."
 msgstr ""
@@ -5724,42 +5819,42 @@ msgstr ""
 "enthält"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1155 sssd-ldap.5.xml:1171
+#: sssd-ldap.5.xml:1182 sssd-ldap.5.xml:1198
 msgid "This option is not available in IPA provider."
 msgstr "Diese Option ist für IPA-Anbieter nicht verfügbar."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1158
+#: sssd-ldap.5.xml:1185
 msgid "Default: nisNetgroupTriple"
 msgstr "Voreinstellung: nisNetgroupTriple"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1191
 msgid "ldap_netgroup_modify_timestamp (string)"
 msgstr "ldap_netgroup_modify_timestamp (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1207
 msgid "ldap_service_object_class (string)"
 msgstr "ldap_service_object_class (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1210
 msgid "The object class of a service entry in LDAP."
 msgstr "die Objektklasse eines Diensteintrags in LDAP"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1186
+#: sssd-ldap.5.xml:1213
 msgid "Default: ipService"
 msgstr "Voreinstellung: ipService"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1192
+#: sssd-ldap.5.xml:1219
 msgid "ldap_service_name (string)"
 msgstr "ldap_service_name (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1195
+#: sssd-ldap.5.xml:1222
 msgid ""
 "The LDAP attribute that contains the name of service attributes and their "
 "aliases."
@@ -5767,49 +5862,49 @@ msgstr ""
 "das LDAP-Attribut, das die Namen von Dienstattributen und ihre Alias enthält"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1205
+#: sssd-ldap.5.xml:1232
 msgid "ldap_service_port (string)"
 msgstr "ldap_service_port (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1235
 msgid "The LDAP attribute that contains the port managed by this service."
 msgstr "das LDAP-Attribut, das den von diesem Dienst verwalteten Port enthält"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1239
 msgid "Default: ipServicePort"
 msgstr "Voreinstellung: ipServicePort"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1245
 msgid "ldap_service_proto (string)"
 msgstr "ldap_service_proto (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1248
 msgid ""
 "The LDAP attribute that contains the protocols understood by this service."
 msgstr ""
 "das LDAP-Attribut, das die von diesem Dienst verstandenen Protokolle enthält"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1252
 msgid "Default: ipServiceProtocol"
 msgstr "Voreinstellung: ipServiceProtocol"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1231
+#: sssd-ldap.5.xml:1258
 msgid "ldap_service_search_base (string)"
 msgstr "ldap_service_search_base (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1236
+#: sssd-ldap.5.xml:1263
 msgid "ldap_search_timeout (integer)"
 msgstr "ldap_search_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1266
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches are allowed to run "
 "before they are cancelled and cached results are returned (and offline mode "
@@ -5820,7 +5915,7 @@ msgstr ""
 "Ergebnisse zurückgegeben werden (und in den Offline-Modus gegangen wird)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1245
+#: sssd-ldap.5.xml:1272
 msgid ""
 "Note: this option is subject to change in future versions of the SSSD. It "
 "will likely be replaced at some point by a series of timeouts for specific "
@@ -5831,12 +5926,12 @@ msgstr ""
 "Zeitüberschreitungspunkten für spezielle Nachschlagetypen ersetzt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1257
+#: sssd-ldap.5.xml:1284
 msgid "ldap_enumeration_search_timeout (integer)"
 msgstr "ldap_enumeration_search_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1260
+#: sssd-ldap.5.xml:1287
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches for user and group "
 "enumerations are allowed to run before they are cancelled and cached results "
@@ -5848,12 +5943,12 @@ msgstr ""
 "(und in den Offline-Modus gegangen wird)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1273
+#: sssd-ldap.5.xml:1300
 msgid "ldap_network_timeout (integer)"
 msgstr "ldap_network_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1303
 msgid ""
 "Specifies the timeout (in seconds) after which the <citerefentry> "
 "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -5870,12 +5965,12 @@ msgstr ""
 "citerefentry> zurückkehrt, falls keine Aktivität stattfindet."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1326
 msgid "ldap_opt_timeout (integer)"
 msgstr "ldap_opt_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1329
 msgid ""
 "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
 "will abort if no response is received. Also controls the timeout when "
@@ -5884,12 +5979,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1344
 msgid "ldap_connection_expire_timeout (integer)"
 msgstr "ldap_connection_expire_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1347
 msgid ""
 "Specifies a timeout (in seconds) that a connection to an LDAP server will be "
 "maintained. After this time, the connection will be re-established. If used "
@@ -5903,17 +5998,17 @@ msgstr ""
 "Lebensdauer) verwendet."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1328 sssd-ldap.5.xml:2397
+#: sssd-ldap.5.xml:1355 sssd-ldap.5.xml:2433
 msgid "Default: 900 (15 minutes)"
 msgstr "Voreinstellung: 900 (15 Minuten)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1361
 msgid "ldap_page_size (integer)"
 msgstr "ldap_page_size (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1364
 msgid ""
 "Specify the number of records to retrieve from LDAP in a single request. "
 "Some LDAP servers enforce a maximum limit per-request."
@@ -5923,17 +6018,17 @@ msgstr ""
 "pro Anfrage."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1342
+#: sssd-ldap.5.xml:1369
 msgid "Default: 1000"
 msgstr "Voreinstellung: 1000"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1375
 msgid "ldap_disable_paging (boolean)"
 msgstr "ldap_disable_paging (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1378
 msgid ""
 "Disable the LDAP paging control. This option should be used if the LDAP "
 "server reports that it supports the LDAP paging control in its RootDSE but "
@@ -5945,7 +6040,7 @@ msgstr ""
 "deaktiviert ist oder sich nicht ordnungsgemäß verhält."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1384
 msgid ""
 "Example: OpenLDAP servers with the paging control module installed on the "
 "server but not enabled will report it in the RootDSE but be unable to use it."
@@ -5955,7 +6050,7 @@ msgstr ""
 "aber nicht in der Lage, es zu benutzen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1363
+#: sssd-ldap.5.xml:1390
 msgid ""
 "Example: 389 DS has a bug where it can only support a one paging control at "
 "a time on a single connection. On busy clients, this can result in some "
@@ -5967,17 +6062,17 @@ msgstr ""
 "abgelehnt werden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1375
+#: sssd-ldap.5.xml:1402
 msgid "ldap_disable_range_retrieval (boolean)"
 msgstr "ldap_disable_range_retrieval (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1378
+#: sssd-ldap.5.xml:1405
 msgid "Disable Active Directory range retrieval."
 msgstr "deaktiviert die Bereichsabfrage von Active Directory"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1381
+#: sssd-ldap.5.xml:1408
 msgid ""
 "Active Directory limits the number of members to be retrieved in a single "
 "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -5993,12 +6088,12 @@ msgstr ""
 "es so aussehen, als ob große Gruppen keine Mitglieder hätten."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1396
+#: sssd-ldap.5.xml:1423
 msgid "ldap_sasl_minssf (integer)"
 msgstr "ldap_sasl_minssf (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1426
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -6009,19 +6104,19 @@ msgstr ""
 "Werte dieser Option werden durch OpenLDAP definiert."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1432
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 "Voreinstellung: verwendet die Voreinstellungen des System (normalerweise in "
 "»ldap.conf« angegeben)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1439
 msgid "ldap_deref_threshold (integer)"
 msgstr "ldap_deref_threshold (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1415
+#: sssd-ldap.5.xml:1442
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -6033,7 +6128,7 @@ msgstr ""
 "nachgeschlagen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1448
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0."
 msgstr ""
@@ -6041,7 +6136,7 @@ msgstr ""
 "den Wert auf 0 setzen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1452
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -6054,7 +6149,7 @@ msgstr ""
 "unterstützten Server sind 389/RHDS, OpenLDAP und Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1433
+#: sssd-ldap.5.xml:1460
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -6065,12 +6160,12 @@ msgstr ""
 "Nachschlagen ohne Rücksicht auf die Einstellung deaktiviert."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1473
 msgid "ldap_tls_reqcert (string)"
 msgstr "ldap_tls_reqcert (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1449
+#: sssd-ldap.5.xml:1476
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
@@ -6080,7 +6175,7 @@ msgstr ""
 "Werte angegeben werden:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1482
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
@@ -6089,7 +6184,7 @@ msgstr ""
 "oder anfordern."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1486
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6101,7 +6196,7 @@ msgstr ""
 "Sitzung fährt normal fort."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466
+#: sssd-ldap.5.xml:1493
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6112,7 +6207,7 @@ msgstr ""
 "ungültiges Zertifikat bereitgestellt wird, wird die Sitzung sofort beendet."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1472
+#: sssd-ldap.5.xml:1499
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -6123,22 +6218,22 @@ msgstr ""
 "sofort beendet."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1478
+#: sssd-ldap.5.xml:1505
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr "<emphasis>hard</emphasis> = entspricht »demand«"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1509
 msgid "Default: hard"
 msgstr "Voreinstellung: hard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1515
 msgid "ldap_tls_cacert (string)"
 msgstr "ldap_tls_cacert (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1518
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
@@ -6147,7 +6242,7 @@ msgstr ""
 "die <command>sssd</command> erkennen wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1496 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1523 sssd-ldap.5.xml:1541 sssd-ldap.5.xml:1582
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
@@ -6156,12 +6251,12 @@ msgstr ""
 "<filename>/etc/openldap/ldap.conf</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1530
 msgid "ldap_tls_cacertdir (string)"
 msgstr "ldap_tls_cacertdir (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1533
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -6175,33 +6270,33 @@ msgstr ""
 "Erstellen der korrekten Namen verwendet werden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1548
 msgid "ldap_tls_cert (string)"
 msgstr "ldap_tls_cert (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1524
+#: sssd-ldap.5.xml:1551
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 "gibt die Datei an, die das Zertifikat für den Schlüssel des Clients enthält."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1534
+#: sssd-ldap.5.xml:1561
 msgid "ldap_tls_key (string)"
 msgstr "ldap_tls_key (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1564
 msgid "Specifies the file that contains the client's key."
 msgstr "gibt die Datei an, die den Schlüssel des Clients enthält."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1573
 msgid "ldap_tls_cipher_suite (string)"
 msgstr "ldap_tls_cipher_suite (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1576
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -6209,12 +6304,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1589
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr "ldap_id_use_start_tls (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1565
+#: sssd-ldap.5.xml:1592
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem class="
 "\"protocol\">tls</systemitem> to protect the channel."
@@ -6223,12 +6318,12 @@ msgstr ""
 "\">tls</systemitem> benutzen muss, um den Kanal abzusichern."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1602
 msgid "ldap_id_mapping (boolean)"
 msgstr "ldap_id_mapping (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1605
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -6240,21 +6335,19 @@ msgstr ""
 "verlassen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1584
+#: sssd-ldap.5.xml:1611
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 "Derzeit unterstützt diese Funktionalität nur das Abbilden von Active-"
 "Directory-ObjectSIDs."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1594
-#, fuzzy
-#| msgid "ldap_min_id, ldap_max_id (interger)"
+#: sssd-ldap.5.xml:1621
 msgid "ldap_min_id, ldap_max_id (integer)"
-msgstr "ldap_min_id, ldap_max_id (Ganzzahl)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1624
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -6273,17 +6366,17 @@ msgstr ""
 "Abbildung von IDs wählen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1636
 msgid "Default: not set (both options are set to 0)"
 msgstr "Voreinstellung: nicht gesetzt (beide Optionen sind auf 0 gesetzt)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1642
 msgid "ldap_sasl_mech (string)"
 msgstr "ldap_sasl_mech (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1645
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
 "supported."
@@ -6292,12 +6385,12 @@ msgstr ""
 "GSSAPI getestet und wird unterstützt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1655
 msgid "ldap_sasl_authid (string)"
 msgstr "ldap_sasl_authid (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1658
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI is used, this "
 "represents the Kerberos principal used for authentication to the directory.  "
@@ -6312,17 +6405,17 @@ msgstr ""
 "enthalten."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1666
 msgid "Default: host/hostname@REALM"
 msgstr "Voreinstellung Rechner/MeinRechner@BEREICH"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1672
 msgid "ldap_sasl_realm (string)"
 msgstr "ldap_sasl_realm (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1648
+#: sssd-ldap.5.xml:1675
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -6333,17 +6426,17 @@ msgstr ""
 "»ldap_sasl_authid« ebenfalls den Realm enthält, wird diese Option ignoriert."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1681
 msgid "Default: the value of krb5_realm."
 msgstr "Voreinstellung: der Wert von »krb5_realm«"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1687
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr "ldap_sasl_canonicalize (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1663
+#: sssd-ldap.5.xml:1690
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
@@ -6353,34 +6446,34 @@ msgstr ""
 "Bind in eine kanonische Form zu bringen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1668
+#: sssd-ldap.5.xml:1695
 msgid "Default: false;"
 msgstr "Voreinstellung: false;"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1701
 msgid "ldap_krb5_keytab (string)"
 msgstr "ldap_krb5_keytab (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1677
+#: sssd-ldap.5.xml:1704
 msgid "Specify the keytab to use when using SASL/GSSAPI."
 msgstr "gibt die Keytab an, wenn SASL/GSSAPI benutzt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1680
+#: sssd-ldap.5.xml:1707
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 "Voreinstellung: Keytab des Systems, normalerweise <filename>/etc/krb5."
 "keytab</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1686
+#: sssd-ldap.5.xml:1713
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr "ldap_krb5_init_creds (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1689
+#: sssd-ldap.5.xml:1716
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -6391,28 +6484,28 @@ msgstr ""
 "ausgewählte Mechnaismus GSSAPI ist."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1728
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr "ldap_krb5_ticket_lifetime (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1704
+#: sssd-ldap.5.xml:1731
 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr ""
 "gibt die Lebensdauer eines TGT in Sekunden an, falls GSSAPI benutzt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1708 sssd-ad.5.xml:914
+#: sssd-ldap.5.xml:1735 sssd-ad.5.xml:914
 msgid "Default: 86400 (24 hours)"
 msgstr "Voreinstellung: 86400 (24 Stunden)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1714 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1741 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr "krb5_server, krb5_backup_server (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1717
+#: sssd-ldap.5.xml:1744
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -6431,7 +6524,7 @@ msgstr ""
 "Weitere Informationen finden Sie im Abschnitt »DIENSTSUCHE«."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1756 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -6442,7 +6535,7 @@ msgstr ""
 "Protokoll angeben. Falls keine gefunden werden, weicht es auf _tcp aus."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1761 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -6454,29 +6547,29 @@ msgstr ""
 "migrieren."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1743 sssd-ipa.5.xml:418 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1770 sssd-ipa.5.xml:432 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr "krb5_realm (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1746
+#: sssd-ldap.5.xml:1773
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
 msgstr "gibt den Kerberos-REALM an (für SASL/GSSAPI-Authentifizierung)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1749
+#: sssd-ldap.5.xml:1776
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 "Voreinstellung: Systemvoreinstellungen, siehe <filename>/etc/krb5.conf</"
 "filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1755 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1782 sssd-krb5.5.xml:462
 msgid "krb5_canonicalize (boolean)"
 msgstr "krb5_canonicalize (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1785
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -6486,12 +6579,12 @@ msgstr ""
 "Kerberos >= 1.7 verfügbar."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1770 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1797 sssd-krb5.5.xml:477
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr "krb5_use_kdcinfo (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1773 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1800 sssd-krb5.5.xml:480
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -6507,7 +6600,7 @@ msgstr ""
 "manvolnum> </citerefentry> einrichten."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1811 sssd-krb5.5.xml:491
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -6518,12 +6611,12 @@ msgstr ""
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1825
 msgid "ldap_pwd_policy (string)"
 msgstr "ldap_pwd_policy (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1828
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
@@ -6532,7 +6625,7 @@ msgstr ""
 "Passworts abgeschätzt werden soll. Die folgenden Werte sind erlaubt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1806
+#: sssd-ldap.5.xml:1833
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
@@ -6541,7 +6634,7 @@ msgstr ""
 "kann keine Server-seitigen Passwortregelwerke deaktivieren."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1811
+#: sssd-ldap.5.xml:1838
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -6552,7 +6645,7 @@ msgstr ""
 "manvolnum></citerefentry>, um abzuschätzen, ob das Passwort erloschen ist."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1817
+#: sssd-ldap.5.xml:1844
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -6564,7 +6657,7 @@ msgstr ""
 "Passwort geändert wurde."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1826
+#: sssd-ldap.5.xml:1853
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
@@ -6574,17 +6667,17 @@ msgstr ""
 "festgelegten Regel."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1861
 msgid "ldap_referrals (boolean)"
 msgstr "ldap_referrals (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1864
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr "gibt an, ob automatische Verweisverfolgung aktiviert werden soll."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1868
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
@@ -6593,7 +6686,7 @@ msgstr ""
 "mit OpenLDAP Version 2.4.13 oder höher kompiliert wurde."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1873
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -6607,28 +6700,28 @@ msgstr ""
 "merkliche Leistungsverbesserung bringen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1887
 msgid "ldap_dns_service_name (string)"
 msgstr "ldap_dns_service_name (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1890
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 "gibt an, welcher Dienstname bei aktivierter Dienstsuche benutzt werden soll."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1894
 msgid "Default: ldap"
 msgstr "Voreinstellung: ldap"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1900
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr "ldap_chpass_dns_service_name (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1876
+#: sssd-ldap.5.xml:1903
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
@@ -6637,17 +6730,17 @@ msgstr ""
 "soll, der Passwortänderungen bei aktivierter Dienstsuche ermöglicht."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1881
+#: sssd-ldap.5.xml:1908
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr "Voreinstellung: nicht gesetzt, d.h. Dienstsuche ist deaktiviert"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1887
+#: sssd-ldap.5.xml:1914
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr "ldap_chpass_update_last_change (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1890
+#: sssd-ldap.5.xml:1917
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
@@ -6656,12 +6749,12 @@ msgstr ""
 "Passwortänderung mit Unix-Zeit geändert wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1902
+#: sssd-ldap.5.xml:1929
 msgid "ldap_access_filter (string)"
 msgstr "ldap_access_filter (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1932
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -6691,12 +6784,12 @@ msgstr ""
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1952
 msgid "Example:"
 msgstr "Beispiel:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1928
+#: sssd-ldap.5.xml:1955
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -6708,7 +6801,7 @@ msgstr ""
 "                        "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1959
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
@@ -6717,35 +6810,26 @@ msgstr ""
 "beschränkt, deren employeeType-Attribut auf »admin« gesetzt ist."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1937
-#, fuzzy
-#| msgid ""
-#| "Offline caching for this feature is limited to determining whether the "
-#| "user's last online login was granted access permission. If they were "
-#| "granted access during their last login, they will continue to be granted "
-#| "access while offline and vice-versa."
+#: sssd-ldap.5.xml:1964
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
 "access during their last login, they will continue to be granted access "
 "while offline and vice versa."
 msgstr ""
-"Die Offline-Zwischenspeicherung ist darauf beschränkt festzulegen, ob bei "
-"der letzten Online-Anmeldung des Benutzers Zugriffsrechte gewährt wurden. "
-"Falls ja, wird weiterhin offline Zugriff gegeben und umgekehrt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1945 sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:1972 sssd-ldap.5.xml:2029
 msgid "Default: Empty"
 msgstr "Voreinstellung: leer"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1951
+#: sssd-ldap.5.xml:1978
 msgid "ldap_account_expire_policy (string)"
 msgstr "ldap_account_expire_policy (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1981
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
@@ -6754,7 +6838,7 @@ msgstr ""
 "Zugriffssteuerungsattribute aktiviert werden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1958
+#: sssd-ldap.5.xml:1985
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -6765,12 +6849,12 @@ msgstr ""
 "einem geeigneten Fehlercode zurückweisen, wenn das Passwort korrekt ist."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1965
+#: sssd-ldap.5.xml:1992
 msgid "The following values are allowed:"
 msgstr "Die folgenden Werte sind erlaubt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1995
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
@@ -6779,7 +6863,7 @@ msgstr ""
 "»ldap_user_shadow_expire«, um zu bestimmen, ob das Konto abgelaufen ist."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1973
+#: sssd-ldap.5.xml:2000
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -6792,7 +6876,7 @@ msgstr ""
 "gewährt. Außerdem wird die Ablaufzeit des Kontos geprüft."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:2007
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -6803,7 +6887,7 @@ msgstr ""
 "Zugriff erlaubt wird oder nicht."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1986
+#: sssd-ldap.5.xml:2013
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -6816,7 +6900,7 @@ msgstr ""
 "Zugriff gewährt wird. Falls diese Attribute fehlen, wird Zugriff erteilt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2022
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -6827,24 +6911,24 @@ msgstr ""
 "»ldap_account_expire_policy« funktioniert."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2035
 msgid "ldap_access_order (string)"
 msgstr "ldap_access_order (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2011
+#: sssd-ldap.5.xml:2038
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 "durch Kommata getrennte Liste von Zugriffssteuerungsoptionen. Folgende Werte "
 "sind erlaubt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2042
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr "<emphasis>filter</emphasis>: verwendet »ldap_access_filter«."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2045
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6854,14 +6938,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2028
+#: sssd-ldap.5.xml:2055
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2062
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6874,12 +6958,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2052
+#: sssd-ldap.5.xml:2079
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr "<emphasis>expire</emphasis>: verwendet »ldap_account_expire_policy«."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2056
+#: sssd-ldap.5.xml:2083
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -6889,7 +6973,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2093
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -6899,20 +6983,20 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2101
 msgid ""
 "Note If user password is expired no explicit message is prompted by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2105
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2083
+#: sssd-ldap.5.xml:2110
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
@@ -6921,19 +7005,38 @@ msgstr ""
 "»authorizedService«, um zu bestimmen, ob Zugriff gewährt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2115
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 "<emphasis>host</emphasis>: verwendet das Attribut »host«, um zu bestimmen, "
 "ob Zugriff gewährt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2092
+#: sssd-ldap.5.xml:2119
+#, fuzzy
+#| msgid ""
+#| "<emphasis>host</emphasis>: use the host attribute to determine access"
+msgid ""
+"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
+"remote host can access"
+msgstr ""
+"<emphasis>host</emphasis>: verwendet das Attribut »host«, um zu bestimmen, "
+"ob Zugriff gewährt wird."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2123
+msgid ""
+"Please note, rhost field in pam is set by application, it is better to check "
+"what the application sends to pam, before enabling this access control option"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2128
 msgid "Default: filter"
 msgstr "Voreinstellung: filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2095
+#: sssd-ldap.5.xml:2131
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
@@ -6942,12 +7045,12 @@ msgstr ""
 "mehr als einmal benutzt wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2102
+#: sssd-ldap.5.xml:2138
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2105
+#: sssd-ldap.5.xml:2141
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -6956,22 +7059,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2113
+#: sssd-ldap.5.xml:2149
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2152
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2122
+#: sssd-ldap.5.xml:2158
 msgid "ldap_deref (string)"
 msgstr "ldap_deref (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2125
+#: sssd-ldap.5.xml:2161
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
@@ -6980,12 +7083,12 @@ msgstr ""
 "folgenden Optionen sind erlaubt:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2130
+#: sssd-ldap.5.xml:2166
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr "<emphasis>never</emphasis>: Alias werden nie dereferenziert."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2134
+#: sssd-ldap.5.xml:2170
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
@@ -6995,7 +7098,7 @@ msgstr ""
 "Suche."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2139
+#: sssd-ldap.5.xml:2175
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
@@ -7004,7 +7107,7 @@ msgstr ""
 "der Suche dereferenziert."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2144
+#: sssd-ldap.5.xml:2180
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
@@ -7013,7 +7116,7 @@ msgstr ""
 "Orten des Basisobjekts der Suche dereferenziert."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2149
+#: sssd-ldap.5.xml:2185
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
@@ -7022,12 +7125,12 @@ msgstr ""
 "<emphasis>never</emphasis> gehandhabt.)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2157
+#: sssd-ldap.5.xml:2193
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr "ldap_rfc2307_fallback_to_local_users (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2196
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
@@ -7036,7 +7139,7 @@ msgstr ""
 "beizubehalten, die das Schema RFC2307 benutzen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2200
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -7054,7 +7157,7 @@ msgstr ""
 "getpw*() oder initgroups() abzurufen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2175
+#: sssd-ldap.5.xml:2211
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -7065,26 +7168,26 @@ msgstr ""
 "die lokalen Benutzer um zusätzliche LDAP-Gruppen erweitert werden."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2223 sssd-ifp.5.xml:136
 #, fuzzy
 #| msgid "ldap_opt_timeout (integer)"
-msgid "wildcart_limit (integer)"
+msgid "wildcard_limit (integer)"
 msgstr "ldap_opt_timeout (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2226
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2194
+#: sssd-ldap.5.xml:2230
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2234
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
@@ -7104,12 +7207,12 @@ msgstr ""
 "type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2244
 msgid "SUDO OPTIONS"
 msgstr "SUDO-OPTIONEN"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2210
+#: sssd-ldap.5.xml:2246
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -7120,52 +7223,52 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2221
+#: sssd-ldap.5.xml:2257
 msgid "ldap_sudorule_object_class (string)"
 msgstr "ldap_sudorule_object_class (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2260
 msgid "The object class of a sudo rule entry in LDAP."
 msgstr "die Objektklasse eines Sudo-Regeleintrags in LDAP"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2227
+#: sssd-ldap.5.xml:2263
 msgid "Default: sudoRole"
 msgstr "Voreinstellung: sudoRole"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2233
+#: sssd-ldap.5.xml:2269
 msgid "ldap_sudorule_name (string)"
 msgstr "ldap_sudorule_name (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2272
 msgid "The LDAP attribute that corresponds to the sudo rule name."
 msgstr "das LDAP-Attribut, das dem Namen der Sudo-Regel entspricht"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2246
+#: sssd-ldap.5.xml:2282
 msgid "ldap_sudorule_command (string)"
 msgstr "ldap_sudorule_command (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2249
+#: sssd-ldap.5.xml:2285
 msgid "The LDAP attribute that corresponds to the command name."
 msgstr "das LDAP-Attribut, das dem Namen des Befehls entspricht"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2253
+#: sssd-ldap.5.xml:2289
 msgid "Default: sudoCommand"
 msgstr "Voreinstellung: sudoCommand"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2259
+#: sssd-ldap.5.xml:2295
 msgid "ldap_sudorule_host (string)"
 msgstr "ldap_sudorule_host (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2262
+#: sssd-ldap.5.xml:2298
 msgid ""
 "The LDAP attribute that corresponds to the host name (or host IP address, "
 "host IP network, or host netgroup)"
@@ -7174,17 +7277,17 @@ msgstr ""
 "Netzwerk oder des Netzwerkgruppe des Rechners) entspricht"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2303
 msgid "Default: sudoHost"
 msgstr "Voreinstellung: sudoHost"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2273
+#: sssd-ldap.5.xml:2309
 msgid "ldap_sudorule_user (string)"
 msgstr "ldap_sudorule_user (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2276
+#: sssd-ldap.5.xml:2312
 msgid ""
 "The LDAP attribute that corresponds to the user name (or UID, group name or "
 "user's netgroup)"
@@ -7193,32 +7296,32 @@ msgstr ""
 "oder der Netzwerkgruppe des Benutzers) entspricht"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2316
 msgid "Default: sudoUser"
 msgstr "Voreinstellung: sudoUser"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2286
+#: sssd-ldap.5.xml:2322
 msgid "ldap_sudorule_option (string)"
 msgstr "ldap_sudorule_option (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2289
+#: sssd-ldap.5.xml:2325
 msgid "The LDAP attribute that corresponds to the sudo options."
 msgstr "das LDAP-Attribut, das den Sudo-Optionen entspricht"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2329
 msgid "Default: sudoOption"
 msgstr "Voreinstellung: sudoOption"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2335
 msgid "ldap_sudorule_runasuser (string)"
 msgstr "ldap_sudorule_runasuser (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2302
+#: sssd-ldap.5.xml:2338
 msgid ""
 "The LDAP attribute that corresponds to the user name that commands may be "
 "run as."
@@ -7227,17 +7330,17 @@ msgstr ""
 "ausgeführt werden können"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2306
+#: sssd-ldap.5.xml:2342
 msgid "Default: sudoRunAsUser"
 msgstr "Voreinstellung: sudoRunAsUser"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2312
+#: sssd-ldap.5.xml:2348
 msgid "ldap_sudorule_runasgroup (string)"
 msgstr "ldap_sudorule_runasgroup (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2351
 msgid ""
 "The LDAP attribute that corresponds to the group name or group GID that "
 "commands may be run as."
@@ -7246,17 +7349,17 @@ msgstr ""
 "worunter Befehle ausgeführt werden können"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2319
+#: sssd-ldap.5.xml:2355
 msgid "Default: sudoRunAsGroup"
 msgstr "Voreinstellung: sudoRunAsGroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2361
 msgid "ldap_sudorule_notbefore (string)"
 msgstr "ldap_sudorule_notbefore (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2328
+#: sssd-ldap.5.xml:2364
 msgid ""
 "The LDAP attribute that corresponds to the start date/time for when the sudo "
 "rule is valid."
@@ -7265,17 +7368,17 @@ msgstr ""
 "Sudo-Regel gültig wird."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2332
+#: sssd-ldap.5.xml:2368
 msgid "Default: sudoNotBefore"
 msgstr "Voreinstellung: sudoNotBefore"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2338
+#: sssd-ldap.5.xml:2374
 msgid "ldap_sudorule_notafter (string)"
 msgstr "ldap_sudorule_notafter (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2341
+#: sssd-ldap.5.xml:2377
 msgid ""
 "The LDAP attribute that corresponds to the expiration date/time, after which "
 "the sudo rule will no longer be valid."
@@ -7284,32 +7387,32 @@ msgstr ""
 "der die Sudo-Regel nicht länger gültig ist."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2346
+#: sssd-ldap.5.xml:2382
 msgid "Default: sudoNotAfter"
 msgstr "Voreinstellung: sudoNotAfter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2352
+#: sssd-ldap.5.xml:2388
 msgid "ldap_sudorule_order (string)"
 msgstr "ldap_sudorule_order (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2391
 msgid "The LDAP attribute that corresponds to the ordering index of the rule."
 msgstr "das LDAP-Attribut, das dem Reihenfolgenindex der Regel entspricht"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2359
+#: sssd-ldap.5.xml:2395
 msgid "Default: sudoOrder"
 msgstr "Voreinstellung: sudoOrder"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2365
+#: sssd-ldap.5.xml:2401
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr "ldap_sudo_full_refresh_interval (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2368
+#: sssd-ldap.5.xml:2404
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
@@ -7319,7 +7422,7 @@ msgstr ""
 "heruntergeladen werden)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2373
+#: sssd-ldap.5.xml:2409
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
@@ -7328,17 +7431,17 @@ msgstr ""
 "emphasis> sein."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2378
+#: sssd-ldap.5.xml:2414
 msgid "Default: 21600 (6 hours)"
 msgstr "Voreinstellung: 21600 (6 Stunden)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2420
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr "ldap_sudo_smart_refresh_interval (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387
+#: sssd-ldap.5.xml:2423
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest USN "
@@ -7349,7 +7452,7 @@ msgstr ""
 "höchste USN der zwischengespeicherten Regeln haben, heruntergeladen werden)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2429
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
@@ -7358,12 +7461,12 @@ msgstr ""
 "das Attribut »modifyTimestamp« benutzt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2403
+#: sssd-ldap.5.xml:2439
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr "ldap_sudo_use_host_filter (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2406
+#: sssd-ldap.5.xml:2442
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
@@ -7373,12 +7476,12 @@ msgstr ""
 "Netzwerkadressen und Rechnernamen)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2417
+#: sssd-ldap.5.xml:2453
 msgid "ldap_sudo_hostnames (string)"
 msgstr "ldap_sudo_hostnames (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2420
+#: sssd-ldap.5.xml:2456
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
@@ -7387,7 +7490,7 @@ msgstr ""
 "Domain-Namen, die zum Filtern der Regeln benutzt werden sollen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2425
+#: sssd-ldap.5.xml:2461
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
@@ -7396,8 +7499,8 @@ msgstr ""
 "voll qualifizierten Domain-Namen automatisch herauszufinden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2430 sssd-ldap.5.xml:2453 sssd-ldap.5.xml:2471
-#: sssd-ldap.5.xml:2489
+#: sssd-ldap.5.xml:2466 sssd-ldap.5.xml:2489 sssd-ldap.5.xml:2507
+#: sssd-ldap.5.xml:2525
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
@@ -7406,17 +7509,17 @@ msgstr ""
 "emphasis> ist, hat diese Option keine Auswirkungen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2435 sssd-ldap.5.xml:2458
+#: sssd-ldap.5.xml:2471 sssd-ldap.5.xml:2494
 msgid "Default: not specified"
 msgstr "Voreinstellung: nicht angegeben"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2477
 msgid "ldap_sudo_ip (string)"
 msgstr "ldap_sudo_ip (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2444
+#: sssd-ldap.5.xml:2480
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
@@ -7425,7 +7528,7 @@ msgstr ""
 "Netzwerkadressen, die zum Filtern der Regeln benutzt werden sollen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2449
+#: sssd-ldap.5.xml:2485
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
@@ -7434,12 +7537,12 @@ msgstr ""
 "herauszufinden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2464
+#: sssd-ldap.5.xml:2500
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr "ldap_sudo_include_netgroups (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2467
+#: sssd-ldap.5.xml:2503
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
@@ -7448,12 +7551,12 @@ msgstr ""
 "eine Netzgruppe im Attribut »sudoHost« enthält."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2482
+#: sssd-ldap.5.xml:2518
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr "ldap_sudo_include_regexp (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2485
+#: sssd-ldap.5.xml:2521
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
@@ -7462,7 +7565,7 @@ msgstr ""
 "einen Platzhalter im Attribut »sudoHost« enthält."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2501
+#: sssd-ldap.5.xml:2537
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -7475,93 +7578,87 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2547
 msgid "AUTOFS OPTIONS"
 msgstr "AUTOFS-OPTIONEN"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2513
+#: sssd-ldap.5.xml:2549
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2555
 msgid "ldap_autofs_map_master_name (string)"
 msgstr "ldap_autofs_map_master_name (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2522
+#: sssd-ldap.5.xml:2558
 msgid "The name of the automount master map in LDAP."
 msgstr "Der Name der Automount-Master-Abbildung in LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2525
+#: sssd-ldap.5.xml:2561
 msgid "Default: auto.master"
 msgstr "Voreinstellung: auto.master"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2532
+#: sssd-ldap.5.xml:2568
 msgid "ldap_autofs_map_object_class (string)"
 msgstr "ldap_autofs_map_object_class (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2535
+#: sssd-ldap.5.xml:2571
 msgid "The object class of an automount map entry in LDAP."
 msgstr "die Objektklasse eines Automount-Abbildungseintrags in LDAP"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2538
+#: sssd-ldap.5.xml:2574
 msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2546
+#: sssd-ldap.5.xml:2582
 msgid "ldap_autofs_map_name (string)"
 msgstr "ldap_autofs_map_name (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2549
+#: sssd-ldap.5.xml:2585
 msgid "The name of an automount map entry in LDAP."
 msgstr "der Name eines Automount-Abbildungseintrags in LDAP"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2552
+#: sssd-ldap.5.xml:2588
 msgid ""
 "Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2596
 msgid "ldap_autofs_entry_object_class (string)"
 msgstr "ldap_autofs_entry_object_class (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2563
-#, fuzzy
-#| msgid ""
-#| "The key of an automount entry in LDAP. The entry usually corresponds to a "
-#| "mount point."
+#: sssd-ldap.5.xml:2599
 msgid ""
 "The object class of an automount entry in LDAP. The entry usually "
 "corresponds to a mount point."
 msgstr ""
-"der Schlüssel eines Automount-Eintrags in LDAP. Normalerweise entspricht der "
-"Eintrag einem Einhängepunkt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2568
+#: sssd-ldap.5.xml:2604
 msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2576
+#: sssd-ldap.5.xml:2612
 msgid "ldap_autofs_entry_key (string)"
 msgstr "ldap_autofs_entry_key (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2579 sssd-ldap.5.xml:2594
+#: sssd-ldap.5.xml:2615 sssd-ldap.5.xml:2630
 msgid ""
 "The key of an automount entry in LDAP. The entry usually corresponds to a "
 "mount point."
@@ -7570,24 +7667,24 @@ msgstr ""
 "Eintrag einem Einhängepunkt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2583
+#: sssd-ldap.5.xml:2619
 msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2627
 msgid "ldap_autofs_entry_value (string)"
 msgstr "ldap_autofs_entry_value (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2598
+#: sssd-ldap.5.xml:2634
 msgid ""
 "Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
 "automountInformation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2517
+#: sssd-ldap.5.xml:2553
 msgid ""
 "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
 "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -7600,56 +7697,56 @@ msgstr ""
 "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2609
+#: sssd-ldap.5.xml:2645
 msgid "ADVANCED OPTIONS"
 msgstr "ERWEITERTE OPTIONEN"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2616
+#: sssd-ldap.5.xml:2652
 msgid "ldap_netgroup_search_base (string)"
 msgstr "ldap_netgroup_search_base (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2621
+#: sssd-ldap.5.xml:2657
 msgid "ldap_user_search_base (string)"
 msgstr "ldap_user_search_base (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2626
+#: sssd-ldap.5.xml:2662
 msgid "ldap_group_search_base (string)"
 msgstr "ldap_group_search_base (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2631
+#: sssd-ldap.5.xml:2667
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2633
+#: sssd-ldap.5.xml:2669
 msgid ""
-"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
+"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
 "memberships, even with no GID mapping. It is recommended to disable this "
 "feature, if group names are not being displayed correctly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2640
+#: sssd-ldap.5.xml:2676
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2642
+#: sssd-ldap.5.xml:2678
 msgid "ldap_sudo_search_base (string)"
 msgstr "ldap_sudo_search_base (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2647
+#: sssd-ldap.5.xml:2683
 msgid "ldap_autofs_search_base (string)"
 msgstr "ldap_autofs_search_base (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2611
+#: sssd-ldap.5.xml:2647
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -7657,8 +7754,15 @@ msgid ""
 "\"variablelist\" id=\"1\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2698 sssd-simple.5.xml:131 sssd-ipa.5.xml:717
+#: sssd-ad.5.xml:1018 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+msgid "EXAMPLE"
+msgstr "BEISPIEL"
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2664
+#: sssd-ldap.5.xml:2700
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -7669,7 +7773,7 @@ msgstr ""
 "gesetzt ist."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2670
+#: sssd-ldap.5.xml:2706
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7682,26 +7786,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2669 sssd-ldap.5.xml:2687 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:681 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 include/ldap_id_mapping.xml:105
+#: sssd-ldap.5.xml:2705 sssd-ldap.5.xml:2723 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2681
+#: sssd-ldap.5.xml:2717
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2683
+#: sssd-ldap.5.xml:2719
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2688
+#: sssd-ldap.5.xml:2724
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7717,13 +7822,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2703 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2739 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1041 sssd.8.xml:195 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "ANMERKUNGEN"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2705
+#: sssd-ldap.5.xml:2741
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -7910,10 +8015,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:166
-#, fuzzy
-#| msgid "<option>forward_pass</option>"
 msgid "<option>allow_missing_name</option>"
-msgstr "<option>forward_pass</option>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:170
@@ -7943,10 +8046,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:190
-#, fuzzy
-#| msgid "<option>retry=N</option>"
 msgid "<option>prompt_always</option>"
-msgstr "<option>retry=N</option>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:194
@@ -8099,17 +8200,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd_krb5_locator_plugin.8.xml:73
-#, fuzzy
-#| msgid ""
-#| "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-#| "debug messages will be sent to stderr."
 msgid ""
 "If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value "
 "the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the "
 "caller."
 msgstr ""
-"Falls die Umgebungsvariable SSSD_KRB5_LOCATOR_DEBUG auf irgendeinen Wert "
-"gesetzt ist, werden Debug-Nachrichten an »stderr« gesandt."
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-simple.5.xml:10 sssd-simple.5.xml:16
@@ -8352,9 +8447,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:45
 msgid ""
-"The rules are process by priority while the number '0' (zero)  indicates the "
-"highest priority. The higher the number the lower is the priority. A missing "
-"value indicates the lowest priority."
+"The rules are processed by priority while the number '0' (zero)  indicates "
+"the highest priority. The higher the number the lower is the priority. A "
+"missing value indicates the lowest priority."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
@@ -8438,7 +8533,7 @@ msgstr ""
 #: sss-certmap.5.xml:112
 msgid ""
 "This option can be used to specify which key usage values the certificate "
-"should have. The following value can be used in a comma separate list:"
+"should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
@@ -8791,22 +8886,14 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:66
-#, fuzzy
-#| msgid ""
-#| "The following expansions are supported: <placeholder type=\"variablelist"
-#| "\" id=\"0\"/>"
 msgid ""
 "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
-"Die folgenden Erweiterungen werden unterstützt: <placeholder type="
-"\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sss-certmap.5.xml:336
-#, fuzzy
-#| msgid "ID MAPPING"
 msgid "MAPPING RULE"
-msgstr "ID-ABBILDUNG"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:338
@@ -8823,7 +8910,7 @@ msgid ""
 "exception is the proxy provider which is not of relevance here). Because of "
 "this the mapping rule is based on LDAP search filter syntax with templates "
 "to add certificate content to the filter. It is expected that the filter "
-"will only contain the specific data needed for the mapping an that the "
+"will only contain the specific data needed for the mapping and that the "
 "caller will embed it in another filter to do the actual search. Because of "
 "this the filter string should start and stop with '(' and ')' respectively."
 msgstr ""
@@ -8843,8 +8930,8 @@ msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
 "is that the user specific data in LDAP might change for various reasons "
-"would would break the mapping. On the other hand it would be hard to break "
-"the mapping on purpose for a specific user."
+"would break the mapping. On the other hand it would be hard to break the "
+"mapping on purpose for a specific user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -8938,7 +9025,7 @@ msgstr ""
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
-"represent the first part of the principal before the '@' sign."
+"represents the first part of the principal before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -8956,8 +9043,8 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:459
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by pkinit. The 'short_name' component represent the first part of the "
+"This template will add the Kerberos principal which is given by the SAN used "
+"by pkinit. The 'short_name' component represents the first part of the "
 "principal before the '@' sign."
 msgstr ""
 
@@ -8976,9 +9063,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:473
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by AD. The 'short_name' component represent the first part of the "
-"principal before the '@' sign."
+"This template will add the Kerberos principal which is given by the SAN used "
+"by AD. The 'short_name' component represent the first part of the principal "
+"before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -8991,7 +9078,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
-"represent the first part of the address before the '@' sign."
+"represents the first part of the address before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -9011,7 +9098,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
-"component represent the first part of the name before the first '.' sign."
+"component represents the first part of the name before the first '.' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -9127,7 +9214,7 @@ msgstr ""
 #: sss-certmap.5.xml:367
 msgid ""
 "The templates to add certificate data to the search filter are based on "
-"Python-style formatting strings. They consists of a keyword in curly braces "
+"Python-style formatting strings. They consist of a keyword in curly braces "
 "with an optional sub-component specifier separated by a '.' or an optional "
 "conversion/formatting option separated by a '!'.  Allowed values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -9135,10 +9222,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sss-certmap.5.xml:590
-#, fuzzy
-#| msgid "DOMAIN SECTIONS"
 msgid "DOMAIN LIST"
-msgstr "DOMAIN-ABSCHNITTE"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:592
@@ -9189,14 +9274,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:43
-#, fuzzy
-#| msgid ""
-#| "The IPA provider accepts the same options used by the <citerefentry> "
-#| "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> identity provider and the <citerefentry> "
-#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> authentication provider with some exceptions described "
-#| "below."
 msgid ""
 "The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity "
@@ -9206,12 +9283,6 @@ msgid ""
 "options used by the sssd-ldap and sssd-krb5 providers with some exceptions. "
 "However, it is neither necessary nor recommended to set these options."
 msgstr ""
-"Der IPA-Anbieter akzeptiert dieselben Optionen, die vom Identitätsanbieter "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> und dem Authentifizierungsanbieter <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> benutzt werden, mit einigen nachfolgend beschriebenen "
-"Ausnahmen."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:57
@@ -9223,24 +9294,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:62
-#, fuzzy
-#| msgid ""
-#| "However, it is neither necessary nor recommended to set these options.  "
-#| "IPA provider can also be used as an access and chpass provider. As an "
-#| "access provider it uses HBAC (host-based access control) rules. Please "
-#| "refer to freeipa.org for more information about HBAC. No configuration of "
-#| "access provider is required on the client side."
 msgid ""
 "As an access provider, the IPA provider uses HBAC (host-based access "
 "control)  rules. Please refer to freeipa.org for more information about "
 "HBAC. No configuration of access provider is required on the client side."
 msgstr ""
-"Es ist jedoch weder nötig noch empfohlen, diese Optionen zu setzen. Der IPA-"
-"Anbieter kann außerdem als Zugriffs- und Chpass-Anbieter benutzt werden. Als "
-"Zugriffsanbieter verwendet er HBAC-Regeln (host-based access control/"
-"rechnerbasierte Zugriffssteuerung). Bitte wenden Sie sich an freeipa.org, um "
-"weitere Informationen über HBAC zu erhalten. Client-seitig ist keine "
-"Konfiguration des Zugriffsanbieters erforderlich."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:67
@@ -9296,28 +9354,26 @@ msgstr "ipa_hostname (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:113
+#, fuzzy
+#| msgid ""
+#| "Optional. May be set on machines where the hostname(5) does not reflect "
+#| "the fully qualified name used in the IPA domain to identify this host."
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
+"fully qualified name used in the IPA domain to identify this host.  The "
+"hostname must be fully qualified."
 msgstr ""
 "optional, kann auf Maschinen, bei denen »hostname(5)« nicht den voll "
 "qualifizierten Namen in der IPA-Domain widerspiegelt, benutzt werden, um sie "
 "zu identifizieren."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121 sssd-ad.5.xml:843
+#: sssd-ipa.5.xml:122 sssd-ad.5.xml:843
 msgid "dyndns_update (boolean)"
 msgstr "dyndns_update (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
-#, fuzzy
-#| msgid ""
-#| "Optional. This option tells SSSD to automatically update the DNS server "
-#| "built into FreeIPA v2 with the IP address of this client. The update is "
-#| "secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-#| "for the updates, if it is not otherwise specified by using the "
-#| "<quote>dyndns_iface</quote> option."
+#: sssd-ipa.5.xml:125
 msgid ""
 "Optional. This option tells SSSD to automatically update the DNS server "
 "built into FreeIPA with the IP address of this client. The update is secured "
@@ -9325,14 +9381,9 @@ msgid ""
 "updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
 "quote> option."
 msgstr ""
-"optional. Diese Option teilt SSSD mit, dass es den in FreeIPA v2 eingebauten "
-"DNS-Server mit der IP-Adresse dieses Clients aktualisieren soll. Die "
-"Aktualisierung wird mittels GSS-TSIG abgesichert. Für die Aktualisierungen "
-"wird die IP-Adresse der IPA-LDAP-Verbindung benutzt, falls in der Option "
-"»dyndns_iface« keine andere angegeben wurde."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:133 sssd-ad.5.xml:857
+#: sssd-ipa.5.xml:134 sssd-ad.5.xml:857
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -9342,7 +9393,7 @@ msgstr ""
 "funktioniert."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:139
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_update</"
@@ -9354,12 +9405,12 @@ msgstr ""
 "Konfigurationsdatei migrieren."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:150 sssd-ad.5.xml:868
+#: sssd-ipa.5.xml:151 sssd-ad.5.xml:868
 msgid "dyndns_ttl (integer)"
 msgstr "dyndns_ttl (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:153 sssd-ad.5.xml:871
+#: sssd-ipa.5.xml:154 sssd-ad.5.xml:871
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -9371,7 +9422,7 @@ msgstr ""
 "Administrator gesetzt wurde."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:159
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
@@ -9383,33 +9434,26 @@ msgstr ""
 "migrieren."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:164
+#: sssd-ipa.5.xml:165
 msgid "Default: 1200 (seconds)"
 msgstr "Voreinstellung: 1200 (Sekunden)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:170 sssd-ad.5.xml:882
+#: sssd-ipa.5.xml:171 sssd-ad.5.xml:882
 msgid "dyndns_iface (string)"
 msgstr "dyndns_iface (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173 sssd-ad.5.xml:885
-#, fuzzy
-#| msgid ""
-#| "Optional. Applicable only when dyndns_update is true. Choose the "
-#| "interface whose IP address should be used for dynamic DNS updates."
+#: sssd-ipa.5.xml:174 sssd-ad.5.xml:885
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
 "updates. Special value <quote>*</quote> implies that IPs from all interfaces "
 "should be used."
 msgstr ""
-"optional, nur anwendbar, wenn »dyndns_update« »true« ist. Wählen sie die "
-"Schnittstelle, deren IP-Adresse zum Aktualisieren des dynamischen DNS "
-"benutzt werden soll."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180
+#: sssd-ipa.5.xml:181
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -9421,28 +9465,24 @@ msgstr ""
 "Konfigurationsdatei migrieren."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:186
-#, fuzzy
-#| msgid "Default: Use the IP address of the IPA LDAP connection"
+#: sssd-ipa.5.xml:187
 msgid ""
 "Default: Use the IP addresses of the interface which is used for IPA LDAP "
 "connection"
-msgstr "Voreinstellung: verwendet die IP-Adresse der IPA-LDAP-Verbindung"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:190 sssd-ad.5.xml:896
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:896
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196 sssd-ad.5.xml:947
-#, fuzzy
-#| msgid "dyndns_iface (string)"
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:947
 msgid "dyndns_auth (string)"
-msgstr "dyndns_iface (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199 sssd-ad.5.xml:950
+#: sssd-ipa.5.xml:200 sssd-ad.5.xml:950
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -9450,24 +9490,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:205 sssd-ad.5.xml:956
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:956
 msgid "Default: GSS-TSIG"
-msgstr "Voreinstellung: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:212
 msgid "ipa_enable_dns_sites (boolean)"
 msgstr "ipa_enable_dns_sites (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:197
+#: sssd-ipa.5.xml:215 sssd-ad.5.xml:197
 msgid "Enables DNS sites - location based service discovery."
 msgstr "aktiviert DNS-Sites – standortbasierte Dienstsuche"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:218
+#: sssd-ipa.5.xml:219
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, then the SSSD will first attempt location "
@@ -9487,12 +9525,12 @@ msgstr ""
 "gefundenen als Sicherungsserver."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:237 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:238 sssd-ad.5.xml:902
 msgid "dyndns_refresh_interval (integer)"
 msgstr "dyndns_refresh_interval (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:240
+#: sssd-ipa.5.xml:241
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -9503,12 +9541,12 @@ msgstr ""
 "Diese Option ist optional und nur anwendbar, wenn »dyndns_update« »true« ist."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:920
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:920
 msgid "dyndns_update_ptr (bool)"
 msgstr "dyndns_update_ptr (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:923
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:923
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
@@ -9518,7 +9556,7 @@ msgstr ""
 "»dyndns_update« »true« ist"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:261
+#: sssd-ipa.5.xml:262
 msgid ""
 "This option should be False in most IPA deployments as the IPA server "
 "generates the PTR records automatically when forward records are changed."
@@ -9528,17 +9566,17 @@ msgstr ""
 "Weiterleitungsdatensätze ändern."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:268
 msgid "Default: False (disabled)"
 msgstr "Voreinstellung: False (deaktiviert)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273 sssd-ad.5.xml:934
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:934
 msgid "dyndns_force_tcp (bool)"
 msgstr "dyndns_force_tcp (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276 sssd-ad.5.xml:937
+#: sssd-ipa.5.xml:277 sssd-ad.5.xml:937
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
@@ -9547,77 +9585,92 @@ msgstr ""
 "DNS-Server verwenden soll"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:941
+#: sssd-ipa.5.xml:281 sssd-ad.5.xml:941
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr "Voreinstellung: False (lässt Nsupdate das Protokoll auswählen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:286 sssd-ad.5.xml:962
-#, fuzzy
-#| msgid "dyndns_iface (string)"
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:962
 msgid "dyndns_server (string)"
-msgstr "dyndns_iface (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:289 sssd-ad.5.xml:965
+#: sssd-ipa.5.xml:290 sssd-ad.5.xml:965
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:294 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:295 sssd-ad.5.xml:970
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:299 sssd-ad.5.xml:975
+#: sssd-ipa.5.xml:300 sssd-ad.5.xml:975
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:304 sssd-ad.5.xml:980
-#, fuzzy
-#| msgid "Default: False (let nsupdate choose the protocol)"
+#: sssd-ipa.5.xml:305 sssd-ad.5.xml:980
 msgid "Default: None (let nsupdate choose the server)"
-msgstr "Voreinstellung: False (lässt Nsupdate das Protokoll auswählen)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:310
-msgid "ipa_hbac_search_base (string)"
-msgstr "ipa_hbac_search_base (Zeichenkette)"
+#: sssd-ipa.5.xml:311
+#, fuzzy
+#| msgid "ipa_host_search_base (string)"
+msgid "ipa_deskprofile_search_base (string)"
+msgstr "ipa_host_search_base (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Optional. Use the given string as search base for HBAC related objects."
+#: sssd-ipa.5.xml:314
+#, fuzzy
+#| msgid ""
+#| "Optional. Use the given string as search base for HBAC related objects."
+msgid ""
+"Optional. Use the given string as search base for Desktop Profile related "
+"objects."
 msgstr ""
 "optional, verwendet die angegebene Zeichenkette als Suchgrundlage für HBAC-"
 "bezogene Objekte"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:317
+#: sssd-ipa.5.xml:318 sssd-ipa.5.xml:331
 msgid "Default: Use base DN"
 msgstr "Voreinstellung: verwendet Basis-DN"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:324
+msgid "ipa_hbac_search_base (string)"
+msgstr "ipa_hbac_search_base (Zeichenkette)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:327
+msgid "Optional. Use the given string as search base for HBAC related objects."
+msgstr ""
+"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für HBAC-"
+"bezogene Objekte"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:337
 msgid "ipa_host_search_base (string)"
 msgstr "ipa_host_search_base (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:326
+#: sssd-ipa.5.xml:340
 msgid "Optional. Use the given string as search base for host objects."
 msgstr ""
 "optional, verwendet die angegebene Zeichenkette als Suchgrundlage für "
 "Rechnerobjekte"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:330 sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 sssd-ipa.5.xml:387
-#: sssd-ipa.5.xml:406
+#: sssd-ipa.5.xml:344 sssd-ipa.5.xml:363 sssd-ipa.5.xml:382 sssd-ipa.5.xml:401
+#: sssd-ipa.5.xml:420
 msgid ""
 "See <quote>ldap_search_base</quote> for information about configuring "
 "multiple search bases."
@@ -9626,73 +9679,73 @@ msgstr ""
 "unter »ldap_search_base«."
 
 #. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:335 sssd-ipa.5.xml:354 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 include/ldap_search_bases.xml:27
 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 msgstr "Voreinstellung: der Wert von <emphasis>ldap_search_base</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:356
 msgid "ipa_selinux_search_base (string)"
 msgstr "ipa_selinux_search_base (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:345
+#: sssd-ipa.5.xml:359
 msgid "Optional. Use the given string as search base for SELinux user maps."
 msgstr ""
 "optional, verwendet die angegebene Zeichenkette als Suchgrundlage für "
 "SELinux-Benutzerabbildungen"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:375
 msgid "ipa_subdomains_search_base (string)"
 msgstr "ipa_subdomains_search_base (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364
+#: sssd-ipa.5.xml:378
 msgid "Optional. Use the given string as search base for trusted domains."
 msgstr ""
 "optional, verwendet die angegebene Zeichenkette als Suchgrundlage für "
 "vertrauenswürdige Domains"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:373
+#: sssd-ipa.5.xml:387
 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
 msgstr "Voreinstellung: der Wert von <emphasis>cn=trusts,%basedn</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:380
+#: sssd-ipa.5.xml:394
 msgid "ipa_master_domain_search_base (string)"
 msgstr "ipa_master_domain_search_base (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:383
+#: sssd-ipa.5.xml:397
 msgid "Optional. Use the given string as search base for master domain object."
 msgstr ""
 "optional, verwendet die angegebene Zeichenkette als Suchgrundlage für das "
 "Master-Domain-Objekt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:406
 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
 msgstr "Voreinstellung: der Wert von <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:399
+#: sssd-ipa.5.xml:413
 msgid "ipa_views_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:402
+#: sssd-ipa.5.xml:416
 msgid "Optional. Use the given string as search base for views containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:411
+#: sssd-ipa.5.xml:425
 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:435
 msgid ""
 "The name of the Kerberos realm. This is optional and defaults to the value "
 "of <quote>ipa_domain</quote>."
@@ -9701,7 +9754,7 @@ msgstr ""
 "Wert von »ipa_domain«."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:425
+#: sssd-ipa.5.xml:439
 msgid ""
 "The name of the Kerberos realm has a special meaning in IPA - it is "
 "converted into the base DN to use for performing LDAP operations."
@@ -9711,58 +9764,110 @@ msgstr ""
 "zu verwenden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:433 sssd-ad.5.xml:989
+#: sssd-ipa.5.xml:447 sssd-ad.5.xml:989
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:436 sssd-ad.5.xml:992
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:992
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:440 sssd-ad.5.xml:996
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:996
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:444 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1000
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:465
+#, fuzzy
+#| msgid "ipa_hbac_refresh (integer)"
+msgid "ipa_deskprofile_refresh (integer)"
 msgstr "ipa_hbac_refresh (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:468
+#, fuzzy
+#| msgid ""
+#| "The amount of time between lookups of the HBAC rules against the IPA "
+#| "server. This will reduce the latency and load on the IPA server if there "
+#| "are many access-control requests made in a short period."
 msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server. This will reduce the latency and load on the IPA server if there "
+"are many desktop profiles requests made in a short period."
 msgstr ""
 "die Zeit zwischen dem Abrufen der HBAC-Regeln beim IPA-Server. Dies wird die "
 "Wartezeit und Belastung des IPA-Servers verringern, falls dort viele "
 "Zugriffssteuerungsanfragen in einer kurzen Zeitspanne ankommen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ipa.5.xml:477 sssd-ad.5.xml:408
+#: sssd-ipa.5.xml:475 sssd-ipa.5.xml:505 sssd-ipa.5.xml:521 sssd-ad.5.xml:408
 msgid "Default: 5 (seconds)"
 msgstr "Voreinstellung: 5 (Sekunden)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:481
+#, fuzzy
+#| msgid "ldap_sudo_full_refresh_interval (integer)"
+msgid "ipa_deskprofile_request_interval (integer)"
+msgstr "ldap_sudo_full_refresh_interval (Ganzzahl)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:484
+#, fuzzy
+#| msgid ""
+#| "The amount of time between lookups of the HBAC rules against the IPA "
+#| "server. This will reduce the latency and load on the IPA server if there "
+#| "are many access-control requests made in a short period."
+msgid ""
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server in case the last request did not return any rule."
+msgstr ""
+"die Zeit zwischen dem Abrufen der HBAC-Regeln beim IPA-Server. Dies wird die "
+"Wartezeit und Belastung des IPA-Servers verringern, falls dort viele "
+"Zugriffssteuerungsanfragen in einer kurzen Zeitspanne ankommen."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:489
+#, fuzzy
+#| msgid "Default: 900 (15 minutes)"
+msgid "Default: 60 (minutes)"
+msgstr "Voreinstellung: 900 (15 Minuten)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:495
+msgid "ipa_hbac_refresh (integer)"
+msgstr "ipa_hbac_refresh (Ganzzahl)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:498
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+"die Zeit zwischen dem Abrufen der HBAC-Regeln beim IPA-Server. Dies wird die "
+"Wartezeit und Belastung des IPA-Servers verringern, falls dort viele "
+"Zugriffssteuerungsanfragen in einer kurzen Zeitspanne ankommen."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:511
 msgid "ipa_hbac_selinux (integer)"
 msgstr "ipa_hbac_selinux (Ganzzahl)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:470
+#: sssd-ipa.5.xml:514
 msgid ""
 "The amount of time between lookups of the SELinux maps against the IPA "
 "server. This will reduce the latency and load on the IPA server if there are "
@@ -9773,194 +9878,192 @@ msgstr ""
 "viele Benutzeranmeldeanfragen in einer kurzen Zeitspanne ankommen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:527
 msgid "ipa_server_mode (boolean)"
 msgstr "ipa_server_mode (Boolesch)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:486
+#: sssd-ipa.5.xml:530
 msgid ""
 "This option will be set by the IPA installer (ipa-server-install) "
 "automatically and denotes if SSSD is running on an IPA server or not."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:535
 msgid ""
 "On an IPA server SSSD will lookup users and groups from trusted domains "
 "directly while on a client it will ask an IPA server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:502
+#: sssd-ipa.5.xml:546
 msgid "ipa_automount_location (string)"
 msgstr "ipa_automount_location (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:505
+#: sssd-ipa.5.xml:549
 msgid "The automounter location this IPA client will be using"
 msgstr "der Ort des Automounters, den dieser IPA-Client benutzen wird"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508
+#: sssd-ipa.5.xml:552
 msgid "Default: The location named \"default\""
 msgstr "Voreinstellung: der Ort namens »default«"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:516
+#: sssd-ipa.5.xml:560
 msgid "VIEWS AND OVERRIDES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:525
+#: sssd-ipa.5.xml:569
 msgid "ipa_view_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:572
 msgid "Objectclass of the view container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:575
 msgid "Default: nsContainer"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:537
+#: sssd-ipa.5.xml:581
 msgid "ipa_view_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:540
+#: sssd-ipa.5.xml:584
 msgid "Name of the attribute holding the name of the view."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:550
-#, fuzzy
-#| msgid "ldap_service_object_class (string)"
+#: sssd-ipa.5.xml:594
 msgid "ipa_override_object_class (string)"
-msgstr "ldap_service_object_class (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:597
 msgid "Objectclass of the override objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:556
+#: sssd-ipa.5.xml:600
 msgid "Default: ipaOverrideAnchor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:606
 msgid "ipa_anchor_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:565
+#: sssd-ipa.5.xml:609
 msgid ""
 "Name of the attribute containing the reference to the original object in a "
 "remote domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:613
 msgid "Default: ipaAnchorUUID"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:619
 msgid "ipa_user_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:578
+#: sssd-ipa.5.xml:622
 msgid ""
 "Name of the objectclass for user overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:583
+#: sssd-ipa.5.xml:627
 msgid "User overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:586
+#: sssd-ipa.5.xml:630
 msgid "ldap_user_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:589
+#: sssd-ipa.5.xml:633
 msgid "ldap_user_uid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:592
+#: sssd-ipa.5.xml:636
 msgid "ldap_user_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:595
+#: sssd-ipa.5.xml:639
 msgid "ldap_user_gecos"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:598
+#: sssd-ipa.5.xml:642
 msgid "ldap_user_home_directory"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:601
+#: sssd-ipa.5.xml:645
 msgid "ldap_user_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:604
+#: sssd-ipa.5.xml:648
 msgid "ldap_user_ssh_public_key"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:653
 msgid "Default: ipaUserOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:615
+#: sssd-ipa.5.xml:659
 msgid "ipa_group_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:618
+#: sssd-ipa.5.xml:662
 msgid ""
 "Name of the objectclass for group overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:623
+#: sssd-ipa.5.xml:667
 msgid "Group overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:626
+#: sssd-ipa.5.xml:670
 msgid "ldap_group_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:629
+#: sssd-ipa.5.xml:673
 msgid "ldap_group_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
+#: sssd-ipa.5.xml:678
 msgid "Default: ipaGroupOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:518
+#: sssd-ipa.5.xml:562
 msgid ""
 "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
 "later version. Since all paths and objectclasses are fixed on the server "
@@ -9970,12 +10073,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:646
+#: sssd-ipa.5.xml:690
 msgid "SUBDOMAINS PROVIDER"
 msgstr "ANBIETER VON UNTER-DOMAINS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:692
 msgid ""
 "The IPA subdomains provider behaves slightly differently if it is configured "
 "explicitly or implicitly."
@@ -9984,7 +10087,7 @@ msgstr ""
 "ob er explizit oder implizit konfiguriert wurde."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:652
+#: sssd-ipa.5.xml:696
 msgid ""
 "If the option 'subdomains_provider = ipa' is found in the domain section of "
 "sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -9995,7 +10098,7 @@ msgstr ""
 "und alle Subdomain-Anfragen werden, falls nötig, an den IPA-Server gesandt."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:658
+#: sssd-ipa.5.xml:702
 msgid ""
 "If the option 'subdomains_provider' is not set in the domain section of sssd."
 "conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -10014,7 +10117,7 @@ msgstr ""
 "online gegangen ist, wird der Subdomain-Anbieter erneut aktiviert."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:675
+#: sssd-ipa.5.xml:719
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -10026,7 +10129,7 @@ msgstr ""
 "Optionen von IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:682
+#: sssd-ipa.5.xml:726
 #, no-wrap
 msgid ""
 "[domain/example.com]\n"
@@ -10062,11 +10165,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ad.5.xml:36
-#, fuzzy
-#| msgid ""
-#| "The AD provider is a back end used to connect to an Active Directory "
-#| "server. This provider requires that the machine be joined to the AD "
-#| "domain and a keytab is available."
 msgid ""
 "The AD provider is a back end used to connect to an Active Directory server. "
 "This provider requires that the machine be joined to the AD domain and a "
@@ -10074,9 +10172,6 @@ msgid ""
 "channel, SSL/TLS options should not be used with the AD provider and will be "
 "superceded by Kerberos usage."
 msgstr ""
-"Der AD-Anbieter ist ein Backend, das für die Verbindung zu einem Active-"
-"Directory-Server benutzt wird. Dieser Anbieter erfordert, dass die Maschine "
-"der AD-Domain beigetreten und eine Keytab verfügbar ist."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ad.5.xml:44
@@ -10090,31 +10185,15 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ad.5.xml:48
-#, fuzzy
-#| msgid ""
-#| "The AD provider is able to provide identity information and "
-#| "authentication for entities from trusted domains as well. Currently only "
-#| "trusted domains in the same forest are recognized."
 msgid ""
 "The AD provider can be used to get user information and authenticate users "
 "from trusted domains. Currently only trusted domains in the same forest are "
 "recognized. In addition servers from trusted domains are always auto-"
 "discovered."
 msgstr ""
-"Der AD-Anbieter stellt Identitätsinformationen bereit und ermöglicht die "
-"Authentifizierung für Einträge in vertrauenswürdigen Domains. Derzeit werden "
-"nur vertrauenswürdige Domains im gleichen Wald unterstützt."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ad.5.xml:54
-#, fuzzy
-#| msgid ""
-#| "The AD provider accepts the same options used by the <citerefentry> "
-#| "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> identity provider and the <citerefentry> "
-#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> authentication provider with some exceptions described "
-#| "below."
 msgid ""
 "The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity "
@@ -10125,11 +10204,6 @@ msgid ""
 "exceptions. However, it is neither necessary nor recommended to set these "
 "options."
 msgstr ""
-"Der AD-Anbieter akzeptiert dieselben Optionen, die vom Identitätsanbieter "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> und dem Authentifizierungsanbieter <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> benutzt werden, mit einigen unten beschriebenen Ausnahmen."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ad.5.xml:69
@@ -10141,20 +10215,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ad.5.xml:74
-#, fuzzy
-#| msgid ""
-#| "However, it is neither necessary nor recommended to set these options. "
-#| "The AD provider can also be used as an access, chpass and sudo provider. "
-#| "No configuration of the access provider is required on the client side."
 msgid ""
 "The AD provider can also be used as an access, chpass, sudo and autofs "
 "provider. No configuration of the access provider is required on the client "
 "side."
 msgstr ""
-"Allerdings ist es weder notwendig noch empfehlenswert, diese Optionen zu "
-"setzen. Der AD-Anbieter kann auch als Anbieter für »access«, »chpass« und "
-"»sudo« verwendet werden. Auf der Client-Seite ist keine Konfiguration des "
-"Zugriffs-Anbieters erforderlich."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sssd-ad.5.xml:85
@@ -10234,10 +10299,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:127
-#, fuzzy
-#| msgid "ad_domain (string)"
 msgid "ad_enabled_domains (string)"
-msgstr "ad_domain (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:130
@@ -10257,31 +10320,18 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:136
-#, fuzzy
-#| msgid ""
-#| "For proper operation, this option should be specified as the lower-case "
-#| "version of the long version of the Active Directory domain."
 msgid ""
 "For proper operation, this option must be specified in all lower-case and as "
 "the fully qualified domain name of the Active Directory domain. For example: "
 "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
-"Damit dies ordentlich funktioniert, sollte diese Option in der "
-"kleingeschriebenen Variante der langen Version der Active-Directory-Domain "
-"angegeben werden."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:144
-#, fuzzy
-#| msgid ""
-#| "The short domain name (also known as the NetBIOS or the flat name) is "
-#| "autodetected by the SSSD."
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) will be "
 "autodetected by SSSD."
 msgstr ""
-"Der kurze Domain-Name (auch als NetBIOS- oder flacher Name bekannt) wird von "
-"SSSD automatisch ermittelt."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:154
@@ -10290,23 +10340,11 @@ msgstr "ad_server, ad_backup_server (Zeichenkette)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:157
-#, fuzzy
-#| msgid ""
-#| "The comma-separated list of hostnames of the AD servers to which SSSD "
-#| "should connect in order of preference. For more information on failover "
-#| "and server redundancy, see the <quote>FAILOVER</quote> section.  This is "
-#| "optional if autodiscovery is enabled.  For more information on service "
-#| "discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
 msgid ""
 "The comma-separated list of hostnames of the AD servers to which SSSD should "
 "connect in order of preference. For more information on failover and server "
 "redundancy, see the <quote>FAILOVER</quote> section."
 msgstr ""
-"Die durch Kommata getrennte Liste von Rechnernamen der AD-Server in der "
-"Reihenfolge, in der sich SSSD mit ihnen verbinden soll. Weitere "
-"Informationen über Ausfallsicherung und Redundanz finden Sie im Abschnitt "
-"»AUSFALLSICHERUNG«. Falls automatisches Auffinden aktiviert ist, ist dies "
-"optional. Weitere Informationen finden Sie im Abschnitt »DIENSTSUCHE«."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:164
@@ -10454,17 +10492,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
 #: sssd-ad.5.xml:273
-#, fuzzy, no-wrap
-#| msgid ""
-#| "# apply filter on domain called dom1 only:\n"
-#| "dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
-#| "\n"
-#| "# apply filter on domain called dom2 only:\n"
-#| "DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
-#| "\n"
-#| "# apply filter on forest called EXAMPLE.COM only:\n"
-#| "FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
-#| "                        "
+#, no-wrap
 msgid ""
 "# apply filter on domain called dom1 only:\n"
 "dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
@@ -10479,15 +10507,6 @@ msgid ""
 "DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n"
 "                        "
 msgstr ""
-"# apply filter on domain called dom1 only:\n"
-"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
-"\n"
-"# apply filter on domain called dom2 only:\n"
-"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
-"\n"
-"# apply filter on forest called EXAMPLE.COM only:\n"
-"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
-"                        "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:292
@@ -11084,10 +11103,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:819
-#, fuzzy
-#| msgid "Default: 300"
 msgid "Default: 30 days"
-msgstr "Voreinstellung: 300"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:825
@@ -11098,18 +11115,16 @@ msgstr ""
 #: sssd-ad.5.xml:828
 msgid ""
 "This option should only be used to test the machine account renewal task. "
-"The option expect 2 integers seperated by a colon (':'). The first integer "
+"The option expects 2 integers separated by a colon (':'). The first integer "
 "defines the interval in seconds how often the task is run. The second "
-"specifies the inital timeout in seconds before the task is run for the first "
-"time after startup."
+"specifies the initial timeout in seconds before the task is run for the "
+"first time after startup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:837
-#, fuzzy
-#| msgid "Default: 86400 (24 hours)"
 msgid "Default: 86400:750 (24h and 15m)"
-msgstr "Voreinstellung: 86400 (24 Stunden)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:846
@@ -11136,20 +11151,13 @@ msgstr "Voreinstellung: 3600 (Sekunden)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:892
-#, fuzzy
-#| msgid "Default: Use the IP address of the AD LDAP connection"
 msgid ""
 "Default: Use the IP addresses of the interface which is used for AD LDAP "
 "connection"
-msgstr "Voreinstellung: verwendet die IP-Adresse der AD-LDAP-Verbindung"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:905
-#, fuzzy
-#| msgid ""
-#| "How often should the back end perform periodic DNS update in addition to "
-#| "the automatic update performed when the back end goes online.  This "
-#| "option is optional and applicable only when dyndns_update is true."
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -11157,9 +11165,6 @@ msgid ""
 "lowest possible value is 60 seconds in-case if value is provided less than "
 "60, parameter will assume lowest value only."
 msgstr ""
-"wie oft das Backend periodische DNS-Aktualisierungen zusätzlich zur "
-"automatisch beim Online-Gehen durchgeführten Aktualisierung vornehmen soll. "
-"Diese Option ist optional und nur anwendbar, wenn »dyndns_update« »true« ist."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:928 sss_rpcidmapd.5.xml:76
@@ -11243,8 +11248,8 @@ msgid ""
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
+#. type: Content of: <reference><refentry><refmeta><refentrytitle>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
 msgid "sssd-sudo"
 msgstr "sssd-sudo"
 
@@ -11405,11 +11410,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-sudo.5.xml:118
-#, fuzzy
-#| msgid ""
-#| "When the SSSD is configured to use IPA as the ID provider, the sudo "
-#| "provider is automatically enabled. The sudo search base is configured to "
-#| "use the compat tree (ou=sudoers,$DC)."
 msgid ""
 "When SSSD is configured to use IPA as the ID provider, the sudo provider is "
 "automatically enabled. The sudo search base is configured to use the IPA "
@@ -11417,9 +11417,6 @@ msgid ""
 "sssd.conf, this value will be used instead. The compat tree (ou=sudoers,"
 "$SUFFIX) is no longer required for IPA sudo functionality."
 msgstr ""
-"Wenn SSSD so konfiguriert ist, dass IPA als ID-Provider verwendet wird, dann "
-"ist der Sudo-Provider automatisch aktiviert. Die Sudo-Suchmaschine wird so "
-"konfiguriert, dass der compat-Baum verwendet wird (ou=sudoers,$DC)."
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-sudo.5.xml:128
@@ -11674,12 +11671,12 @@ msgid "Run in the foreground, don't become a daemon."
 msgstr "läuft im Vordergrund und wird kein Daemon."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117 sss_debuglevel.8.xml:42
+#: sssd.8.xml:117
 msgid "<option>-c</option>,<option>--config</option>"
 msgstr "<option>-c</option>,<option>--config</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121 sss_debuglevel.8.xml:46
+#: sssd.8.xml:121
 msgid ""
 "Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
 "conf</filename>. For reference on the config file syntax and options, "
@@ -11891,10 +11888,8 @@ msgstr "Voreinstellung: <filename>/etc/sssd/sssd.conf</filename>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_override.8.xml:10 sss_override.8.xml:15
-#, fuzzy
-#| msgid "sss_userdel"
 msgid "sss_override"
-msgstr "sss_userdel"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_override.8.xml:16
@@ -11903,19 +11898,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_override.8.xml:21
-#, fuzzy
-#| msgid ""
-#| "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-#| "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-#| "arg>"
 msgid ""
 "<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</"
 "replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
 "arg>"
 msgstr ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>Optionen</"
-"replaceable> </arg> <arg choice='plain'><replaceable>ANMELDUNG</"
-"replaceable></arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:32
@@ -11971,10 +11958,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:80
-#, fuzzy
-#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
 msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
-msgstr "<option>--delattr</option> <replaceable>ATTR_NAME_WERT</replaceable>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:85
@@ -11986,16 +11971,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:94
-#, fuzzy
-#| msgid ""
-#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-#| "replaceable>"
 msgid ""
 "<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
 "optional>"
 msgstr ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:99
@@ -12006,10 +11985,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:107
-#, fuzzy
-#| msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
 msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
-msgstr "<option>--setattr</option> <replaceable>ATTR_NAME_WERT</replaceable>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:112
@@ -12080,10 +12057,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:177
-#, fuzzy
-#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
 msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
-msgstr "<option>--delattr</option> <replaceable>ATTR_NAME_WERT</replaceable>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:182
@@ -12095,16 +12070,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:191
-#, fuzzy
-#| msgid ""
-#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-#| "replaceable>"
 msgid ""
 "<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
 "optional>"
 msgstr ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:196
@@ -12172,24 +12141,18 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sss_override.8.xml:261 sssctl.8.xml:50
-#, fuzzy
-#| msgid "SUDO OPTIONS"
 msgid "COMMON OPTIONS"
-msgstr "SUDO-OPTIONEN"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:263 sssctl.8.xml:52
-#, fuzzy
-#| msgid "This option is not available in IPA provider."
 msgid "Those options are available with all commands."
-msgstr "Diese Option ist für IPA-Anbieter nicht verfügbar."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:268 sssctl.8.xml:57
-#, fuzzy
-#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
 msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
-msgstr "<option>--delattr</option> <replaceable>ATTR_NAME_WERT</replaceable>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_useradd.8.xml:10 sss_useradd.8.xml:15
@@ -13457,20 +13420,12 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_cache.8.xml:31
-#, fuzzy
-#| msgid ""
-#| "<command>sss_cache</command> invalidates records in SSSD cache.  "
-#| "Invalidated records are forced to be reloaded from server as soon as "
-#| "related SSSD backend is online."
 msgid ""
 "<command>sss_cache</command> invalidates records in SSSD cache.  Invalidated "
 "records are forced to be reloaded from server as soon as related SSSD "
 "backend is online. Options that invalidate a single object only accept a "
 "single provided argument."
 msgstr ""
-"<command>sss_cache</command> annulliert Datensätze im SSSD-Zwischenspeicher. "
-"Annullierte Datensätze werden zwangsweise neu vom Server geladen, sobald das "
-"zugehörige SSSD-Backend online ist."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:43
@@ -13479,11 +13434,8 @@ msgstr "<option>-E</option>,<option>--everything</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:47
-#, fuzzy
-#| msgid "Invalidate all cached entries except for sudo rules."
 msgid "Invalidate all cached entries."
 msgstr ""
-"annulliert alle zwischengespeicherten Einträge mit Ausnahme von Sudo-Regeln."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:53
@@ -13649,44 +13601,27 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:186
-#, fuzzy
-#| msgid ""
-#| "<option>-g</option>,<option>--group</option> <replaceable>group</"
-#| "replaceable>"
 msgid ""
 "<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
 "replaceable>"
 msgstr ""
-"<option>-g</option>,<option>--group</option> <replaceable>Gruppe</"
-"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:191
-#, fuzzy
-#| msgid "Invalidate all cached entries except for sudo rules."
 msgid "Invalidate particular sudo rule."
 msgstr ""
-"annulliert alle zwischengespeicherten Einträge mit Ausnahme von Sudo-Regeln."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:197
-#, fuzzy
-#| msgid "<option>-R</option>,<option>--no-remove</option>"
 msgid "<option>-R</option>,<option>--sudo-rules</option>"
-msgstr "<option>-R</option>,<option>--no-remove</option>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:201
-#, fuzzy
-#| msgid ""
-#| "Invalidate all user records. This option overrides invalidation of "
-#| "specific user if it was also set."
 msgid ""
 "Invalidate all cached sudo rules. This option overrides invalidation of "
 "specific sudo rule if it was also set."
 msgstr ""
-"annulliert alle Benutzerdatensätze. Diese Option setzt das Annullieren "
-"bestimmter Benutzer außer Kraft, falls es ebenfalls gesetzt war."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:209
@@ -13709,7 +13644,9 @@ msgstr "sss_debuglevel"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_debuglevel.8.xml:16
-msgid "change debug level while SSSD is running"
+#, fuzzy
+#| msgid "change debug level while SSSD is running"
+msgid "[DEPRECATED] change debug level while SSSD is running"
 msgstr "ändert die Debug-Stufe, während SSSD ausgeführt wird."
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
@@ -13726,18 +13663,10 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_debuglevel.8.xml:32
 msgid ""
-"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
-"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
-"running."
+"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl "
+"debug-level command. Please refer to the <command>sssctl</command> man page "
+"for more information on sssctl usage."
 msgstr ""
-"<command>sss_debuglevel</command> ändert die Debug-Stufe des SSSD-"
-"Überwachungsmonitors und Anbieters auf <replaceable>NEUE_DEBUG_STUFE</"
-"replaceable> während SSSD ausgeführt wird."
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_debuglevel.8.xml:59
-msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
-msgstr "<replaceable>NEUE_DEBUG_STUFE</replaceable>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_seed.8.xml:10 sss_seed.8.xml:15
@@ -14206,7 +14135,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><title>
-#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:182 include/seealso.xml:2
+#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:180 include/seealso.xml:2
 msgid "SEE ALSO"
 msgstr "SIEHE AUCH"
 
@@ -14262,15 +14191,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_ssh_authorizedkeys.1.xml:41
-#, fuzzy
-#| msgid ""
-#| "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-#| "manvolnum></citerefentry> can be configured to use "
-#| "<command>sss_ssh_authorizedkeys</command> for public key user "
-#| "authentication if it is compiled with support for either "
-#| "<quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</quote> "
-#| "<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
-#| "manvolnum></citerefentry> options."
 msgid ""
 "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
 "citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
@@ -14279,13 +14199,6 @@ msgid ""
 "<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
 "manvolnum></citerefentry> man page for more details about this option."
 msgstr ""
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> kann so konfiguriert werden, dass es "
-"<command>sss_ssh_authorizedkeys</command> zur Authentifizierung mit "
-"öffentlichen Schlüsseln benutzt, falls es entweder mit Unterstützung für die "
-"Optionen »AuthorizedKeysCommand« oder »PubkeyAgent« der <citerefentry> "
-"<refentrytitle>sshd_config</refentrytitle> <manvolnum>5</manvolnum></"
-"citerefentry> kompiliert wurde."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sss_ssh_authorizedkeys.1.xml:59
@@ -14351,15 +14264,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_ssh_knownhostsproxy.1.xml:33
-#, fuzzy
-#| msgid ""
-#| "<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys "
-#| "for host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
-#| "known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> "
-#| "section of <citerefentry><refentrytitle>sshd</refentrytitle> "
-#| "<manvolnum>8</manvolnum></citerefentry> for more information)  <filename>/"
-#| "var/lib/sss/pubconf/known_hosts</filename> and estabilishes connection to "
-#| "the host."
 msgid ""
 "<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for "
 "host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
@@ -14368,13 +14272,6 @@ msgid ""
 "manvolnum></citerefentry> for more information)  <filename>/var/lib/sss/"
 "pubconf/known_hosts</filename> and establishes the connection to the host."
 msgstr ""
-"<command>sss_ssh_knownhostsproxy</command> beschafft öffentliche SSH-"
-"Schlüssel für den Rechner <replaceable>RECHNER</replaceable> und speichert "
-"sie in einer benutzerdefinierten OpenSSH-»known_hosts«-Datei (weitere "
-"Informationen finden Sie im Abschnitt »SSH_KNOWN_HOSTS-DATEIFORMAT« von "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry>) <filename>/var/lib/sss/pubconf/known_hosts</filename> und "
-"stellt eine Verbindung zum Rechner her."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_ssh_knownhostsproxy.1.xml:43
@@ -14438,14 +14335,12 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: idmap_sss.8.xml:10 idmap_sss.8.xml:15
-#, fuzzy
-#| msgid "pam_sss"
 msgid "idmap_sss"
-msgstr "pam_sss"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: idmap_sss.8.xml:16
-msgid "SSSSD's idmap_sss Backend for Winbind"
+msgid "SSSD's idmap_sss Backend for Winbind"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
@@ -14457,10 +14352,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: idmap_sss.8.xml:29
-#, fuzzy
-#| msgid "SUDO OPTIONS"
 msgid "IDMAP OPTIONS"
-msgstr "SUDO-OPTIONEN"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: idmap_sss.8.xml:33
@@ -14474,13 +14367,6 @@ msgid ""
 "authoritative."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><title>
-#: idmap_sss.8.xml:43
-#, fuzzy
-#| msgid "EXAMPLE"
-msgid "EXAMPLES"
-msgstr "BEISPIEL"
-
 #. type: Content of: <reference><refentry><refsect1><para>
 #: idmap_sss.8.xml:45
 msgid ""
@@ -14512,19 +14398,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sssctl.8.xml:21
-#, fuzzy
-#| msgid ""
-#| "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-#| "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-#| "arg>"
 msgid ""
 "<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</"
 "replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
 "arg>"
 msgstr ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>Optionen</"
-"replaceable> </arg> <arg choice='plain'><replaceable>ANMELDUNG</"
-"replaceable></arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssctl.8.xml:32
@@ -14546,28 +14424,16 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-files.5.xml:10 sssd-files.5.xml:16
-#, fuzzy
-#| msgid "sssd-simple"
 msgid "sssd-files"
-msgstr "sssd-simple"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-files.5.xml:17
-#, fuzzy
-#| msgid "SSSD Kerberos provider"
 msgid "SSSD files provider"
-msgstr "SSSD Kerberos-Anbieter"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:23
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the AD provider for "
-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry>.  For a detailed syntax reference, refer to "
-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> manual page."
 msgid ""
 "This manual page describes the files provider for <citerefentry> "
 "<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -14575,23 +14441,9 @@ msgid ""
 "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
-"Diese Handbuchseite beschreibt die Konfiguration des AD-Anbieters für "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>. Eine ausführliche Syntax-Referenz finden Sie im Abschnitt "
-"»DATEIFORMAT« der Handbuchseite <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:36
-#, fuzzy
-#| msgid ""
-#| "These options can be used to configure the sudo service.  The detailed "
-#| "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
-#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with "
-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry> are in the manual page <citerefentry> "
-#| "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry>."
 msgid ""
 "The files provider mirrors the content of the <citerefentry> "
 "<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -14602,22 +14454,9 @@ msgid ""
 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>."
 msgstr ""
-"Diese Optionen können zur Konfiguration des Sudo-Dienstes verwendet werden. "
-"Detaillierte Informationen zur Konfiguration von <citerefentry> "
-"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
-"zur Verwendung mit <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> finden Sie in der Handbuchseite zu "
-"<citerefentry> <refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:59
-#, fuzzy
-#| msgid ""
-#| "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> manual page for details on the configuration of an SSSD "
-#| "domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
 "The files provider has no specific options of its own, however, generic SSSD "
 "domain options can be set where applicable.  Refer to the section "
@@ -14625,25 +14464,13 @@ msgid ""
 "conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
 "for details on the configuration of an SSSD domain."
 msgstr ""
-"Einzelheiten über die Konfiguration einer SSSD-Domain finden Sie im "
-"Abschnitt »DOMAIN-ABSCHNITTE« der Handbuchseite <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>. <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:73
-#, fuzzy
-#| msgid ""
-#| "The following example assumes that SSSD is correctly configured and LDAP "
-#| "is set to one of the domains in the <replaceable>[domains]</replaceable> "
-#| "section."
 msgid ""
 "The following example assumes that SSSD is correctly configured and files is "
 "one of the domains in the <replaceable>[sssd]</replaceable> section."
 msgstr ""
-"Das folgende Beispiel geht davon aus, dass SSSD korrekt konfiguriert ist und "
-"LDAP auf eine der Domains im Abschnitt <replaceable>[domains]</replaceable> "
-"gesetzt ist."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sssd-files.5.xml:79
@@ -14655,28 +14482,16 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-secrets.5.xml:10 sssd-secrets.5.xml:16
-#, fuzzy
-#| msgid "sssd-simple"
 msgid "sssd-secrets"
-msgstr "sssd-simple"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-secrets.5.xml:17
-#, fuzzy
-#| msgid "SSSD InfoPipe responder"
 msgid "SSSD Secrets responder"
-msgstr "SSSD InfoPipe-Responder"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-secrets.5.xml:23
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the InfoPipe responder "
-#| "for <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry>.  For a detailed syntax reference, refer to "
-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> manual page."
 msgid ""
 "This manual page describes the configuration of the Secrets responder for "
 "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
@@ -14684,12 +14499,6 @@ msgid ""
 "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
-"Diese Handbuchseite beschreibt die Konfiguration des InfoPipe-Responders für "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>. Eine detaillierte Syntaxreferenz finden Sie im Abschnitt "
-"<quote>DATEIFORMAT</quote> in der Handbuchseite zu <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-secrets.5.xml:36
@@ -14723,20 +14532,61 @@ msgid ""
 "nested."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:69
+msgid "secrets"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:70
+msgid "secrets for general usage"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:73
+msgid "kcm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:75
+#, fuzzy
+#| msgid ""
+#| "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
+#| "<manvolnum>8</manvolnum> </citerefentry> to specify the default "
+#| "permissions on a newly created home directory."
+msgid ""
+"used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> service."
+msgstr ""
+"wird von <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> benutzt, um die "
+"Standardzugriffsrechte für ein neu erstelltes Home-Verzeichnis anzugeben."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:61
+msgid ""
+"Since the secrets responder can be used both externally to store general "
+"secrets, as described in the rest of this man page, but also internally by "
+"other SSSD components to store their secret material, some configuration "
+"options, like quotas can be configured per <quote>hive</quote> in a "
+"configuration subsection named after the hive. The currently supported hives "
+"are: <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:63
+#: sssd-secrets.5.xml:89
 msgid "USING THE SECRETS RESPONDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:65
+#: sssd-secrets.5.xml:91
 msgid ""
 "The UNIX socket the SSSD responder listens on is located at <filename>/var/"
 "run/secrets.socket</filename>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:84 sssd-kcm.8.xml:132
+#: sssd-secrets.5.xml:110
 #, no-wrap
 msgid ""
 "systemctl start sssd-secrets.socket\n"
@@ -14746,7 +14596,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:69
+#: sssd-secrets.5.xml:95
 msgid ""
 "The secrets responder is socket-activated by <citerefentry> "
 "<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </"
@@ -14761,12 +14611,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:96
-#, fuzzy
-#| msgid ""
-#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page for more details."
+#: sssd-secrets.5.xml:122
 msgid ""
 "The generic SSSD responder options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the secrets responder.  Please refer "
@@ -14774,24 +14619,28 @@ msgid ""
 "manvolnum> </citerefentry> manual page for a complete list. In addition, "
 "there are some secrets-specific options as well."
 msgstr ""
-"Weitere Einzelheiten finden Sie in der Handbuchseite <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> beim Parameter »dns_discovery_domain«."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:132
+msgid ""
+"The secrets responder is configured with a global <quote>[secrets]</quote> "
+"section and an optional per-user <quote>[secrets/users/$uid]</quote> section "
+"in <filename>sssd.conf</filename>. Please note that some options, notably as "
+"the provider type, can only be specified in the per-user subsections."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:107
-#, fuzzy
-#| msgid "id_provider (string)"
+#: sssd-secrets.5.xml:141
 msgid "provider (string)"
-msgstr "id_provider (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:120
+#: sssd-secrets.5.xml:157
 msgid "local"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:123
+#: sssd-secrets.5.xml:160
 msgid ""
 "The secrets are stored in a local database, encrypted at rest with a master "
 "key. The local provider does not have any additional config options at the "
@@ -14799,161 +14648,192 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:131
+#: sssd-secrets.5.xml:168
 msgid "proxy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:134
+#: sssd-secrets.5.xml:171
 msgid ""
 "The secrets responder forwards the requests to a Custodia server. The proxy "
 "provider supports several additional options (see below)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:110
+#: sssd-secrets.5.xml:144
 msgid ""
 "This option specifies where should the secrets be stored. The secrets "
-"responder can configure a per-user subsections that define which provider "
-"store the secrets for this particular user. The per-user subsections should "
-"contain all options for that user's provider. If a per-user section does not "
-"exist, the global settings from the secret responder's section are used.  "
-"The following providers are supported: <placeholder type=\"variablelist\" id="
-"\"0\"/>"
+"responder can configure a per-user subsections (e.g. <quote>[secrets/"
+"users/123]</quote> - see bottom of this manual page for a full example using "
+"Custodia for a particular user) that define which provider store the secrets "
+"for this particular user. The per-user subsections should contain all "
+"options for that user's provider. Please note that currently the global "
+"provider is always local, the proxy provider can only be specified in a per-"
+"user section. The following providers are supported: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:143
-#, fuzzy
-#| msgid "Default: ldap"
+#: sssd-secrets.5.xml:180
 msgid "Default: local"
-msgstr "Voreinstellung: ldap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:186
+msgid ""
+"The following options affect only the secrets <quote>hive</quote> and "
+"therefore should be set in a per-hive subsection. Setting the option to 0 "
+"means \"unlimited\"."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:148
-#, fuzzy
-#| msgid "ldap_group_nesting_level (integer)"
+#: sssd-secrets.5.xml:192
 msgid "containers_nest_level (integer)"
-msgstr "ldap_group_nesting_level (Ganzzahl)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:151
+#: sssd-secrets.5.xml:195
 msgid "This option specifies the maximum allowed number of nested containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:155
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-secrets.5.xml:199
 msgid "Default: 4"
-msgstr "Voreinstellung: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:160
-#, fuzzy
-#| msgid "timeout (integer)"
+#: sssd-secrets.5.xml:204
 msgid "max_secrets (integer)"
-msgstr "timeout (Ganzzahl)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:163
-msgid "This option specifies the maximum number of secrets that can be stored."
+#: sssd-secrets.5.xml:207
+msgid ""
+"This option specifies the maximum number of secrets that can be stored in "
+"the hive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:167
-#, fuzzy
-#| msgid "Default: 10"
-msgid "Default: 1024"
-msgstr "Voreinstellung: 10"
+#: sssd-secrets.5.xml:211
+msgid "Default: 1024 (secrets hive), 256 (kcm hive)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:172
+#: sssd-secrets.5.xml:216
 #, fuzzy
-#| msgid "ldap_page_size (integer)"
+#| msgid "pam_id_timeout (integer)"
+msgid "max_uid_secrets (integer)"
+msgstr "pam_id_timeout (Ganzzahl)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:219
+msgid ""
+"This option specifies the maximum number of secrets that can be stored per-"
+"UID in the hive."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:223
+msgid "Default: 256 (secrets hive), 64 (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:228
 msgid "max_payload_size (integer)"
-msgstr "ldap_page_size (Ganzzahl)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:175
+#: sssd-secrets.5.xml:231
 msgid ""
 "This option specifies the maximum payload size allowed for a secret payload "
 "in kilobytes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:179
-#, fuzzy
-#| msgid "Default: 1"
-msgid "Default: 16"
-msgstr "Voreinstellung: 1"
+#: sssd-secrets.5.xml:235
+msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-secrets.5.xml:244
+#, no-wrap
+msgid ""
+"[secrets/secrets]\n"
+"max_payload_size = 128\n"
+"\n"
+"[secrets/kcm]\n"
+"max_payload_size = 256\n"
+"            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:241
+msgid ""
+"For example, to adjust quotas differently for both the <quote>secrets</"
+"quote> and the <quote>kcm</quote> hives, configure the following: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:185
+#: sssd-secrets.5.xml:252
 msgid ""
 "The following options are only applicable for configurations that use the "
 "<quote>proxy</quote> provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:190
-#, fuzzy
-#| msgid "proxy_lib_name (string)"
+#: sssd-secrets.5.xml:257
 msgid "proxy_url (string)"
-msgstr "proxy_lib_name (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:193
+#: sssd-secrets.5.xml:260
 msgid ""
 "The URL the Custodia server is listening on. At the moment, http and https "
 "protocols are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:200
-#, fuzzy
-#| msgid "ldap[s]://&lt;host&gt;[:port]"
+#: sssd-secrets.5.xml:267
 msgid "http[s]://&lt;host&gt;[:port]"
-msgstr "ldap[s]://&lt;Rechner&gt;[:Port]"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:203
+#: sssd-secrets.5.xml:270
 msgid "Example: http://localhost:8080"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:208
-#, fuzzy
-#| msgid "auth_provider (string)"
+#: sssd-secrets.5.xml:275
 msgid "auth_type (string)"
-msgstr "auth_provider (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:211
+#: sssd-secrets.5.xml:278
 msgid ""
 "The method to use when authenticating to a Custodia server. The following "
 "authentication methods are supported:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:216
+#: sssd-secrets.5.xml:283
 msgid "basic_auth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:219
+#: sssd-secrets.5.xml:286
 msgid ""
 "Authenticate with a username and a password as set in the <quote>username</"
 "quote> and <quote>password</quote> options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:226
+#: sssd-secrets.5.xml:293
 msgid "header"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:229
+#: sssd-secrets.5.xml:296
 msgid ""
 "Authenticate with HTTP header value as defined in the "
 "<quote>auth_header_name</quote> and <quote>auth_header_value</quote> "
@@ -14961,14 +14841,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:240
-#, fuzzy
-#| msgid "ldap_user_name (string)"
+#: sssd-secrets.5.xml:307
 msgid "auth_header_name (string)"
-msgstr "ldap_user_name (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:243
+#: sssd-secrets.5.xml:310
 msgid ""
 "If set, the secrets responder would put a header with this name into the "
 "HTTP request with the value defined in the <quote>auth_header_value</quote> "
@@ -14976,95 +14854,81 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:248
+#: sssd-secrets.5.xml:315
 msgid "Example: MYSECRETNAME"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:253
-#, fuzzy
-#| msgid "ldap_autofs_entry_value (string)"
+#: sssd-secrets.5.xml:320
 msgid "auth_header_value (string)"
-msgstr "ldap_autofs_entry_value (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:256
+#: sssd-secrets.5.xml:323
 msgid ""
 "The value sssd-secrets would use for the <quote>auth_header_name</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:260
-#, fuzzy
-#| msgid "Example:"
+#: sssd-secrets.5.xml:327
 msgid "Example: mysecret"
-msgstr "Beispiel:"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:265
-#, fuzzy
-#| msgid "override_homedir (string)"
+#: sssd-secrets.5.xml:332
 msgid "forward_headers (list of strings)"
-msgstr "override_homedir (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:268
+#: sssd-secrets.5.xml:335
 msgid ""
 "The list of HTTP headers to forward to the Custodia server together with the "
 "request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:277
-#, fuzzy
-#| msgid "try_inotify (boolean)"
+#: sssd-secrets.5.xml:344
 msgid "verify_peer (boolean)"
-msgstr "try_inotify (Boolesch)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:280
+#: sssd-secrets.5.xml:347
 msgid ""
 "Whether peer's certificate should be verified and valid if HTTPS protocol is "
 "used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:289
-#, fuzzy
-#| msgid "try_inotify (boolean)"
+#: sssd-secrets.5.xml:356
 msgid "verify_host (boolean)"
-msgstr "try_inotify (Boolesch)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:292
+#: sssd-secrets.5.xml:359
 msgid ""
 "Whether peer's hostname must match with hostname in its certificate if HTTPS "
 "protocol is used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:302
-#, fuzzy
-#| msgid "ldap_sasl_authid (string)"
+#: sssd-secrets.5.xml:369
 msgid "capath (string)"
-msgstr "ldap_sasl_authid (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:305
+#: sssd-secrets.5.xml:372
 msgid ""
 "Path to directory containing stored certificate authority certificates. "
 "System default path is used if this option is not set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:315
-#, fuzzy
-#| msgid "ldap_tls_cacert (string)"
+#: sssd-secrets.5.xml:382
 msgid "cacert (string)"
-msgstr "ldap_tls_cacert (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:318
+#: sssd-secrets.5.xml:385
 msgid ""
 "Path to file containing server's certificate authority certificate. If this "
 "option is not set then the CA's certificate is looked up in <quote>capath</"
@@ -15072,14 +14936,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:328
-#, fuzzy
-#| msgid "ldap_tls_cert (string)"
+#: sssd-secrets.5.xml:395
 msgid "cert (string)"
-msgstr "ldap_tls_cert (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:331
+#: sssd-secrets.5.xml:398
 msgid ""
 "Path to file containing client's certificate if required by the server. This "
 "file may also contain private key or the private key may be in separate file "
@@ -15087,26 +14949,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:342
-#, fuzzy
-#| msgid "skel_dir (string)"
+#: sssd-secrets.5.xml:409
 msgid "key (string)"
-msgstr "skel_dir (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:345
-#, fuzzy
-#| msgid "Specifies the file that contains the client's key."
+#: sssd-secrets.5.xml:412
 msgid "Path to file containing client's private key."
-msgstr "gibt die Datei an, die den Schlüssel des Clients enthält."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:355
+#: sssd-secrets.5.xml:422
 msgid "USING THE REST API"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:357
+#: sssd-secrets.5.xml:424
 msgid ""
 "This section lists the available commands and includes examples using the "
 "<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> "
@@ -15121,19 +14979,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:374
+#: sssd-secrets.5.xml:441
 msgid "Listing secrets"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:377
+#: sssd-secrets.5.xml:444
 msgid ""
 "To list the available secrets, send a HTTP GET request with a trailing slash "
 "appended to the container path."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:383
+#: sssd-secrets.5.xml:450
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -15143,19 +15001,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:391
+#: sssd-secrets.5.xml:458
 msgid "Retrieving a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:394
+#: sssd-secrets.5.xml:461
 msgid ""
 "To read a value of a single secret, send a HTTP GET request without a "
 "trailing slash. The last portion of the URI is the name of the secret."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:401
+#: sssd-secrets.5.xml:468
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -15165,7 +15023,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:406
+#: sssd-secrets.5.xml:473
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -15175,21 +15033,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:399
-#, fuzzy
-#| msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
+#: sssd-secrets.5.xml:466
 msgid ""
 "Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
 "\"programlisting\" id=\"1\"/>"
-msgstr "Beispiel: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:414
+#: sssd-secrets.5.xml:481
 msgid "Setting a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:417
+#: sssd-secrets.5.xml:484
 msgid ""
 "To set a secret using the <quote>application/json</quote> type, send a HTTP "
 "PUT request with a JSON payload that includes type and value. The type "
@@ -15198,14 +15054,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:425
+#: sssd-secrets.5.xml:492
 msgid ""
 "The <quote>application/json</quote> type just sends the secret as the "
 "message payload."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:434
+#: sssd-secrets.5.xml:501
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -15216,7 +15072,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:440
+#: sssd-secrets.5.xml:507
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -15227,7 +15083,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:429
+#: sssd-secrets.5.xml:496
 msgid ""
 "The following example sets a secret named 'foo' to a value of 'foosecret' "
 "and a secret named 'bar' to a value of 'barsecret' using a different Content "
@@ -15236,12 +15092,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:449
+#: sssd-secrets.5.xml:516
 msgid "Creating a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:452
+#: sssd-secrets.5.xml:519
 msgid ""
 "Containers provide an additional namespace for this user's secrets. To "
 "create a container, send a HTTP POST request, whose URI ends with the "
@@ -15249,7 +15105,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:462
+#: sssd-secrets.5.xml:529
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -15259,20 +15115,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:459
-#, fuzzy
-#| msgid ""
-#| "The following expansions are supported: <placeholder type=\"variablelist"
-#| "\" id=\"0\"/>"
+#: sssd-secrets.5.xml:526
 msgid ""
 "The following example creates a container named 'mycontainer': <placeholder "
 "type=\"programlisting\" id=\"0\"/>"
 msgstr ""
-"Die folgenden Erweiterungen werden unterstützt: <placeholder type="
-"\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:471
+#: sssd-secrets.5.xml:538
 #, no-wrap
 msgid ""
 "http://localhost/secrets/mycontainer/mysecret\n"
@@ -15280,28 +15130,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:468
+#: sssd-secrets.5.xml:535
 msgid ""
 "To manipulate secrets under this container, just nest the secrets underneath "
 "the container path: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:477
-#, fuzzy
-#| msgid "delete a user account"
+#: sssd-secrets.5.xml:544
 msgid "Deleting a secret or a container"
-msgstr "löscht ein Benutzerkonto"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:480
+#: sssd-secrets.5.xml:547
 msgid ""
 "To delete a secret or a container, send a HTTP DELETE request with a path to "
 "the secret or the container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:486
+#: sssd-secrets.5.xml:553
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -15311,25 +15159,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:484
-#, fuzzy
-#| msgid ""
-#| "The following expansions are supported: <placeholder type=\"variablelist"
-#| "\" id=\"0\"/>"
+#: sssd-secrets.5.xml:551
 msgid ""
 "The following example deletes a secret named 'foo'.  <placeholder type="
 "\"programlisting\" id=\"0\"/>"
 msgstr ""
-"Die folgenden Erweiterungen werden unterstützt: <placeholder type="
-"\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:496
+#: sssd-secrets.5.xml:563
 msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:498
+#: sssd-secrets.5.xml:565
 msgid ""
 "For testing the proxy provider, you need to set up a Custodia server to "
 "proxy requests to. Please always consult the Custodia documentation, the "
@@ -15337,7 +15179,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:509
+#: sssd-secrets.5.xml:576
 #, no-wrap
 msgid ""
 "[global]\n"
@@ -15367,7 +15209,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:503
+#: sssd-secrets.5.xml:570
 msgid ""
 "This configuration will set up a Custodia server listening on http://"
 "localhost:8080, allowing anyone with header named MYSECRETNAME set to "
@@ -15377,14 +15219,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:535
+#: sssd-secrets.5.xml:602
 msgid ""
 "Then run the <replaceable>custodia</replaceable> command, pointing it at the "
 "config file as a command line argument."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:539
+#: sssd-secrets.5.xml:606
 msgid ""
 "Please note that currently it's not possible to proxy all requests globally "
 "to a Custodia instance. Instead, per-user subsections for user IDs that "
@@ -15395,7 +15237,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><programlisting>
-#: sssd-secrets.5.xml:547
+#: sssd-secrets.5.xml:614
 #, no-wrap
 msgid ""
 "[secrets]\n"
@@ -15410,18 +15252,98 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
+#: sssd-session-recording.5.xml:16
+msgid "sssd-session-recording"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-session-recording.5.xml:17
+#, fuzzy
+#| msgid "Configuring sudo to cooperate with SSSD"
+msgid "Configuring session recording with SSSD"
+msgstr "Sudo so konfigurieren, dass es mit SSSD zusammenarbeitet"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:23
+#, fuzzy
+#| msgid ""
+#| "This manual page describes the configuration of the simple access-control "
+#| "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
+#| "<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax "
+#| "reference, refer to the <quote>FILE FORMAT</quote> section of the "
+#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> manual page."
+msgid ""
+"This manual page describes how to configure <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to "
+"implement user session recording on text terminals.  For a detailed "
+"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> "
+"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+"Diese Handbuchseite beschreibt die Konfiguration des einfachen "
+"Zugriffssteuerungsanbieters für <citerefentry> <refentrytitle>sssd</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. Eine ausführliche "
+"Syntax-Referenz finden Sie im Abschnitt »DATEIFORMAT« der Handbuchseite "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:41
+msgid ""
+"SSSD can be set up to enable recording of everything specific users see or "
+"type during their sessions on text terminals. E.g.  when users log in on the "
+"console, or via SSH. SSSD itself doesn't record anything, but makes sure "
+"tlog-rec-session is started upon user login, so it can record according to "
+"its configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:48
+msgid ""
+"For users with session recording enabled, SSSD replaces the user shell with "
+"tlog-rec-session in NSS responses, and adds a variable specifying the "
+"original shell to the user environment, upon PAM session setup. This way "
+"tlog-rec-session can be started in place of the user shell, and know which "
+"actual shell to start, once it set up the recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:60
 #, fuzzy
-#| msgid "sssd-krb5"
+#| msgid "These options can be used to configure the PAC responder."
+msgid "These options can be used to configure the session recording."
+msgstr ""
+"Diese Optionen können zur Konfiguration des PAC-Responders verwendet werden."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:146
+msgid ""
+"The following snippet of sssd.conf enables session recording for users "
+"\"contractor1\" and \"contractor2\", and group \"students\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-session-recording.5.xml:151
+#, no-wrap
+msgid ""
+"[session_recording]\n"
+"scope = some\n"
+"users = contractor1, contractor2\n"
+"groups = students\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
 msgid "sssd-kcm"
-msgstr "sssd-krb5"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-kcm.8.xml:17
-#, fuzzy
-#| msgid "SSSD Kerberos provider"
 msgid "SSSD Kerberos Cache Manager"
-msgstr "SSSD Kerberos-Anbieter"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-kcm.8.xml:23
@@ -15474,21 +15396,12 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 #: sssd-kcm.8.xml:61
-#, fuzzy
-#| msgid ""
-#| "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> for more information on configuring Kerberos."
 msgid ""
 "the SSSD implementation stores the ccaches in the SSSD <citerefentry> "
 "<refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</manvolnum> </"
 "citerefentry> secrets store, allowing the ccaches to survive KCM server "
 "restarts or machine reboots."
 msgstr ""
-"»krb5« für Kerberos-Authentifizierung. Weitere Informationen über die "
-"Konfiguration von Kerberos finden Sie unter <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-kcm.8.xml:69
@@ -15514,13 +15427,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-kcm.8.xml:78
-#, fuzzy
-#| msgid ""
-#| "If the auth-module krb5 is used in an SSSD domain, the following options "
-#| "must be used. See the <citerefentry> <refentrytitle>sssd.conf</"
-#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, "
-#| "section <quote>DOMAIN SECTIONS</quote>, for details on the configuration "
-#| "of an SSSD domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
 "In order to use KCM credential cache, it must be selected as the default "
 "credential type in <citerefentry> <refentrytitle>krb5.conf</"
@@ -15528,22 +15434,9 @@ msgid ""
 "cache name must be only <quote>KCM:</quote> without any template "
 "expansions.  For example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
-"Falls das Authentifizierungsmodul Krb5 in einer SSSD-Domain benutzt wird, "
-"müssen die folgenden Optionen verwendet werden. Einzelheiten über die "
-"Konfiguration einer SSSD-Domain finden Sie im Abschnitt »DOMAIN-ABSCHNITTE« "
-"der Handbuchseite <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry>. <placeholder type=\"variablelist\" "
-"id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-kcm.8.xml:91
-#, fuzzy
-#| msgid ""
-#| "Specifies if the SSSD should instruct the Kerberos libraries what realm "
-#| "and which KDCs to use. This option is on by default, if you disable it, "
-#| "you need to configure the Kerberos library using the <citerefentry> "
-#| "<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> configuration file."
 msgid ""
 "Next, make sure the Kerberos client libraries and the KCM server must agree "
 "on the UNIX socket path. By default, both use the same path <replaceable>/"
@@ -15552,12 +15445,6 @@ msgid ""
 "the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</"
 "manvolnum> </citerefentry> manual page."
 msgstr ""
-"gibt an, ob SSSD die Kerberos-Bibliotheken anweisen soll, welcher Realm und "
-"welche Schlüsselverwaltungszentralen (KDCs) benutzt werden sollen. Diese "
-"Option ist standardmäßig eingeschaltet. Falls Sie sie ausschalten, müssen "
-"Sie die Kerberos-Bibliothek mittels der Konfigurationsdatei "
-"<citerefentry><refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> einrichten."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sssd-kcm.8.xml:113
@@ -15565,7 +15452,6 @@ msgstr ""
 msgid ""
 "systemctl start sssd-kcm.socket\n"
 "systemctl enable sssd-kcm.socket\n"
-"systemctl enable sssd-kcm.service\n"
 "            "
 msgstr ""
 
@@ -15582,12 +15468,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-kcm.8.xml:123
+#: sssd-kcm.8.xml:122
 msgid "THE CREDENTIAL CACHE STORAGE"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:131
+#, no-wrap
+msgid ""
+"systemctl start sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.socket\n"
+"            "
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:125
+#: sssd-kcm.8.xml:124
 msgid ""
 "The credential caches are stored in the SSSD secrets service (see "
 "<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
@@ -15598,15 +15493,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:143
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the simple access-control "
-#| "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-#| "<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax "
-#| "reference, refer to the <quote>FILE FORMAT</quote> section of the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page."
+#: sssd-kcm.8.xml:141
 msgid ""
 "The KCM service is configured in the <quote>kcm</quote> section of the sssd."
 "conf file. Please note that currently, is it not sufficient to restart the "
@@ -15617,20 +15504,9 @@ msgid ""
 "<quote>FILE FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd."
 "conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
-"Diese Handbuchseite beschreibt die Konfiguration des einfachen "
-"Zugriffssteuerungsanbieters für <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. Eine ausführliche "
-"Syntax-Referenz finden Sie im Abschnitt »DATEIFORMAT« der Handbuchseite "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:157
-#, fuzzy
-#| msgid ""
-#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page for more details."
+#: sssd-kcm.8.xml:155
 msgid ""
 "The generic SSSD service options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the kcm service.  Please refer to "
@@ -15638,46 +15514,426 @@ msgid ""
 "manvolnum> </citerefentry> manual page for a complete list. In addition, "
 "there are some KCM-specific options as well."
 msgstr ""
-"Weitere Einzelheiten finden Sie in der Handbuchseite <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> beim Parameter »dns_discovery_domain«."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-kcm.8.xml:168
-#, fuzzy
-#| msgid "skel_dir (string)"
+#: sssd-kcm.8.xml:166
 msgid "socket_path (string)"
-msgstr "skel_dir (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:171
+#: sssd-kcm.8.xml:169
 msgid "The socket the KCM service will listen on."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:174
+#: sssd-kcm.8.xml:172
 msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:184
-#, fuzzy
-#| msgid ""
-#| "This manual page describes how to configure <citerefentry> "
-#| "<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </"
-#| "citerefentry> to work with <citerefentry> <refentrytitle>sssd</"
-#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> and how SSSD "
-#| "caches sudo rules."
+#: sssd-kcm.8.xml:182
 msgid ""
 "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>,"
 msgstr ""
-"Diese Handbuchseite beschreibt, wie <citerefentry> <refentrytitle>sudo</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> konfiguriert wird, "
-"damit es zusammen mit <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> funktioniert und wie SSSD Sudo-"
-"Regeln zwischenspeichert."
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
+#, fuzzy
+#| msgid "sssd-simple"
+msgid "sssd-systemtap"
+msgstr "sssd-simple"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-systemtap.5.xml:17
+msgid "SSSD systemtap information"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:23
+#, fuzzy
+#| msgid ""
+#| "The detailed instructions for configuration of sudo_provider are in the "
+#| "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry>."
+msgid ""
+"This manual page provides information about the systemtap functionality in "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+"Detaillierte Anweisungen zur Konfiguration von sudo_provider finden Sie in "
+"der Handbuchseite zu <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:32
+msgid ""
+"SystemTap Probe points have been added into various locations in SSSD code "
+"to assist in troubleshooting and analyzing performance related issues."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:40
+msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:46
+msgid ""
+"Probes and miscellaneous functions are defined in /usr/share/systemtap/"
+"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp "
+"respectively."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-systemtap.5.xml:57
+msgid "PROBE POINTS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:341
+msgid ""
+"The information below lists the probe points and arguments available in the "
+"following format:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:64
+#, fuzzy
+#| msgid "realm name"
+msgid "probe $name"
+msgstr "Realm-Name"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:67
+msgid "Description of probe point"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:70
+#, no-wrap
+msgid ""
+"variable1:datatype\n"
+"variable2:datatype\n"
+"variable3:datatype\n"
+"...\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:80
+msgid "Database Transaction Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:84
+msgid "probe sssd_transaction_start"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:87
+msgid ""
+"Start of a sysdb transaction, probes the sysdb_transaction_start() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118
+#: sssd-systemtap.5.xml:131
+#, no-wrap
+msgid ""
+"nesting:integer\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:97
+msgid "probe sssd_transaction_cancel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:100
+msgid ""
+"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel()  "
+"function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:111
+msgid "probe sssd_transaction_commit_before"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:114
+msgid "Probes the sysdb_transaction_commit_before()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:124
+msgid "probe sssd_transaction_commit_after"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:127
+msgid "Probes the sysdb_transaction_commit_after()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:141
+msgid "LDAP Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:145
+msgid "probe sdap_search_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:148
+msgid "Probes the sdap_get_generic_ext_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:152 sssd-systemtap.5.xml:167 sssd-systemtap.5.xml:196
+#, no-wrap
+msgid ""
+"base:string\n"
+"scope:integer\n"
+"filter:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:160
+msgid "probe sdap_search_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:163
+msgid "Probes the sdap_get_generic_ext_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:175
+msgid "probe sdap_deref_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:178
+msgid "Probes the sdap_deref_search_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:182
+#, no-wrap
+msgid ""
+"base_dn:string\n"
+"deref_attr:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:189
+msgid "probe sdap_deref_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:192
+msgid "Probes the sdap_deref_search_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:208
+msgid "LDAP Account Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:212
+msgid "probe sdap_acct_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:215
+msgid "Probes the sdap_acct_req_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:219 sssd-systemtap.5.xml:234
+#, no-wrap
+msgid ""
+"entry_type:int\n"
+"filter_type:int\n"
+"filter_value:string\n"
+"extra_value:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:227
+msgid "probe sdap_acct_req_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:230
+msgid "Probes the sdap_acct_req_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:246
+msgid "LDAP User Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:250
+msgid "probe sdap_search_user_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:253
+msgid "Probes the sdap_search_user_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
+#: sssd-systemtap.5.xml:293
+#, fuzzy, no-wrap
+#| msgid ""
+#| "fallback_homedir = /home/%u\n"
+#| "                            "
+msgid ""
+"filter:string\n"
+"                       "
+msgstr ""
+"fallback_homedir = /home/%u\n"
+"                            "
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:262
+msgid "probe sdap_search_user_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:265
+msgid "Probes the sdap_search_user_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:274
+msgid "probe sdap_search_user_save_begin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:277
+msgid "Probes the sdap_search_user_save_begin()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:286
+msgid "probe sdap_search_user_save_end"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:289
+msgid "Probes the sdap_search_user_save_end()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:302
+msgid "Data Provider Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:306
+msgid "probe dp_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:309
+msgid "A Data Provider request is submitted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:312
+#, no-wrap
+msgid ""
+"dp_req_domain:string\n"
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:320
+msgid "probe dp_req_done"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:323
+msgid "A Data Provider request is completed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:326
+#, no-wrap
+msgid ""
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"dp_ret:int\n"
+"dp_errorstr:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:339
+msgid "MISCELLANEOUS FUNCTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:346
+msgid "function acct_req_desc(entry_type)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:349
+msgid "Convert entry_type to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:354
+msgid ""
+"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
+"filter_value, extra_value)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:358
+msgid "Create probe string based on filter type"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:363
+msgid "function dp_target_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:366
+msgid "Convert target to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:371
+msgid "function dp_method_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:374
+msgid "Convert method to string and return string"
+msgstr ""
 
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
@@ -15765,16 +16021,10 @@ msgstr ""
 
 #. type: Content of: <refentryinfo>
 #: include/upstream.xml:2
-#, fuzzy
-#| msgid ""
-#| "<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-#| "fedorahosted.org/sssd</orgname>"
 msgid ""
 "<productname>SSSD</productname> <orgname>The SSSD upstream - https://pagure."
 "io/SSSD/sssd/</orgname>"
 msgstr ""
-"<productname>SSSD</productname> <orgname>Die SSSD-Originalautoren – http://"
-"fedorahosted.org/sssd</orgname>"
 
 #. type: Content of: outside any tag (error?)
 #: include/upstream.xml:1
@@ -15883,6 +16133,83 @@ msgstr ""
 "Ganzes in den Offline-Modus und versucht dann alle 30 Sekunden, sich erneut "
 "zu verbinden."
 
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:53
+msgid "Failover time outs and tuning"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:55
+msgid ""
+"Resolving a server to connect to can be as simple as running a single DNS "
+"query or can involve several steps, such as finding the correct site or "
+"trying out multiple host names in case some of the configured servers are "
+"not reachable. The more complex scenarios can take some time and SSSD needs "
+"to balance between providing enough time to finish the resolution process "
+"but on the other hand, not trying for too long before falling back to "
+"offline mode. If the SSSD debug logs show that the server resolution is "
+"timing out before a live server is contacted, you can consider changing the "
+"time outs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:76
+#, fuzzy
+#| msgid "dns_resolver_timeout (integer)"
+msgid "dns_resolver_op_timeout"
+msgstr "dns_resolver_timeout (Ganzzahl)"
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:80
+msgid "How long would SSSD talk to a single DNS server."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:86
+#, fuzzy
+#| msgid "dns_resolver_timeout (integer)"
+msgid "dns_resolver_timeout"
+msgstr "dns_resolver_timeout (Ganzzahl)"
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:90
+msgid ""
+"How long would SSSD try to resolve a failover service. This service "
+"resolution internally might include several steps, such as resolving DNS SRV "
+"queries or locating the site."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:67
+#, fuzzy
+#| msgid ""
+#| "All of the common configuration options that apply to SSSD domains also "
+#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
+#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details.  "
+#| "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgid ""
+"This section lists the available tunables. Please refer to their description "
+"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, manual page.  <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+"Alle häufigen Konfigurationsoptionen, die für SSSD-Domains gelten, gelten "
+"auch für LDAP-Domains. Umfassende Einzelheiten finden Sie im Abschnitt "
+"»DOMAIN-ABSCHNITTE« der Handbuchseite <citerefentry> <refentrytitle>sssd."
+"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:100
+msgid ""
+"For LDAP-based providers, the resolve operation is performed as part of an "
+"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"quote> timeout should be set to a larger value than "
+"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
+"value than <quote>dns_resolver_op_timeout</quote>."
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/ldap_id_mapping.xml:2
 msgid "ID MAPPING"
@@ -16065,20 +16392,11 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/ldap_id_mapping.xml:111
-#, fuzzy
-#| msgid ""
-#| "The default configuration results in configuring 10,000 slices, each "
-#| "capable of holding up to 200,000 IDs, starting from 10,001 and going up "
-#| "to 2,000,100,000. This should be sufficient for most deployments."
 msgid ""
 "The default configuration results in configuring 10,000 slices, each capable "
 "of holding up to 200,000 IDs, starting from 200,000 and going up to "
 "2,000,200,000. This should be sufficient for most deployments."
 msgstr ""
-"Die Standardkonfiguration führt dazu, dass 10.000 Slices konfiguriert "
-"werden, von denen jeder in der Lage ist, 200.000 IDs zu beinhalten, "
-"beginnend bei 10.001 und endend bei 2.000.100.000. Dies sollte für die "
-"meisten Bereitstellungen ausreichen."
 
 #. type: Content of: <refsect1><refsect2><refsect3><title>
 #: include/ldap_id_mapping.xml:117
@@ -16183,20 +16501,12 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
 #: include/ldap_id_mapping.xml:179
-#, fuzzy
-#| msgid ""
-#| "For example, if your most recently-added Active Directory user has "
-#| "objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-#| "<quote>ldap_idmap_range_size</quote> must be at least 1107."
 msgid ""
 "For example, if your most recently-added Active Directory user has "
 "objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
 "<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
 "equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
 msgstr ""
-"Wenn beispielsweise der zuletzt hinzugefügte Active-Directory-Benutzer "
-"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107 hat, muss "
-"<quote>ldap_idmap_range_size</quote> mindestens 1107 sein."
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
 #: include/ldap_id_mapping.xml:186
@@ -16276,10 +16586,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
 #: include/ldap_id_mapping.xml:249
-#, fuzzy
-#| msgid "ldap_idmap_range_size (integer)"
 msgid "ldap_idmap_helper_table_size (integer)"
-msgstr "ldap_idmap_range_size (Ganzzahl)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
 #: include/ldap_id_mapping.xml:252
@@ -16456,19 +16764,11 @@ msgstr ""
 
 #. type: Content of: <listitem><para>
 #: include/debug_levels.xml:38 include/debug_levels_tools.xml:19
-#, fuzzy
-#| msgid ""
-#| "<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. "
-#| "An error that doesn't kill the SSSD, but one that indicates that at least "
-#| "one major feature is not going to work properly."
 msgid ""
 "<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
 "error that doesn't kill SSSD, but one that indicates that at least one major "
 "feature is not going to work properly."
 msgstr ""
-"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Kritische Fehler. Dies "
-"sind Fehler, die SSSD nicht gewaltsam beenden, aber mindestens eine "
-"Hauptfunktion nicht sauber arbeitet."
 
 #. type: Content of: <listitem><para>
 #: include/debug_levels.xml:45 include/debug_levels_tools.xml:26
@@ -16583,16 +16883,10 @@ msgstr "<emphasis>Voreinstellung</emphasis>: 0"
 
 #. type: Content of: outside any tag (error?)
 #: include/experimental.xml:1
-#, fuzzy
-#| msgid ""
-#| "<emphasis> This is an experimental feature, please use http://"
-#| "fedorahosted.org/sssd to report any issues.  </emphasis>"
 msgid ""
 "<emphasis> This is an experimental feature, please use https://pagure.io/"
 "SSSD/sssd/ to report any issues.  </emphasis>"
 msgstr ""
-"<emphasis> Dies ist eine experimentelle Funktionalität. Fehler können Sie "
-"auf http://fedorahosted.org/sssd melden.</emphasis>"
 
 #. type: Content of: <refsect1><title>
 #: include/local.xml:2
@@ -16645,34 +16939,37 @@ msgid ""
 "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> "
 "<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+"citerefentry>, </phrase> <citerefentry> <refentrytitle>sssd-session-"
+"recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, "
+"<citerefentry> <refentrytitle>sss_cache</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
-"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
+"\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
 "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>.  <citerefentry> "
 "<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
+"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
+"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> </phrase>"
 msgstr ""
 
 #. type: Content of: <listitem><para>
@@ -16860,10 +17157,8 @@ msgstr "Voreinstellung: /home"
 
 #. type: Content of: <refsect1><title>
 #: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2
-#, fuzzy
-#| msgid "GENERAL OPTIONS"
 msgid "MODIFIED DEFAULT OPTIONS"
-msgstr "ALLGEMEINE OPTIONEN"
+msgstr ""
 
 #. type: Content of: <refsect1><para>
 #: include/ad_modified_defaults.xml:4
@@ -16875,80 +17170,58 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9
-#, fuzzy
-#| msgid "SSSD IPA provider"
 msgid "KRB5 Provider"
-msgstr "SSSD IPA-Anbieter"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13
-#, fuzzy
-#| msgid "krb5_validate (boolean)"
 msgid "krb5_validate = true"
-msgstr "krb5_validate (Boolesch)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:18
-#, fuzzy
-#| msgid "krb5_use_enterprise_principal (boolean)"
 msgid "krb5_use_enterprise_principal = true"
-msgstr "krb5_use_enterprise_principal (Boolesch)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/ad_modified_defaults.xml:24
-#, fuzzy
-#| msgid "SSSD LDAP provider"
 msgid "LDAP Provider"
-msgstr "SSSD LDAP-Anbieter"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:28
-#, fuzzy
-#| msgid "ldap_schema (string)"
 msgid "ldap_schema = ad"
-msgstr "ldap_schema (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38
-#, fuzzy
-#| msgid "ldap_force_upper_case_realm (boolean)"
 msgid "ldap_force_upper_case_realm = true"
-msgstr "ldap_force_upper_case_realm (Boolesch)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:38
-#, fuzzy
-#| msgid "ldap_id_mapping (boolean)"
 msgid "ldap_id_mapping = true"
-msgstr "ldap_id_mapping (Boolesch)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:43
-#, fuzzy
-#| msgid "ldap_sasl_mech (string)"
 msgid "ldap_sasl_mech = gssapi"
-msgstr "ldap_sasl_mech (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:48
-#, fuzzy
-#| msgid "ldap_referrals (boolean)"
 msgid "ldap_referrals = false"
-msgstr "ldap_referrals (Boolesch)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:53
-#, fuzzy
-#| msgid "ldap_account_expire_policy (string)"
 msgid "ldap_account_expire_policy = ad"
-msgstr "ldap_account_expire_policy (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58
-#, fuzzy
-#| msgid "ldap_use_tokengroups"
 msgid "ldap_use_tokengroups = true"
-msgstr "ldap_use_tokengroups"
+msgstr ""
 
 #. type: Content of: <refsect1><para>
 #: include/ipa_modified_defaults.xml:4
@@ -16960,17 +17233,13 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:18
-#, fuzzy
-#| msgid "krb5_use_fast (string)"
 msgid "krb5_use_fast = try"
-msgstr "krb5_use_fast (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:23
-#, fuzzy
-#| msgid "krb5_canonicalize (boolean)"
 msgid "krb5_canonicalize = true"
-msgstr "krb5_canonicalize (Boolesch)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/ipa_modified_defaults.xml:29
@@ -16979,31 +17248,23 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:33
-#, fuzzy
-#| msgid "ldap_schema (string)"
 msgid "ldap_schema = ipa_v1"
-msgstr "ldap_schema (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:43
-#, fuzzy
-#| msgid "ldap_sasl_mech (string)"
 msgid "ldap_sasl_mech = GSSAPI"
-msgstr "ldap_sasl_mech (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:48
-#, fuzzy
-#| msgid "ldap_sasl_minssf (integer)"
 msgid "ldap_sasl_minssf = 56"
-msgstr "ldap_sasl_minssf (Ganzzahl)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:53
-#, fuzzy
-#| msgid "ldap_account_expire_policy (string)"
 msgid "ldap_account_expire_policy = ipa"
-msgstr "ldap_account_expire_policy (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/ipa_modified_defaults.xml:64
@@ -17012,10 +17273,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:68
-#, fuzzy
-#| msgid "ldap_user_member_of (string)"
 msgid "ldap_user_member_of = memberOf"
-msgstr "ldap_user_member_of (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:73
@@ -17024,169 +17283,57 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:78
-#, fuzzy
-#| msgid "ldap_user_ssh_public_key (string)"
 msgid "ldap_user_ssh_public_key = ipaSshPubKey"
-msgstr "ldap_user_ssh_public_key (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:83
 msgid "ldap_user_auth_type = ipaUserAuthType"
 msgstr ""
 
-#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:88
-msgid "ldap_user_certificate = userCertificate;binary"
-msgstr ""
-
 #. type: Content of: <refsect1><refsect2><title>
-#: include/ipa_modified_defaults.xml:94
+#: include/ipa_modified_defaults.xml:89
 msgid "LDAP Provider - Group options"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:98
-#, fuzzy
-#| msgid "ldap_group_object_class (string)"
+#: include/ipa_modified_defaults.xml:93
 msgid "ldap_group_object_class = ipaUserGroup"
-msgstr "ldap_group_object_class (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:103
-#, fuzzy
-#| msgid "ldap_group_object_class (string)"
+#: include/ipa_modified_defaults.xml:98
 msgid "ldap_group_object_class_alt = posixGroup"
-msgstr "ldap_group_object_class (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:108
-#, fuzzy
-#| msgid "ldap_group_member (string)"
+#: include/ipa_modified_defaults.xml:103
 msgid "ldap_group_member = member"
-msgstr "ldap_group_member (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:113
+#: include/ipa_modified_defaults.xml:108
 msgid "ldap_group_uuid = ipaUniqueID"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:118
-#, fuzzy
-#| msgid "ldap_group_objectsid (string)"
+#: include/ipa_modified_defaults.xml:113
 msgid "ldap_group_objectsid = ipaNTSecurityIdentifier"
-msgstr "ldap_group_objectsid (Zeichenkette)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:123
+#: include/ipa_modified_defaults.xml:118
 msgid "ldap_group_external_member = ipaExternalMember"
 msgstr ""
 
 #~ msgid ""
-#~ "Comma separated list of services that are started when sssd itself starts."
-#~ msgstr ""
-#~ "Durch Kommata getrennte Liste der Dienste, die beim Start von SSSD selbst "
-#~ "gestartet werden."
-
-#~ msgid "force_timeout (integer)"
-#~ msgstr "force_timeout (Ganzzahl)"
-
-#~ msgid ""
-#~ "If a service is not responding to ping checks (see the <quote>timeout</"
-#~ "quote> option), it is first sent the SIGTERM signal that instructs it to "
-#~ "quit gracefully.  If the service does not terminate after "
-#~ "<quote>force_timeout</quote> seconds, the monitor will forcibly shut it "
-#~ "down by sending a SIGKILL signal."
-#~ msgstr ""
-#~ "Falls ein Dienst nicht auf Ping-Prüfungen antwortet (siehe die Option "
-#~ "»timeout«), wird ihm zuerst das Signal SIGTERM gesendet, das ihn anweist "
-#~ "anstandslos zu enden. Falls der Dienst sich nicht nach »force_timeout« "
-#~ "Sekunden beendet, wird der Monitor sein Beenden durch Senden des Signals "
-#~ "SIGKILL erzwingen."
-
-#~ msgid "Default: uid"
-#~ msgstr "Voreinstellung: uid"
-
-#~ msgid ""
-#~ "Please note that the default values correspond to the default schema "
-#~ "which is RFC2307."
-#~ msgstr ""
-#~ "Bitte beachten Sie, dass die Standardwerte dem Standardschema RFC2307 "
-#~ "entsprechen. "
-
-#~ msgid "Default: automountMap"
-#~ msgstr "Voreinstellung: automountMap"
-
-#~ msgid "Default: ou"
-#~ msgstr "Voreinstellung: ou"
-
-#~ msgid "Default: automountInformation"
-#~ msgstr "Voreinstellung: automountInformation"
-
-#~ msgid ""
-#~ "Verify with the help of krb5_keytab that the TGT obtained has not been "
-#~ "spoofed."
-#~ msgstr ""
-#~ "prüft mit Hilfe von »krb5_keytab«, ob das erhaltene TGT keine Täuschung "
-#~ "ist."
-
-#~ msgid ""
-#~ "Note that this default differs from the traditional Kerberos provider "
-#~ "back end."
-#~ msgstr ""
-#~ "Beachten Sie, dass sich diese Voreinstellung vom traditionellen Backend "
-#~ "des Kerberos-Anbieters unterscheidet."
-
-#~ msgid ""
-#~ "Specifies if the host and user principal should be canonicalized when "
-#~ "connecting to IPA LDAP and also for AS requests. This feature is "
-#~ "available with MIT Kerberos >= 1.7"
+#~ "<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
+#~ "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
+#~ "running."
 #~ msgstr ""
-#~ "gibt an, ob der Rechner und User Principal beim Verbinden mit IPA-LDAP "
-#~ "und bei AS-Abfragen in die kanonische Form gebracht werden sollen. Diese "
-#~ "Funktionalität ist mit Kerberos >= 1.7 verfügbar."
+#~ "<command>sss_debuglevel</command> ändert die Debug-Stufe des SSSD-"
+#~ "Überwachungsmonitors und Anbieters auf <replaceable>NEUE_DEBUG_STUFE</"
+#~ "replaceable> während SSSD ausgeführt wird."
 
-#~ msgid "<emphasis>never</emphasis> use FAST."
-#~ msgstr "FAST wird <emphasis>nie</emphasis> verwendet."
-
-#~ msgid ""
-#~ "<emphasis>try</emphasis> to use FAST. If the server does not support "
-#~ "FAST, continue the authentication without it. This is equivalent to not "
-#~ "setting this option at all."
-#~ msgstr ""
-#~ "Es wird <emphasis>versucht</emphasis>, FAST zu verwenden. Sollte der "
-#~ "Server FAST nicht unterstützen, wird die Authentifizierung ohne FAST "
-#~ "fortgesetzt. Dies ist gleichbedeutend damit, dass diese Option überhaupt "
-#~ "nicht gesetzt wurde."
-
-#~ msgid "Default: try"
-#~ msgstr "Voreinstellung: try"
-
-#~ msgid "This option should only be set by the IPA installer."
-#~ msgstr "Diese Option sollte nur vom IPA-Installer gesetzt werden."
-
-#~ msgid ""
-#~ "The option denotes that the SSSD is running on IPA server and should "
-#~ "perform lookups of users and groups from trusted domains differently."
-#~ msgstr ""
-#~ "Die Option zeigt an, dass SSSD auf einem IPA-Server läuft und dass das "
-#~ "Nachschlagen von Benutzern und Gruppen von vertrauenswürdigen Domains "
-#~ "anders durchgeführt werden sollte."
-
-#~ msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-#~ msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-
-#~ msgid ""
-#~ "If <quote>PubkeyAgent</quote> is supported, "
-#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-#~ "manvolnum></citerefentry> can be configured to use it by using the "
-#~ "following directive for <citerefentry> <refentrytitle>sshd</"
-#~ "refentrytitle> <manvolnum>8</manvolnum></citerefentry> configuration: "
-#~ "<placeholder type=\"programlisting\" id=\"0\"/>"
-#~ msgstr ""
-#~ "Falls »PubkeyAgent« unterstützt wird, kann "
-#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-#~ "manvolnum></citerefentry> durch Setzen der folgenden Richtlinie in "
-#~ "<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
-#~ "manvolnum></citerefentry> zu seiner Verwendung konfiguriert werden: "
-#~ "<placeholder type=\"programlisting\" id=\"0\"/>"
+#~ msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+#~ msgstr "<replaceable>NEUE_DEBUG_STUFE</replaceable>"
diff --git a/src/man/po/es.po b/src/man/po/es.po
index 6a0d761f2..54d531d08 100644
--- a/src/man/po/es.po
+++ b/src/man/po/es.po
@@ -13,9 +13,9 @@
 # Daniel Cabrera <logan@fedoraproject.org>, 2011
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.12.90\n"
+"Project-Id-Version: sssd-docs 1.15.3\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2017-07-25 11:51+0200\n"
+"POT-Creation-Date: 2017-10-20 16:15+0200\n"
 "PO-Revision-Date: 2014-12-14 11:54-0500\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Spanish (http://www.transifex.com/projects/p/sssd/language/"
@@ -37,7 +37,8 @@ msgstr ""
 #: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
 #: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
 #: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5
-#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-kcm.8.xml:5
+#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-session-recording.5.xml:5
+#: sssd-kcm.8.xml:5 sssd-systemtap.5.xml:5
 msgid "SSSD Manual pages"
 msgstr "Páginas de manual de SSSD"
 
@@ -82,7 +83,8 @@ msgstr ""
 #: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31
 #: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
 #: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30
-#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-kcm.8.xml:21
+#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-session-recording.5.xml:21
+#: sssd-kcm.8.xml:21 sssd-systemtap.5.xml:21
 msgid "DESCRIPTION"
 msgstr "DESCRIPCION"
 
@@ -99,8 +101,8 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "OPCIONES"
 
@@ -151,7 +153,8 @@ msgstr "sssd.conf"
 #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
 #: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11
 #: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
-#: sssd-files.5.xml:11 sssd-secrets.5.xml:11
+#: sssd-files.5.xml:11 sssd-secrets.5.xml:11 sssd-session-recording.5.xml:11
+#: sssd-systemtap.5.xml:11
 msgid "5"
 msgstr "5"
 
@@ -159,7 +162,8 @@ msgstr "5"
 #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
 #: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12
 #: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
-#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-kcm.8.xml:12
+#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-session-recording.5.xml:12
+#: sssd-kcm.8.xml:12 sssd-systemtap.5.xml:12
 msgid "File Formats and Conventions"
 msgstr "Formatos de archivo y convenciones"
 
@@ -300,10 +304,8 @@ msgstr "debug_level (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:112
-#, fuzzy
-#| msgid "debug_level (integer)"
 msgid "debug (integer)"
-msgstr "debug_level (entero)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:115
@@ -327,11 +329,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:813
-#: sssd.conf.5.xml:1422 sssd-ldap.5.xml:1695 sssd-ldap.5.xml:1792
-#: sssd-ldap.5.xml:1854 sssd-ldap.5.xml:2411 sssd-ldap.5.xml:2476
-#: sssd-ldap.5.xml:2494 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:284 sssd-secrets.5.xml:297
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
+#: sssd.conf.5.xml:1467 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1881 sssd-ldap.5.xml:2447 sssd-ldap.5.xml:2512
+#: sssd-ldap.5.xml:2530 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
+#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr "Predeterminado: true"
 
@@ -348,17 +350,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:697
-#: sssd.conf.5.xml:1376 sssd.conf.5.xml:2691 sssd-ldap.5.xml:708
-#: sssd-ldap.5.xml:1569 sssd-ldap.5.xml:1588 sssd-ldap.5.xml:1764
-#: sssd-ldap.5.xml:2181 sssd-ipa.5.xml:144 sssd-ipa.5.xml:231
-#: sssd-ipa.5.xml:496 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
+#: sssd.conf.5.xml:1400 sssd.conf.5.xml:2865 sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:1596 sssd-ldap.5.xml:1615 sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:2217 sssd-ipa.5.xml:145 sssd-ipa.5.xml:232
+#: sssd-ipa.5.xml:540 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
 #: sssd-krb5.5.xml:471
 msgid "Default: false"
 msgstr "Predeterminado: false"
 
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2219
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2255
+#: sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:210
+#: sssd-systemtap.5.xml:248 sssd-systemtap.5.xml:304
 msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
 
@@ -374,21 +378,15 @@ msgstr "timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:162
-#, fuzzy
-#| msgid ""
-#| "Timeout in seconds between heartbeats for this service. This is used to "
-#| "ensure that the process is alive and capable of answering requests."
 msgid ""
 "Timeout in seconds between heartbeats for this service. This is used to "
 "ensure that the process is alive and capable of answering requests. Note "
 "that after three missed heartbeats the process will terminate itself."
 msgstr ""
-"Tiempo de espera en segundos entre latidos para este servicio. Esto se usa "
-"para asegurar que el proceso está vivo y capaz de responder peticiones."
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1328 sssd.conf.5.xml:2707
-#: sssd-ldap.5.xml:1440 include/ldap_id_mapping.xml:264
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1352 sssd.conf.5.xml:2881
+#: sssd-ldap.5.xml:1467 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr "Predeterminado: 10"
 
@@ -403,7 +401,7 @@ msgid "The [sssd] section"
 msgstr "La sección [sssd]"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:2796
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:2970
 msgid "Section parameters"
 msgstr "Parámetros de sección"
 
@@ -453,12 +451,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:589
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
 msgid "reconnection_retries (integer)"
 msgstr "reconnection_retries (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:592
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
@@ -467,7 +465,7 @@ msgstr ""
 "de datos del  proveedor, o de reiniciarse antes de abandonar"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:597
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
 msgid "Default: 3"
 msgstr "Predeterminado: 3"
 
@@ -487,7 +485,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2508
 msgid "re_expression (string)"
 msgstr "re_expression (cadena)"
 
@@ -502,27 +500,19 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:267
-#, fuzzy
-#| msgid ""
-#| "Each domain can have an individual regular expression configured. For "
-#| "some ID providers there are also default regular expressions.  See DOMAIN "
-#| "SECTIONS for more info on these regular expressions."
 msgid ""
 "Each domain can have an individual regular expression configured. For some "
 "ID providers there are also default regular expressions. See DOMAIN SECTIONS "
 "for more info on these regular expressions."
 msgstr ""
-"Cada dominio puede tener una expresión regular individual configurada. Para "
-"algunos proveedores de ID hay también expresiones regulares por defecto. Vea "
-"DOMAIN SECTIONS para más información sobre estas expresiones regulares."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2391
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2559
 msgid "full_name_format (string)"
 msgstr "full_name_format (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2394
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2562
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -530,39 +520,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2405
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2573
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2574
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2577
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2412
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2580
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2418
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2586
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2421
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2589
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2402
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2570
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -713,11 +703,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1132 sssd-ldap.5.xml:679
-#: sssd-ldap.5.xml:1528 sssd-ldap.5.xml:1540 sssd-ldap.5.xml:1622
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1156 sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:1555 sssd-ldap.5.xml:1567 sssd-ldap.5.xml:1649
 #: sssd-ad.5.xml:667 sssd-ad.5.xml:742 sssd-krb5.5.xml:410 sssd-krb5.5.xml:556
-#: sssd-secrets.5.xml:272 sssd-secrets.5.xml:310 sssd-secrets.5.xml:323
-#: sssd-secrets.5.xml:337 sssd-secrets.5.xml:348
+#: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
+#: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415
 #: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
 msgid "Default: not set"
 msgstr "Predeterminado: no definido"
@@ -753,10 +743,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:448
-#, fuzzy
-#| msgid "re_expression (string)"
 msgid "certificate_verification (string)"
-msgstr "re_expression (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:456
@@ -817,10 +805,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:497
-#, fuzzy
-#| msgid "These options can be used to configure the PAC responder."
 msgid "This option must be used together with ocsp_default_responder."
-msgstr "Estas opciones pueden ser usadas para configurar el respondedor PAC."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:451
@@ -837,17 +823,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:507
-#, fuzzy
-#| msgid "Default: not set, i.e. service discovery is disabled"
 msgid "Default: not set, i.e. do not restrict certificate verification"
-msgstr "Por defecto: no fijado, esto es servicio descubridor deshabilitado."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:513
-#, fuzzy
-#| msgid "ldap_disable_paging (boolean)"
 msgid "disable_netlink (boolean)"
-msgstr "ldap_disable_paging (booleano)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:516
@@ -870,10 +852,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:531
-#, fuzzy
-#| msgid "ldap_id_mapping (boolean)"
 msgid "enable_files_domain (boolean)"
-msgstr "ldap_id_mapping (booleano)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:534
@@ -898,8 +878,24 @@ msgid ""
 "be looked up in a random order for each parent domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:563
+msgid ""
+"Please, note that when this option is set the output format of all commands "
+"is always fully-qualified even when using short names for input.  In case "
+"the administrator wants the output not fully-qualified, the full_name_format "
+"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
+"However, keep in mind that during login, login applications often "
+"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
+"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
+"shortname is returned for a qualified input (while trying to reach a user "
+"which exists in multiple domains) might re-route the login attempt into the "
+"domain which users shortnames, making this workaround totally not "
+"recommended in cases where usernames may overlap between domains."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563 sssd.conf.5.xml:1340 sssd.conf.5.xml:2757
+#: sssd.conf.5.xml:587 sssd.conf.5.xml:1364 sssd.conf.5.xml:2931
 #: sssd-ad.5.xml:148 sssd-ad.5.xml:286 sssd-ad.5.xml:300
 msgid "Default: Not set"
 msgstr ""
@@ -922,12 +918,12 @@ msgstr ""
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:574
+#: sssd.conf.5.xml:598
 msgid "SERVICES SECTIONS"
 msgstr "SECCIONES DE SERVICIOS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:600
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -940,22 +936,22 @@ msgstr ""
 "<quote>[nss]</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:607
 msgid "General service configuration options"
 msgstr "Opciones de configuración de servicios generales"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:609
 msgid "These options can be used to configure any service."
 msgstr "Estas opciones pueden usarse para configurar cualquier servicio."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:626
 msgid "fd_limit"
 msgstr "fd_limit"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:605
+#: sssd.conf.5.xml:629
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -970,22 +966,17 @@ msgstr ""
 "valor más bajo de este o de limite “hard” en limits.conf."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:614
+#: sssd.conf.5.xml:638
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr "Por defecto: 8192 (o limite “hard” en limits.conf)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:643
 msgid "client_idle_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
-#, fuzzy
-#| msgid ""
-#| "This option specifies the number of seconds that a client of an SSSD "
-#| "process can hold onto a file descriptor without communicating on it. This "
-#| "value is limited in order to avoid resource exhaustion on the system."
+#: sssd.conf.5.xml:646
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -993,24 +984,20 @@ msgid ""
 "can't be shorter than 10 seconds. If a lower value is configured, it will be "
 "adjusted to 10 seconds."
 msgstr ""
-"Esta opción especifica el número de segundos que un cliente de un proceso "
-"SSSD puede retener un desciptor de fichero sin comunicarlo. Este valor está "
-"limitado con el objetivo de evitar un agotamiento de los recursos del "
-"sistema."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:631 sssd.conf.5.xml:663 sssd.conf.5.xml:944
-#: sssd.conf.5.xml:1198 sssd-ldap.5.xml:1267
+#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
+#: sssd.conf.5.xml:1222 sssd-ldap.5.xml:1294
 msgid "Default: 60"
 msgstr "Predeterminado: 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:660
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:663
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -1018,24 +1005,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:670
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:673
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:678
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:681
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -1043,14 +1030,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:668
-#, fuzzy
-#| msgid "client_idle_timeout"
+#: sssd.conf.5.xml:692
 msgid "responder_idle_timeout"
-msgstr "client_idle_timeout"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:695
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1062,30 +1047,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685 sssd.conf.5.xml:956 sssd.conf.5.xml:1514
+#: sssd.conf.5.xml:709 sssd.conf.5.xml:980 sssd.conf.5.xml:1559
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr "Predeterminado: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:690
+#: sssd.conf.5.xml:714
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:717
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:729
 msgid "NSS configuration options"
 msgstr "Opciones de configuración de NSS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:731
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
@@ -1093,12 +1078,12 @@ msgstr ""
 "Switch (NSS)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:712
+#: sssd.conf.5.xml:736
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715
+#: sssd.conf.5.xml:739
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
@@ -1107,17 +1092,17 @@ msgstr ""
 "sobre todos los usuarios)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:719
+#: sssd.conf.5.xml:743
 msgid "Default: 120"
 msgstr "Predeterminado: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:748
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr "entry_cache_nowait_percentage (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
+#: sssd.conf.5.xml:751
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1128,7 +1113,7 @@ msgstr ""
 "valor de entry_cache_timeout para el dominio."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:733
+#: sssd.conf.5.xml:757
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1144,7 +1129,7 @@ msgstr ""
 "actualización del cache."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:767
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1157,17 +1142,17 @@ msgstr ""
 "segundos. (0 deshabilita esta función)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:775 sssd.conf.5.xml:1421
 msgid "Default: 50"
 msgstr "Predeterminado: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:780
 msgid "entry_negative_timeout (integer)"
 msgstr "entry_negative_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:783
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1178,63 +1163,43 @@ msgstr ""
 "entradas no existentes) antes de preguntar al punto final otra vez."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:765 sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:789 sssd.conf.5.xml:1445
 msgid "Default: 15"
 msgstr "Predeterminado: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:770
-#, fuzzy
-#| msgid "autofs_negative_timeout (integer)"
+#: sssd.conf.5.xml:794
 msgid "local_negative_timeout (integer)"
-msgstr "autofs_negative_timeout (entero)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:773
-#, fuzzy
-#| msgid ""
-#| "Specifies for how many seconds nss_sss should cache negative cache hits "
-#| "(that is, queries for invalid database entries, like nonexistent ones)  "
-#| "before asking the back end again."
+#: sssd.conf.5.xml:797
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again."
 msgstr ""
-"Especifica por cuantos segundos nss_sss escondería golpes negativos al cache "
-"(esto es, consultas para entradas no válidas a la base de datos, como "
-"entradas no existentes) antes de preguntar al punto final otra vez."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778 sssd.conf.5.xml:1186 sssd.conf.5.xml:2641 sssd.8.xml:79
+#: sssd.conf.5.xml:802 sssd.conf.5.xml:1210 sssd.conf.5.xml:2815 sssd.8.xml:79
 msgid "Default: 0"
 msgstr "Predeterminado: 0"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:807
 msgid "filter_users, filter_groups (string)"
 msgstr "filter_users, filter_groups (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:786
-#, fuzzy
-#| msgid ""
-#| "Exclude certain users from being fetched from the sss NSS database. This "
-#| "is particularly useful for system accounts. This option can also be set "
-#| "per-domain or include fully-qualified names to filter only users from the "
-#| "particular domain."
+#: sssd.conf.5.xml:810
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
 "also be set per-domain or include fully-qualified names to filter only users "
 "from the particular domain."
 msgstr ""
-"Excluye ciertos usuarios de ser exagerados por la base de datos sss NSS. "
-"Esto es particularmente útil para cuentas de sistema. Esta opción puede ser "
-"también fijada por dominio o incluir nombres totalmente cualificados para "
-"filtrar sólo usuario de un dominio concreto."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:817
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1243,17 +1208,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:801
+#: sssd.conf.5.xml:825
 msgid "Default: root"
 msgstr "Predeterminado: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:830
 msgid "filter_users_in_groups (bool)"
 msgstr "filter_users_in_groups (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:833
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
@@ -1261,12 +1226,12 @@ msgstr ""
 "opción a false."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:820
+#: sssd.conf.5.xml:844
 msgid "fallback_homedir (string)"
 msgstr "fallback_homedir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:847
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
@@ -1275,7 +1240,7 @@ msgstr ""
 "especificado una explícitamente por el proveedor de datos del dominio."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:852
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
@@ -1283,7 +1248,7 @@ msgstr ""
 "override_homedir."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:834
+#: sssd.conf.5.xml:858
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1293,24 +1258,24 @@ msgstr ""
 "                            "
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1265 sssd.conf.5.xml:1284
+#: sssd.conf.5.xml:856 sssd.conf.5.xml:1289 sssd.conf.5.xml:1308
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "ejemplo: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:862
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 "Por defecto: no fijado (sin sustitución para los directorios home no fijados)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:868
 msgid "override_shell (string)"
 msgstr "override_shell (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:871
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1318,17 +1283,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:877
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr "Por defecto: no fijado (SSSD usará el valor recuperado desde LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:883
 msgid "allowed_shells (string)"
 msgstr "allowed_shells (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:886
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
@@ -1336,12 +1301,12 @@ msgstr ""
 "evaluación es:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:889
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr "1. Si el shell está presente en <quote>/etc/shells</quote>, se usa."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:869
+#: sssd.conf.5.xml:893
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
@@ -1350,7 +1315,7 @@ msgstr ""
 "shells</quote>, usa el valor del parámetro shell_fallback."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:898
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
@@ -1359,12 +1324,12 @@ msgstr ""
 "shells</quote>, se usará un shell de no acceso."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:879
+#: sssd.conf.5.xml:903
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:906
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1372,12 +1337,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:913
 msgid "An empty string for shell is passed as-is to libc."
 msgstr "Una cadena vacía para el shell se pasa como-es a libc."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:892
+#: sssd.conf.5.xml:916
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
@@ -1387,27 +1352,27 @@ msgstr ""
 "una nueva shell."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:920
 msgid "Default: Not set. The user shell is automatically used."
 msgstr "Por defecto: No fijado. La shell del usuario se usa automáticamente."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:925
 msgid "vetoed_shells (string)"
 msgstr "vetoed_shells (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:904
+#: sssd.conf.5.xml:928
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr "Reemplaza cualquier instancia de estos shells con shell_fallback"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:909
+#: sssd.conf.5.xml:933
 msgid "shell_fallback (string)"
 msgstr "shell_fallback (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:936
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
@@ -1415,24 +1380,24 @@ msgstr ""
 "máquina."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:940
 msgid "Default: /bin/sh"
 msgstr "Predeterminado: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:945
 msgid "default_shell"
 msgstr "default_shell"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:948
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:954
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
@@ -1442,12 +1407,12 @@ msgstr ""
 "normalmente /bin/sh)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:937 sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:961 sssd.conf.5.xml:1215
 msgid "get_domains_timeout (int)"
 msgstr "get_domains_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1218
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
@@ -1456,37 +1421,31 @@ msgstr ""
 "considerada válida."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:973
 msgid "memcache_timeout (int)"
 msgstr "memcache_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:952
-#, fuzzy
-#| msgid ""
-#| "Specifies time in seconds for which records in the in-memory cache will "
-#| "be valid"
+#: sssd.conf.5.xml:976
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid."
 msgstr ""
-"Especifica el tiempo en segundos durante el cual los archivos en el "
-"escondrijo en memoria serán válidos."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:983
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:967 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:991 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:994
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1497,50 +1456,48 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1007
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1012
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:993
-#, fuzzy
-#| msgid "skel_dir (string)"
+#: sssd.conf.5.xml:1017
 msgid "pwfield (string)"
-msgstr "skel_dir (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:996
+#: sssd.conf.5.xml:1020
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1025 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr "Esta opción puede ser también fijada por dominio."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1004
+#: sssd.conf.5.xml:1028
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1012
+#: sssd.conf.5.xml:1036
 msgid "PAM configuration options"
 msgstr "Opciones de configuración PAM"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1038
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
@@ -1549,12 +1506,12 @@ msgstr ""
 "Authentication Module (PAM)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1043
 msgid "offline_credentials_expiration (integer)"
 msgstr "offline_credentials_expiration (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1022
+#: sssd.conf.5.xml:1046
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
@@ -1563,17 +1520,17 @@ msgstr ""
 "los accesos escondidos (en días desde el último login en línea con éxito)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027 sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1051 sssd.conf.5.xml:1064
 msgid "Default: 0 (No limit)"
 msgstr "Predeterminado: 0 (Sin límite)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1057
 msgid "offline_failed_login_attempts (integer)"
 msgstr "offline_failed_login_attempts (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1060
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
@@ -1582,12 +1539,12 @@ msgstr ""
 "login fallados están permitidos."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1070
 msgid "offline_failed_login_delay (integer)"
 msgstr "offline_failed_login_delay (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1073
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
@@ -1597,7 +1554,7 @@ msgstr ""
 "intento de login sea posible."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1078
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1608,17 +1565,17 @@ msgstr ""
 "éxito puede habilitar otra vez la autenticación fuera de línea."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1084 sssd.conf.5.xml:1182
 msgid "Default: 5"
 msgstr "Predeterminado: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1090
 msgid "pam_verbosity (integer)"
 msgstr "pam_verbosity (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1093
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
@@ -1627,115 +1584,107 @@ msgstr ""
 "autenticación. Cuanto mayor sea el número de mensajes más aparecen."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1098
 msgid "Currently sssd supports the following values:"
 msgstr "Actualmente sssd soporta los siguientes valores:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1101
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr "<emphasis>0</emphasis>: no mostrar ningún mensaje"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1104
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr "<emphasis>1</emphasis>: mostrar sólo mensajes importantes"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1108
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr "<emphasis>2</emphasis>: mostrar mensajes informativos"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1111
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 "<emphasis>3</emphasis>: mostrar todos los mensajes e información de "
 "depuración"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.8.xml:63
+#: sssd.conf.5.xml:1115 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Predeterminado: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
-#, fuzzy
-#| msgid "pam_verbosity (integer)"
+#: sssd.conf.5.xml:1121
 msgid "pam_response_filter (integer)"
-msgstr "pam_verbosity (entero)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1124
 msgid ""
-"A comma separated list of strings which allows to remove (filter) data send "
+"A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
-"responses send to pam_sss e.g. messages displayed to the user or environment "
+"responses sent to pam_sss e.g. messages displayed to the user or environment "
 "variables which should be set by pam_sss."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1132
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1139
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1116
-msgid "Do not sent any environment variables to any service."
+#: sssd.conf.5.xml:1140
+msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1143
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
-msgid "Do not sent environment variable var_name to any service."
+#: sssd.conf.5.xml:1144
+msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1148
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1125
-msgid "Do not sent environment variable var_name to service."
+#: sssd.conf.5.xml:1149
+msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
-#, fuzzy
-#| msgid ""
-#| "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
-#| "\"0\"/>"
+#: sssd.conf.5.xml:1137
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
-"Opciones válidas para dominios proxy.  <placeholder type=\"variablelist\" id="
-"\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1159
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1165
 msgid "pam_id_timeout (integer)"
 msgstr "pam_id_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1168
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1747,7 +1696,7 @@ msgstr ""
 "información más actual."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1174
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1761,17 +1710,17 @@ msgstr ""
 "proveedor de identidad."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1188
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr "pam_pwd_expiration_warning (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1167 sssd.conf.5.xml:1866
+#: sssd.conf.5.xml:1191 sssd.conf.5.xml:2010
 msgid "Display a warning N days before the password expires."
 msgstr "Mostrar una advertencia N días antes que la contraseña caduque."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1194
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1782,7 +1731,7 @@ msgstr ""
 "información desaparece, sssd no podrá mostrar un aviso."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1869
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2013
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
@@ -1792,7 +1741,7 @@ msgstr ""
 "automáticamente."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1205
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
@@ -1801,17 +1750,12 @@ msgstr ""
 "<emphasis>pwd_expiration_warning</emphasis> para un dominio concreto."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1227
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1206
-#, fuzzy
-#| msgid ""
-#| "Specifies the comma-separated list of UID values or user names that are "
-#| "allowed to access the PAC responder. User names are resolved to UIDs at "
-#| "startup."
+#: sssd.conf.5.xml:1230
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1819,78 +1763,76 @@ msgid ""
 "<quote>pam_public_domains</quote>.  User names are resolved to UIDs at "
 "startup."
 msgstr ""
-"Especifica la lista separada por comas de los valores UID o nombres de "
-"usuario que tiene el acceso permitido al respondedor PAC."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1240
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1220
+#: sssd.conf.5.xml:1244
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1251
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1254
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1258
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1238
+#: sssd.conf.5.xml:1262
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1242
+#: sssd.conf.5.xml:1266
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1246 sssd.conf.5.xml:1271 sssd.conf.5.xml:1290
-#: sssd.conf.5.xml:1663 sssd.conf.5.xml:2577 sssd-ldap.5.xml:1823
+#: sssd.conf.5.xml:1270 sssd.conf.5.xml:1295 sssd.conf.5.xml:1314
+#: sssd.conf.5.xml:1807 sssd.conf.5.xml:2751 sssd-ldap.5.xml:1850
 msgid "Default: none"
 msgstr "Predeterminado: none"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1275
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1254
+#: sssd.conf.5.xml:1278
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1283
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:1291
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1898,21 +1840,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1276
-#, fuzzy
-#| msgid "ldap_ns_account_lock (string)"
+#: sssd.conf.5.xml:1300
 msgid "pam_account_locked_message (string)"
-msgstr "ldap_ns_account_lock (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1303
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1310
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1920,14 +1860,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
-#, fuzzy
-#| msgid "enumerate (bool)"
+#: sssd.conf.5.xml:1319
 msgid "pam_cert_auth (bool)"
-msgstr "enumerar (bool)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1322
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1935,64 +1873,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1304 sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1078
-#: sssd-ldap.5.xml:1369 sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1896
+#: sssd.conf.5.xml:1328 sssd-ldap.5.xml:1078 sssd-ldap.5.xml:1105
+#: sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1417 sssd-ldap.5.xml:1923
 #: include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr "Por defecto: False"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1309
-#, fuzzy
-#| msgid "ipa_hbac_search_base (string)"
+#: sssd.conf.5.xml:1333
 msgid "pam_cert_db_path (string)"
-msgstr "ipa_hbac_search_base (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1312
+#: sssd.conf.5.xml:1336
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1340
 msgid "Default: /etc/pki/nssdb (NSS version)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
-#, fuzzy
-#| msgid "pam_id_timeout (integer)"
+#: sssd.conf.5.xml:1345
 msgid "p11_child_timeout (integer)"
-msgstr "pam_id_timeout (entero)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1348
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
-#, fuzzy
-#| msgid "ldap_service_name (string)"
+#: sssd.conf.5.xml:1357
 msgid "pam_app_services (string)"
-msgstr "ldap_service_name (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1360
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1349
+#: sssd.conf.5.xml:1373
 msgid "SUDO configuration options"
 msgstr "SUDO opciones de configuración"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1351
+#: sssd.conf.5.xml:1375
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -2003,12 +1935,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1392
 msgid "sudo_timed (bool)"
 msgstr "sudo_timed (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1371
+#: sssd.conf.5.xml:1395
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
@@ -2016,23 +1948,40 @@ msgstr ""
 "Si se evalúan o no los atributos sudoNotBefore y sudoNotAfter que implementa "
 "entradas de sudoers dependientes del tiempo."
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1407
+#, fuzzy
+#| msgid "ldap_deref_threshold (integer)"
+msgid "sudo_threshold (integer)"
+msgstr "ldap_deref_threshold (entero)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1410
+msgid ""
+"Maximum number of expired rules that can be refreshed at once. If number of "
+"expired rules is below threshold, those rules are refreshed with "
+"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
+"<quote>full refresh</quote> of sudo rules is triggered instead. This "
+"threshold number also applies to IPA sudo command and command group searches."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1429
 msgid "AUTOFS configuration options"
 msgstr "Opciones de configuración AUTOFS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1431
 msgid "These options can be used to configure the autofs service."
 msgstr "Estas opciones pueden ser usadas para configurar el servicio autofs."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1390
+#: sssd.conf.5.xml:1435
 msgid "autofs_negative_timeout (integer)"
 msgstr "autofs_negative_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1393
+#: sssd.conf.5.xml:1438
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -2043,22 +1992,22 @@ msgstr ""
 "existentes) antes de preguntar al punto final otra vez."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1409
+#: sssd.conf.5.xml:1454
 msgid "SSH configuration options"
 msgstr "Opciones de configuración SSH"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1411
+#: sssd.conf.5.xml:1456
 msgid "These options can be used to configure the SSH service."
 msgstr "Estas opciones se pueden usar para configurar el servicio SSH."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1415
+#: sssd.conf.5.xml:1460
 msgid "ssh_hash_known_hosts (bool)"
 msgstr "ssh_hash_known_hosts (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1463
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
@@ -2067,12 +2016,12 @@ msgstr ""
 "known_host. "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1427
+#: sssd.conf.5.xml:1472
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr "ssh_known_hosts_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430
+#: sssd.conf.5.xml:1475
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
@@ -2081,47 +2030,34 @@ msgstr ""
 "después de que se hayan pedido sus claves de host."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1434
+#: sssd.conf.5.xml:1479
 msgid "Default: 180"
 msgstr "Por defecto: 180"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1439
-#, fuzzy
-#| msgid "mail_dir (string)"
+#: sssd.conf.5.xml:1484
 msgid "ca_db (string)"
-msgstr "mail_dir (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1487
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1447
-#, fuzzy
-#| msgid "Default: /etc/krb5.keytab"
+#: sssd.conf.5.xml:1492
 msgid "Default: /etc/pki/nssdb"
-msgstr "Predeterminado: /etc/krb5.keytab"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1455
+#: sssd.conf.5.xml:1500
 msgid "PAC responder configuration options"
 msgstr "Opciones de configuración del respondedor PAC"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1457
-#, fuzzy
-#| msgid ""
-#| "The PAC responder works together with the authorization data plugin for "
-#| "MIT Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin "
-#| "sends the PAC data during a GSSAPI authentication to the PAC responder. "
-#| "The sub-domain provider collects domain SID and ID ranges of the domain "
-#| "the client is joined to and of remote trusted domains from the local "
-#| "domain controller.  If the PAC is decoded and evaluated some of the "
-#| "following operations are done:"
+#: sssd.conf.5.xml:1502
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2130,16 +2066,9 @@ msgid ""
 "joined to and of remote trusted domains from the local domain controller. If "
 "the PAC is decoded and evaluated some of the following operations are done:"
 msgstr ""
-"El respondedor PAC trabaja junto el plugin de datos de autorización para MIT "
-"Kerberos sssd_pac_plugin.so y un proveedor de subdominio. El plugin envía el "
-"dato PAC durante una autenticación GSSAPI al respondedor PAC. El proveedor "
-"de subdominio recoge los rangos SID e ID del dominio a los que se une el "
-"cliente y de los dominio remotos de confianza desde el controlador de "
-"dominio local. Si el PAC es descodificado y evaluado se hacen alguna de las "
-"siguientes operaciones:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1466
+#: sssd.conf.5.xml:1511
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2150,24 +2079,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1519
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1525
 msgid "These options can be used to configure the PAC responder."
 msgstr "Estas opciones pueden ser usadas para configurar el respondedor PAC."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1484 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1529 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr "allowed_uids (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1487
+#: sssd.conf.5.xml:1532
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -2177,14 +2106,14 @@ msgstr ""
 "usuario que tiene el acceso permitido al respondedor PAC."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1538
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 "Por defecto: 0 (sólo el usuario root tiene permitido el acceso al "
 "respondedor PAC)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1497
+#: sssd.conf.5.xml:1542
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -2197,33 +2126,184 @@ msgstr ""
 "lista de UIDs permitidas también."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
-#, fuzzy
-#| msgid "pam_id_timeout (integer)"
+#: sssd.conf.5.xml:1551
 msgid "pac_lifetime (integer)"
-msgstr "pam_id_timeout (entero)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1554
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1567
+#, fuzzy
+#| msgid "PAC responder configuration options"
+msgid "Session recording configuration options"
+msgstr "Opciones de configuración del respondedor PAC"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1569
+#, fuzzy
+#| msgid ""
+#| "This manual page describes the configuration of the AD provider for "
+#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
+#| "manvolnum> </citerefentry>.  For a detailed syntax reference, refer to "
+#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
+#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> manual page."
+msgid ""
+"Session recording works in conjunction with <citerefentry> "
+"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>, a part of tlog package, to log what users see and type when "
+"they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
+"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+"Esta página de manual describe la configuración del proveedor AD para "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. Para una referencia detallada de sintaxis, vea la sección "
+"<quote>FILE FORMAT</quote> de la página de manual <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1582
+#, fuzzy
+#| msgid "These options can be used to configure any service."
+msgid "These options can be used to configure session recording."
+msgstr "Estas opciones pueden usarse para configurar cualquier servicio."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1586 sssd-session-recording.5.xml:64
+#, fuzzy
+#| msgid "sudo_provider (string)"
+msgid "scope (string)"
+msgstr "sudo_provider (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:71
+msgid "\"none\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:74
+msgid "No users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1601 sssd-session-recording.5.xml:79
+msgid "\"some\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1604 sssd-session-recording.5.xml:82
+#, fuzzy
+#| msgid ""
+#| "Append this user to groups specified by the <replaceable>GROUPS</"
+#| "replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter "
+#| "is a comma separated list of group names."
+msgid ""
+"Users/groups specified by <replaceable>users</replaceable> and "
+"<replaceable>groups</replaceable> options are recorded."
+msgstr ""
+"Añade este usuario a los grupos especificados por el parámetro "
+"<replaceable>GROUPS</replaceable>. El parámetro <replaceable>GROUPS</"
+"replaceable> es una lista separada por comas de nombres de grupo."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1613 sssd-session-recording.5.xml:91
+msgid "\"all\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1616 sssd-session-recording.5.xml:94
+msgid "All users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1589 sssd-session-recording.5.xml:67
+#, fuzzy
+#| msgid ""
+#| "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
+#| "\"0\"/>"
+msgid ""
+"One of the following strings specifying the scope of session recording: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+"Opciones válidas para dominios proxy.  <placeholder type=\"variablelist\" id="
+"\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:101
+#, fuzzy
+#| msgid "Default: none"
+msgid "Default: \"none\""
+msgstr "Predeterminado: none"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1628 sssd-session-recording.5.xml:106
+#, fuzzy
+#| msgid "skel_dir (string)"
+msgid "users (string)"
+msgstr "skel_dir (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1631 sssd-session-recording.5.xml:109
+msgid ""
+"A comma-separated list of users which should have session recording enabled. "
+"Matches user names as returned by NSS. I.e. after the possible space "
+"replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1637 sssd-session-recording.5.xml:115
+#, fuzzy
+#| msgid "Default: empty, i.e. ldap_uri is used."
+msgid "Default: Empty. Matches no users."
+msgstr "Por defecto: vacio, esto es ldap_uri se está usando."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1642 sssd-session-recording.5.xml:120
+#, fuzzy
+#| msgid "ldap_group_name (string)"
+msgid "groups (string)"
+msgstr "ldap_group_name (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1645 sssd-session-recording.5.xml:123
+msgid ""
+"A comma-separated list of groups, members of which should have session "
+"recording enabled. Matches group names as returned by NSS. I.e. after the "
+"possible space replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1651 sssd-session-recording.5.xml:129
+msgid ""
+"NOTE: using this option (having it set to anything) has a considerable "
+"performance cost, because each uncached request for a user requires "
+"retrieving and matching the groups the user is member of."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:136
+msgid "Default: Empty. Matches no groups."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1668
 msgid "DOMAIN SECTIONS"
 msgstr "SECCIONES DE DOMINIO"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1531
-#, fuzzy
-#| msgid "ad_domain (string)"
+#: sssd.conf.5.xml:1675
 msgid "domain_type (string)"
-msgstr "ad_domain (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1534
+#: sssd.conf.5.xml:1678
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -2232,57 +2312,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1542
+#: sssd.conf.5.xml:1686
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546
-#, fuzzy
-#| msgid ""
-#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page for more details."
+#: sssd.conf.5.xml:1690
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
 "<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>) and the PAM responder."
 msgstr ""
-"Por favor vea el parámetro <quote>dns_discovery_domain</quote> en la página "
-"de manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> para más detalles."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1698
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1702
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1562
-#, fuzzy
-#| msgid "Default: posixGroup"
+#: sssd.conf.5.xml:1706
 msgid "Default: posix"
-msgstr "Por defecto: posixGroup"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1568
+#: sssd.conf.5.xml:1712
 msgid "min_id,max_id (integer)"
 msgstr "min_id, max_id (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1715
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
@@ -2291,7 +2361,7 @@ msgstr ""
 "está fuera de estos límites, ésta es ignorada."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1720
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2304,24 +2374,24 @@ msgstr ""
 "reportados como en espera."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1727
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1731
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr "Predeterminado: 1 para min_id, 0 (sin límite) para max_id"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1737
 msgid "enumerate (bool)"
 msgstr "enumerar (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596
+#: sssd.conf.5.xml:1740
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
@@ -2330,22 +2400,22 @@ msgstr ""
 "de los siguientes valores:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1744
 msgid "TRUE = Users and groups are enumerated"
 msgstr "TRUE = Usuarios y grupos son enumerados"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603
+#: sssd.conf.5.xml:1747
 msgid "FALSE = No enumerations for this domain"
 msgstr "FALSE = Sin enumeraciones para este dominio"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1821 sssd.conf.5.xml:1988
+#: sssd.conf.5.xml:1750 sssd.conf.5.xml:1965 sssd.conf.5.xml:2132
 msgid "Default: FALSE"
 msgstr "Predeterminado: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1609
+#: sssd.conf.5.xml:1753
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2365,7 +2435,7 @@ msgstr ""
 "las afiliaciones deben ser recalculadas."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1766
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
@@ -2375,7 +2445,7 @@ msgstr ""
 "completen."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1771
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2389,7 +2459,7 @@ msgstr ""
 "específico id_provider en uso."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:1779
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
@@ -2398,32 +2468,32 @@ msgstr ""
 "especialmente en entornos grandes."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1643
+#: sssd.conf.5.xml:1787
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1650
+#: sssd.conf.5.xml:1794
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1651
+#: sssd.conf.5.xml:1795
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1798
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1799
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1790
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2432,12 +2502,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1813
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672
+#: sssd.conf.5.xml:1816
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
@@ -2446,7 +2516,7 @@ msgstr ""
 "volver a consultar al backend"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1820
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2457,17 +2527,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1689
+#: sssd.conf.5.xml:1833
 msgid "Default: 5400"
 msgstr "Predeterminado: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1695
+#: sssd.conf.5.xml:1839
 msgid "entry_cache_user_timeout (integer)"
 msgstr "entry_cache_user_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1698
+#: sssd.conf.5.xml:1842
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
@@ -2476,19 +2546,19 @@ msgstr ""
 "antes de preguntar al punto final otra vez."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1702 sssd.conf.5.xml:1715 sssd.conf.5.xml:1728
-#: sssd.conf.5.xml:1741 sssd.conf.5.xml:1754 sssd.conf.5.xml:1768
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1846 sssd.conf.5.xml:1859 sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1885 sssd.conf.5.xml:1898 sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1926
 msgid "Default: entry_cache_timeout"
 msgstr "Por defecto: entry_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1708
+#: sssd.conf.5.xml:1852
 msgid "entry_cache_group_timeout (integer)"
 msgstr "entry_cache_group_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1711
+#: sssd.conf.5.xml:1855
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
@@ -2497,12 +2567,12 @@ msgstr ""
 "antes de preguntar al punto final otra vez."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1721
+#: sssd.conf.5.xml:1865
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr "entry_cache_netgroup_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1868
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
@@ -2511,12 +2581,12 @@ msgstr ""
 "válidas antes de preguntar al punto final otra vez."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1878
 msgid "entry_cache_service_timeout (integer)"
 msgstr "entry_cache_service_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1881
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
@@ -2525,12 +2595,12 @@ msgstr ""
 "antes de preguntar al punto final otra vez."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1891
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr "entry_cache_sudo_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1750
+#: sssd.conf.5.xml:1894
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
@@ -2539,12 +2609,12 @@ msgstr ""
 "preguntar al backend otra vez."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1760
+#: sssd.conf.5.xml:1904
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr "entry_cache_autofs_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1763
+#: sssd.conf.5.xml:1907
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
@@ -2553,71 +2623,71 @@ msgstr ""
 "automontaje válidos antes de preguntar al punto final otra vez."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1774
+#: sssd.conf.5.xml:1918
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1921
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1932
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1791
+#: sssd.conf.5.xml:1935
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1796
+#: sssd.conf.5.xml:1940
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1944
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1804 sssd-ldap.5.xml:746 sssd-ipa.5.xml:247
+#: sssd.conf.5.xml:1948 sssd-ldap.5.xml:746 sssd-ipa.5.xml:248
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1810
+#: sssd.conf.5.xml:1954
 msgid "cache_credentials (bool)"
 msgstr "cache_credentials (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1957
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 "Determina si las credenciales del usuario están también escondidas en el "
 "cache LDB local"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1961
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 "Las credenciales de usuario son almacenadas en un hash SHA512, no en texto "
 "plano"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1827
+#: sssd.conf.5.xml:1971
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1830
+#: sssd.conf.5.xml:1974
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2625,24 +2695,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1981
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1986
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1992
 msgid "account_cache_expiration (integer)"
 msgstr "account_cache_expiration (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1995
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2655,17 +2725,17 @@ msgstr ""
 "grande o igual que offline_credentials_expiration."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1858
+#: sssd.conf.5.xml:2002
 msgid "Default: 0 (unlimited)"
 msgstr "Predeterminado: 0 (ilimitado)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:2007
 msgid "pwd_expiration_warning (integer)"
 msgstr "pwd_expiration_warning (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1874
+#: sssd.conf.5.xml:2018
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2678,17 +2748,17 @@ msgstr ""
 "configurar un proveedor de autorización para el backend."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1881
+#: sssd.conf.5.xml:2025
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr "Por defecto: 7 (Kerberos), 0 (LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:2031
 msgid "id_provider (string)"
 msgstr "id_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2034
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
@@ -2696,17 +2766,17 @@ msgstr ""
 "soportados son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1894
+#: sssd.conf.5.xml:2038
 msgid "<quote>proxy</quote>: Support a legacy NSS provider"
 msgstr "<quote>proxy</quote>: Soporta un proveedor NSS legado"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897 sssd.conf.5.xml:2034
+#: sssd.conf.5.xml:2041 sssd.conf.5.xml:2178
 msgid "<quote>local</quote>: SSSD internal provider for local users"
 msgstr "<quote>local</quote>: Proveedor interno SSSD para usuarios locales"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:2045
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2717,8 +2787,8 @@ msgstr ""
 "información sobre la configuración de LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1909 sssd.conf.5.xml:2014 sssd.conf.5.xml:2069
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2053 sssd.conf.5.xml:2158 sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2731,8 +2801,8 @@ msgstr ""
 "configuración de FreeIPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1918 sssd.conf.5.xml:2023 sssd.conf.5.xml:2078
-#: sssd.conf.5.xml:2141
+#: sssd.conf.5.xml:2062 sssd.conf.5.xml:2167 sssd.conf.5.xml:2222
+#: sssd.conf.5.xml:2285
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2744,12 +2814,12 @@ msgstr ""
 "Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2073
 msgid "use_fully_qualified_names (bool)"
 msgstr "use_fully_qualified_names (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:2076
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
@@ -2759,7 +2829,7 @@ msgstr ""
 "NSS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2081
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2773,7 +2843,7 @@ msgstr ""
 "command> lo haría."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1945
+#: sssd.conf.5.xml:2089
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2781,22 +2851,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1952
+#: sssd.conf.5.xml:2096
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2102
 msgid "ignore_group_members (bool)"
 msgstr "ignore_group_members (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1961
+#: sssd.conf.5.xml:2105
 msgid "Do not return group members for group lookups."
 msgstr "No devuelve miembros de grupo para búsquedas de grupo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2108
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2808,7 +2878,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1982
+#: sssd.conf.5.xml:2126
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2816,12 +2886,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1993
+#: sssd.conf.5.xml:2137
 msgid "auth_provider (string)"
 msgstr "auth_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1996
+#: sssd.conf.5.xml:2140
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
@@ -2830,7 +2900,7 @@ msgstr ""
 "autenticación soportados son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000 sssd.conf.5.xml:2062
+#: sssd.conf.5.xml:2144 sssd.conf.5.xml:2206
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2841,7 +2911,7 @@ msgstr ""
 "citerefentry> para más información sobre la configuración LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2007
+#: sssd.conf.5.xml:2151
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2852,7 +2922,7 @@ msgstr ""
 "citerefentry> para más información sobre la configuración de Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2175
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
@@ -2860,12 +2930,12 @@ msgstr ""
 "objetivo PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2182
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr "<quote>none</quote> deshabilita la autenticación explícitamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2041
+#: sssd.conf.5.xml:2185
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
@@ -2874,12 +2944,12 @@ msgstr ""
 "manejar las peticiones de autenticación."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2191
 msgid "access_provider (string)"
 msgstr "access_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2194
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2890,7 +2960,7 @@ msgstr ""
 "proveedores especiales internos son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
+#: sssd.conf.5.xml:2200
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
@@ -2899,12 +2969,12 @@ msgstr ""
 "sólo permitido para un dominio local."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059
+#: sssd.conf.5.xml:2203
 msgid "<quote>deny</quote> always deny access."
 msgstr "<quote>deny</quote> siempre niega el acceso."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2086
+#: sssd.conf.5.xml:2230
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2917,44 +2987,30 @@ msgstr ""
 "configuración del módulo de acceso sencillo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2093
-#, fuzzy
-#| msgid ""
-#| "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> for more information on configuring Kerberos."
+#: sssd.conf.5.xml:2237
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
 "citerefentry> for more information on configuring Kerberos."
 msgstr ""
-"<quote>krb5</quote> para autenticación Kerberos. Vea <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> para más información sobre la configuración de Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2100
-#, fuzzy
-#| msgid ""
-#| "<quote>proxy</quote> for relaying password changes to some other PAM "
-#| "target."
+#: sssd.conf.5.xml:2244
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
-"<quote>proxy</quote> para la reinstalación de cambios de password en algunos "
-"otros objetivos PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2247
 msgid "Default: <quote>permit</quote>"
 msgstr "Predeterminado: <quote>permit</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2108
+#: sssd.conf.5.xml:2252
 msgid "chpass_provider (string)"
 msgstr "chpass_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2111
+#: sssd.conf.5.xml:2255
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
@@ -2963,24 +3019,15 @@ msgstr ""
 "el dominio. Los proveedores de cambio de passweord soportados son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2116
-#, fuzzy
-#| msgid ""
-#| "<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-#| "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> for more information on configuring LDAP."
+#: sssd.conf.5.xml:2260
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry> for more information on configuring LDAP."
 msgstr ""
-"<quote>ldap</quote> para cambiar una contraseña almacenada en un servidor "
-"LDAP.  Vea <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> para más información sobre "
-"configurar LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2124
+#: sssd.conf.5.xml:2268
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2991,7 +3038,7 @@ msgstr ""
 "citerefentry> para más información sobre configurar Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2149
+#: sssd.conf.5.xml:2293
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
@@ -2999,13 +3046,13 @@ msgstr ""
 "otros objetivos PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2153
+#: sssd.conf.5.xml:2297
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 "<quote>none</quote> deniega explícitamente los cambios en la contraseña."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2300
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
@@ -3014,18 +3061,18 @@ msgstr ""
 "puede manejar las peticiones de cambio de password."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2163
+#: sssd.conf.5.xml:2307
 msgid "sudo_provider (string)"
 msgstr "sudo_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2166
+#: sssd.conf.5.xml:2310
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 "El proveedor SUDO usado por el dominio. Los proveedores SUDO soportados son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2314
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3036,33 +3083,33 @@ msgstr ""
 "citerefentry> para más información sobre la configuración LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2178
+#: sssd.conf.5.xml:2322
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2326
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2186
+#: sssd.conf.5.xml:2330
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr "<quote>none</quote>deshabilita SUDO explícitamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189 sssd.conf.5.xml:2267 sssd.conf.5.xml:2308
-#: sssd.conf.5.xml:2333
+#: sssd.conf.5.xml:2333 sssd.conf.5.xml:2411 sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2501
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 "Por defecto: el valor de <quote>id_provider</quote> se usa si está fijado."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2337
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -3073,12 +3120,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2210
+#: sssd.conf.5.xml:2354
 msgid "selinux_provider (string)"
 msgstr "selinux_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2357
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -3089,7 +3136,7 @@ msgstr ""
 "finalice. Los proveedores selinux soportados son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2219
+#: sssd.conf.5.xml:2363
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3101,14 +3148,14 @@ msgstr ""
 "IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2227
+#: sssd.conf.5.xml:2371
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 "<quote>none</quote> deshabilita ir a buscar los ajustes selinux "
 "explícitamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2230
+#: sssd.conf.5.xml:2374
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
@@ -3117,12 +3164,12 @@ msgstr ""
 "manejar las peticiones de carga selinux."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2380
 msgid "subdomains_provider (string)"
 msgstr "subdomains_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2383
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
@@ -3132,7 +3179,7 @@ msgstr ""
 "soportados son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2245
+#: sssd.conf.5.xml:2389
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3144,7 +3191,7 @@ msgstr ""
 "configuración de IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2254
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -3153,18 +3200,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2263
+#: sssd.conf.5.xml:2407
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 "<quote>none</quote> deshabilita el buscador de subdominios explícitamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2417
+#, fuzzy
+#| msgid "selinux_provider (string)"
+msgid "session_provider (string)"
+msgstr "selinux_provider (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2420
+msgid ""
+"The provider which configures and manages user session related tasks. The "
+"only user session task currently provided is the integration with Fleet "
+"Commander, which works only with IPA.  Supported session providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2427
+msgid "<quote>ipa</quote> to allow performing user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2431
+msgid ""
+"<quote>none</quote> does not perform any kind of user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2435
+#, fuzzy
+#| msgid ""
+#| "Default: <quote>id_provider</quote> is used if it is set and can handle "
+#| "selinux loading requests."
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can perform "
+"session related tasks."
+msgstr ""
+"Por defecto: <quote>id_provider</quote> se usa si está fijado y puede "
+"manejar las peticiones de carga selinux."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2442
 msgid "autofs_provider (string)"
 msgstr "autofs_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2445
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
@@ -3172,7 +3258,7 @@ msgstr ""
 "son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2449
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3184,7 +3270,7 @@ msgstr ""
 "LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2288
+#: sssd.conf.5.xml:2456
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3196,34 +3282,25 @@ msgstr ""
 "IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2296
-#, fuzzy
-#| msgid ""
-#| "<quote>ipa</quote> to load maps stored in an IPA server. See "
-#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> for more information on configuring IPA."
+#: sssd.conf.5.xml:2464
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry> for more information on configuring the AD provider."
 msgstr ""
-"<quote>ipa</quote> para cargar mapas almacenados en un servidor IPA. Vea "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> para más información sobre la configuración de "
-"IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2305
+#: sssd.conf.5.xml:2473
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr "<quote>none</quote> deshabilita autofs explícitamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2483
 msgid "hostid_provider (string)"
 msgstr "hostid_provider (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2486
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
@@ -3232,7 +3309,7 @@ msgstr ""
 "proveedores de hostid soportados son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2322
+#: sssd.conf.5.xml:2490
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3244,12 +3321,12 @@ msgstr ""
 "configuración de IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2330
+#: sssd.conf.5.xml:2498
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr "<quote>none</quote> deshabilita hostid explícitamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2343
+#: sssd.conf.5.xml:2511
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -3259,7 +3336,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2520
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -3272,22 +3349,22 @@ msgstr ""
 "nombres de usuario:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2525
 msgid "username"
 msgstr "nombre de usuario"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2528
 msgid "username@domain.name"
 msgstr "username@domain.name"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2363
+#: sssd.conf.5.xml:2531
 msgid "domain\\username"
 msgstr "dominio/nombre_de_usuario"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2366
+#: sssd.conf.5.xml:2534
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
@@ -3297,7 +3374,7 @@ msgstr ""
 "dominios Windows."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2371
+#: sssd.conf.5.xml:2539
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -3308,7 +3385,7 @@ msgstr ""
 "el nombre, el dominio es el resto detrás de este signo\""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2377
+#: sssd.conf.5.xml:2545
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -3320,7 +3397,7 @@ msgstr ""
 "subplantillas sin nombre único."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2384
+#: sssd.conf.5.xml:2552
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
@@ -3329,17 +3406,17 @@ msgstr ""
 "soportan la sintaxis Python  (?P&lt;name&gt;) para identificar subpatrones."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2431
+#: sssd.conf.5.xml:2599
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "Predeterminado: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2437
+#: sssd.conf.5.xml:2605
 msgid "lookup_family_order (string)"
 msgstr "lookup_family_order (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2440
+#: sssd.conf.5.xml:2608
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
@@ -3348,64 +3425,77 @@ msgstr ""
 "a usar cuando se lleven a cabo búsquedas DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2444
+#: sssd.conf.5.xml:2612
 msgid "Supported values:"
 msgstr "Valores soportados:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2447
+#: sssd.conf.5.xml:2615
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr "ipv4_first: Intenta buscar dirección IPv4, si falla, intenta IPv6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2450
+#: sssd.conf.5.xml:2618
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr "ipv4_only: Sólo intenta resolver nombres de host a direccones IPv4."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2621
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr "ipv6_first: Intenta buscar dirección IPv6, si falla, intenta IPv4"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2456
+#: sssd.conf.5.xml:2624
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr "ipv6_only: Sólo intenta resolver nombres de host a direccones IPv6."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2459
+#: sssd.conf.5.xml:2627
 msgid "Default: ipv4_first"
 msgstr "Predeterminado: ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2633
 msgid "dns_resolver_timeout (integer)"
 msgstr "dns_resolver_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2468
+#: sssd.conf.5.xml:2636
+#, fuzzy
+#| msgid ""
+#| "Defines the amount of time (in seconds) to wait for a reply from the DNS "
+#| "resolver before assuming that it is unreachable. If this timeout is "
+#| "reached, the domain will continue to operate in offline mode."
 msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
+"Defines the amount of time (in seconds) to wait for a reply from the "
+"internal fail over service before assuming that the service is unreachable. "
+"If this timeout is reached, the domain will continue to operate in offline "
+"mode."
 msgstr ""
 "Define la cantidad de tiempo (en segundos) para esperar una respuesta desde "
 "el DNS antes de asumir que es inalcanzable. Si se alcanza este tiempo de "
 "espera, el dominio continuará operativo en modo fuera de línea."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2474 sssd-ldap.5.xml:1251 sssd-ldap.5.xml:1293
-#: sssd-ldap.5.xml:1311 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2643
+msgid ""
+"Please see the section <quote>FAILOVER</quote> for more information about "
+"the service resolution."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2648 sssd-ldap.5.xml:1278 sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1338 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr "Predeterminado: 6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2654
 msgid "dns_discovery_domain (string)"
 msgstr "dns_discovery_domain (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2483
+#: sssd.conf.5.xml:2657
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
@@ -3414,53 +3504,53 @@ msgstr ""
 "de dominio de la pregunta al descubridor de servicio DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2661
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 "Predeterminado: Utilizar la parte del dominio del nombre de host del equipo"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2493
+#: sssd.conf.5.xml:2667
 msgid "override_gid (integer)"
 msgstr "override_gid (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2496
+#: sssd.conf.5.xml:2670
 msgid "Override the primary GID value with the one specified."
 msgstr "Anula el valor primario GID con el especificado."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2502
+#: sssd.conf.5.xml:2676
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2510
+#: sssd.conf.5.xml:2684
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2513
+#: sssd.conf.5.xml:2687
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2519
+#: sssd.conf.5.xml:2693
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2695
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2525
+#: sssd.conf.5.xml:2699
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2528
+#: sssd.conf.5.xml:2702
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -3468,7 +3558,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2505
+#: sssd.conf.5.xml:2679
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -3476,17 +3566,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2540
+#: sssd.conf.5.xml:2714
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2546
+#: sssd.conf.5.xml:2720
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2549
+#: sssd.conf.5.xml:2723
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3494,34 +3584,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2729
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2558
+#: sssd.conf.5.xml:2732
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2561 sssd-ldap.5.xml:1084
+#: sssd.conf.5.xml:2735 sssd-ldap.5.xml:1111
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2564
+#: sssd.conf.5.xml:2738
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2567
+#: sssd.conf.5.xml:2741
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2573
+#: sssd.conf.5.xml:2747
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3529,34 +3619,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2571 sssd-secrets.5.xml:381
+#: sssd.conf.5.xml:2745 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2580
-#, fuzzy
-#| msgid "This option is not available in IPA provider."
+#: sssd.conf.5.xml:2754
 msgid "Note: This option only works with the IPA and AD provider."
-msgstr "Esta opción no está disponible en el proveedor IPA."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2587
+#: sssd.conf.5.xml:2761
 msgid "subdomain_homedir (string)"
 msgstr "subdomain_homedir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2772
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2599
+#: sssd.conf.5.xml:2773
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2764
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3566,7 +3654,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:2778
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
@@ -3574,30 +3662,28 @@ msgstr ""
 "emphasis>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:2782
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr "Por defecto: <filename>/home/%d/%u</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2613
+#: sssd.conf.5.xml:2787
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2616
+#: sssd.conf.5.xml:2790
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2622
-#, fuzzy
-#| msgid "memcache_timeout (int)"
+#: sssd.conf.5.xml:2796
 msgid "cached_auth_timeout (int)"
-msgstr "memcache_timeout (entero)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2625
+#: sssd.conf.5.xml:2799
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3605,12 +3691,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2805
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2635
+#: sssd.conf.5.xml:2809
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3618,7 +3704,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1670
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3630,17 +3716,17 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2653
+#: sssd.conf.5.xml:2827
 msgid "proxy_pam_target (string)"
 msgstr "proxy_pam_target (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2656
+#: sssd.conf.5.xml:2830
 msgid "The proxy target PAM proxies to."
 msgstr "El proxy de destino PAM próximo a."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2659
+#: sssd.conf.5.xml:2833
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
@@ -3649,12 +3735,12 @@ msgstr ""
 "pam existente o crear una nueva y añadir el nombre de servicio aquí."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2841
 msgid "proxy_lib_name (string)"
 msgstr "proxy_lib_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2670
+#: sssd.conf.5.xml:2844
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3665,12 +3751,12 @@ msgstr ""
 "$(function), por ejemplo _nss_files_getpwent."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2680
+#: sssd.conf.5.xml:2854
 msgid "proxy_fast_alias (boolean)"
 msgstr "proxy_fast_alias (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2683
+#: sssd.conf.5.xml:2857
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3684,14 +3770,12 @@ msgstr ""
 "razones de rendimiento."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2697
-#, fuzzy
-#| msgid "min_id,max_id (integer)"
+#: sssd.conf.5.xml:2871
 msgid "proxy_max_children (integer)"
-msgstr "min_id, max_id (entero)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2700
+#: sssd.conf.5.xml:2874
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3699,7 +3783,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2823
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
@@ -3708,12 +3792,12 @@ msgstr ""
 "\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2890
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2892
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3730,7 +3814,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2738
+#: sssd.conf.5.xml:2912
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3738,21 +3822,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2744
-#, fuzzy
-#| msgid "Section parameters"
+#: sssd.conf.5.xml:2918
 msgid "Application domain parameters"
-msgstr "Parámetros de sección"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2746
-#, fuzzy
-#| msgid "full_name_format (string)"
+#: sssd.conf.5.xml:2920
 msgid "inherit_from (string)"
-msgstr "full_name_format (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2749
+#: sssd.conf.5.xml:2923
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3761,18 +3841,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2937
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
-"through the NSS responder. In addition, the application domains also "
-"requests the telephoneNumber attribute, stores it as the phone attribute in "
-"the cache and makes the phone attribute reachable through the D-Bus "
-"interface."
+"through the NSS responder. In addition, the application domain also requests "
+"the telephoneNumber attribute, stores it as the phone attribute in the cache "
+"and makes the phone attribute reachable through the D-Bus interface."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:2771
+#: sssd.conf.5.xml:2945
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3792,12 +3871,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2963
 msgid "The local domain section"
 msgstr "La sección de dominio local"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2791
+#: sssd.conf.5.xml:2965
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3808,29 +3887,29 @@ msgstr ""
 "utiliza <replaceable>id_provider=local</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2798
+#: sssd.conf.5.xml:2972
 msgid "default_shell (string)"
 msgstr "default_shell (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2975
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 "El shell predeterminado para los usuarios creados con herramientas de "
 "espacio de usuario SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2805
+#: sssd.conf.5.xml:2979
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr "Predeterminado: <filename>/bin/bash</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2810
+#: sssd.conf.5.xml:2984
 msgid "base_directory (string)"
 msgstr "base_directory (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2987
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
@@ -3840,17 +3919,17 @@ msgstr ""
 "de inicio."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2992
 msgid "Default: <filename>/home</filename>"
 msgstr "Predeterminado: <filename>/home</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2823
+#: sssd.conf.5.xml:2997
 msgid "create_homedir (bool)"
 msgstr "create_homedir (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:3000
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
@@ -3859,17 +3938,17 @@ msgstr ""
 "Puede ser anulado desde la línea de comando."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830 sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:3004 sssd.conf.5.xml:3016
 msgid "Default: TRUE"
 msgstr "Predeterminado: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2835
+#: sssd.conf.5.xml:3009
 msgid "remove_homedir (bool)"
 msgstr "remove_homedir (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2838
+#: sssd.conf.5.xml:3012
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
@@ -3878,12 +3957,12 @@ msgstr ""
 "borrados. Puede ser anulado desde la línea de comando."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2847
+#: sssd.conf.5.xml:3021
 msgid "homedir_umask (integer)"
 msgstr "homedir_umask (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2850
+#: sssd.conf.5.xml:3024
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3894,17 +3973,17 @@ msgstr ""
 "predeterminados en un directorio de inicio recién creado."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2858
+#: sssd.conf.5.xml:3032
 msgid "Default: 077"
 msgstr "Predeterminado: 077"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:3037
 msgid "skel_dir (string)"
 msgstr "skel_dir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2866
+#: sssd.conf.5.xml:3040
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3917,17 +3996,17 @@ msgstr ""
 "<manvolnum>8</manvolnum></citerefentry>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2876
+#: sssd.conf.5.xml:3050
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr "Predeterminado: <filename>/etc/skel</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2881
+#: sssd.conf.5.xml:3055
 msgid "mail_dir (string)"
 msgstr "mail_dir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2884
+#: sssd.conf.5.xml:3058
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3938,17 +4017,17 @@ msgstr ""
 "Si no se especifica, se utiliza un valor por defecto."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2891
+#: sssd.conf.5.xml:3065
 msgid "Default: <filename>/var/mail</filename>"
 msgstr "Predeterminado: <filename>/var/mail</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:3070
 msgid "userdel_cmd (string)"
 msgstr "userdel_cmd (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2899
+#: sssd.conf.5.xml:3073
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3959,102 +4038,85 @@ msgstr ""
 "único parámetro. El código de retorno del comando no es tenido en cuenta."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2905
+#: sssd.conf.5.xml:3079
 msgid "Default: None, no command is run"
 msgstr "Predeterminado: None, no se ejecuta comando"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2915
-#, fuzzy
-#| msgid "DOMAIN SECTIONS"
+#: sssd.conf.5.xml:3089
 msgid "TRUSTED DOMAIN SECTION"
-msgstr "SECCIONES DE DOMINIO"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:3091
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
 "<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
-"replaceable>]</quote>.  Currently supported options in the trusted domain "
-"section are:"
+"replaceable>]</quote>.  Where DOMAIN_NAME is the actual joined-to base "
+"domain. Please refer to examples below for explanation.  Currently supported "
+"options in the trusted domain section are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2922
-#, fuzzy
-#| msgid "ldap_search_base (string)"
+#: sssd.conf.5.xml:3098
 msgid "ldap_search_base,"
-msgstr "ldap_search_base (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2923
-#, fuzzy
-#| msgid "ldap_user_search_base (string)"
+#: sssd.conf.5.xml:3099
 msgid "ldap_user_search_base,"
-msgstr "ldap_user_search_base (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2924
-#, fuzzy
-#| msgid "ldap_group_search_base (string)"
+#: sssd.conf.5.xml:3100
 msgid "ldap_group_search_base,"
-msgstr "ldap_group_search_base (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2925
-#, fuzzy
-#| msgid "ldap_netgroup_search_base (string)"
+#: sssd.conf.5.xml:3101
 msgid "ldap_netgroup_search_base,"
-msgstr "ldap_netgroup_search_base (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2926
-#, fuzzy
-#| msgid "ldap_service_search_base (string)"
+#: sssd.conf.5.xml:3102
 msgid "ldap_service_search_base,"
-msgstr "ldap_service_search_base (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2927
+#: sssd.conf.5.xml:3103
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2928
-#, fuzzy
-#| msgid "ad_server, ad_backup_server (string)"
+#: sssd.conf.5.xml:3104
 msgid "ad_backup_server,"
-msgstr "ad_server, ad_backup_server (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2929
+#: sssd.conf.5.xml:3105
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2930
-#, fuzzy
-#| msgid "use_fully_qualified_names (bool)"
+#: sssd.conf.5.xml:3106
 msgid "use_fully_qualified_names"
-msgstr "use_fully_qualified_names (bool)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2932
+#: sssd.conf.5.xml:3108
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2938 sssd-ldap.5.xml:2662 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:673 sssd-ad.5.xml:1018 sssd-krb5.5.xml:570
-#: sss_rpcidmapd.5.xml:98 sssd-files.5.xml:71
-msgid "EXAMPLE"
-msgstr "EJEMPLO"
+#: sssd.conf.5.xml:3114 idmap_sss.8.xml:43
+msgid "EXAMPLES"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2944
+#: sssd.conf.5.xml:3120
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -4108,9 +4170,15 @@ msgstr ""
 "enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2940
+#: sssd.conf.5.xml:3116
+#, fuzzy
+#| msgid ""
+#| "The following example shows a typical SSSD config. It does not describe "
+#| "configuration of the domains themselves - refer to documentation on "
+#| "configuring domains for more details.  <placeholder type=\"programlisting"
+#| "\" id=\"0\"/>"
 msgid ""
-"The following example shows a typical SSSD config. It does not describe "
+"1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 "id=\"0\"/>"
@@ -4120,6 +4188,25 @@ msgstr ""
 "configuración de dominios para más detalles. <placeholder type="
 "\"programlisting\" id=\"0\"/>"
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:3153
+#, no-wrap
+msgid ""
+"[domain/ipa.com/child.ad.com]\n"
+"use_fully_qualified_names = false\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3147
+msgid ""
+"2. The following example shows configuration of IPA AD trust where the AD "
+"forest consists of two domains in a parent-child structure.  Suppose IPA "
+"domain (ipa.com) has trust with AD domain(ad.com).  ad.com has child domain "
+"(child.ad.com). To enable shortnames in the child domain the following "
+"configuration should be used.  <placeholder type=\"programlisting\" id=\"0\"/"
+">"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
 msgid "sssd-ldap"
@@ -4172,7 +4259,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:75 sssd-ad.5.xml:99
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
-#: sssd-secrets.5.xml:94 sssd-kcm.8.xml:141
+#: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
 msgstr "OPCIONES DE CONFIGURACIÓN"
 
@@ -4198,7 +4285,7 @@ msgstr ""
 "vea la sección <quote>DESCUBRIDOR DE SERVICIOS</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:197
+#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:264
 msgid "The format of the URI must match the format defined in RFC 2732:"
 msgstr ""
 "El formato de la URI debe coincidir con el formato definido en RFC 2732:"
@@ -4521,16 +4608,14 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
 msgstr "El atributo LDAP que corresponde al id del grupo primario del usuario."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:893
+#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:920
 msgid "Default: gidNumber"
 msgstr "Predeterminado: gidNumber"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:303
-#, fuzzy
-#| msgid "ldap_user_principal (string)"
 msgid "ldap_user_primary_group (string)"
-msgstr "ldap_user_principal (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:306
@@ -4604,7 +4689,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:919
+#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:946
 msgid ""
 "Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
 "IPA"
@@ -4625,7 +4710,7 @@ msgstr ""
 "es normalmente sólo necesario para servidores ActiveDirectory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:961
 msgid "Default: objectSid for ActiveDirectory, not set for other servers."
 msgstr ""
 
@@ -4635,7 +4720,7 @@ msgid "ldap_user_modify_timestamp (string)"
 msgstr "ldap_user_modify_timestamp (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:944 sssd-ldap.5.xml:1167
+#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:971 sssd-ldap.5.xml:1194
 msgid ""
 "The LDAP attribute that contains timestamp of the last modification of the "
 "parent object."
@@ -4644,7 +4729,7 @@ msgstr ""
 "objeto primario."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:948 sssd-ldap.5.xml:1174
+#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:975 sssd-ldap.5.xml:1201
 msgid "Default: modifyTimestamp"
 msgstr "Predeterminado: modifyTimestamp"
 
@@ -5094,8 +5179,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
 msgstr "El atributo LDAP que corresponde al nombre completo del usuario."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1199
-#: sssd-ldap.5.xml:2240 sssd-ipa.5.xml:544
+#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1152 sssd-ldap.5.xml:1226
+#: sssd-ldap.5.xml:2276 sssd-ipa.5.xml:588
 msgid "Default: cn"
 msgstr "Predeterminado: cn"
 
@@ -5192,112 +5277,159 @@ msgstr "Default: host"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:833
-msgid "ldap_user_certificate (string)"
-msgstr ""
+#, fuzzy
+#| msgid "ldap_user_authorized_host (string)"
+msgid "ldap_user_authorized_rhost (string)"
+msgstr "ldap_user_authorized_host (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:836
-msgid "Name of the LDAP attribute containing the X509 certificate of the user."
+#, fuzzy
+#| msgid ""
+#| "If access_provider=ldap and ldap_access_order=host, SSSD will use the "
+#| "presence of the host attribute in the user's LDAP entry to determine "
+#| "access privilege."
+msgid ""
+"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
+"presence of the rhost attribute in the user's LDAP entry to determine access "
+"privilege. Similarly to host verification process."
+msgstr ""
+"Si access_provider=ldap y ldap_access_order=host, SSSD utilizará la "
+"presencia del atributo host en la entrada LDAP del usuario para determinar "
+"el privilegio de acceso."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:843
+#, fuzzy
+#| msgid ""
+#| "An explicit deny (!host) is resolved first. Second, SSSD searches for "
+#| "explicit allow (host) and finally for allow_all (*)."
+msgid ""
+"An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
+"explicit allow (rhost) and finally for allow_all (*)."
 msgstr ""
+"Una denegación explícita (¡host) se resuelve primero. Segundo, la búsqueda "
+"SSSD para permiso explícito (host) y finalmente permitir todo (*)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:840
-msgid "Default: no set in the general case, userCertificate;binary for IPA"
+#: sssd-ldap.5.xml:848
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>rhost</quote> in order for the "
+"ldap_user_authorized_rhost option to work."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:855
+#, fuzzy
+#| msgid "Default: host"
+msgid "Default: rhost"
+msgstr "Default: host"
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:847
+#: sssd-ldap.5.xml:861
+msgid "ldap_user_certificate (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "Name of the LDAP attribute containing the X509 certificate of the user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:868
 #, fuzzy
-#| msgid "ldap_user_shell (string)"
+#| msgid "Default: filter"
+msgid "Default: userCertificate;binary"
+msgstr "Predeterminado: filter"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:874
 msgid "ldap_user_email (string)"
-msgstr "ldap_user_shell (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:850
-#, fuzzy
-#| msgid "The LDAP attribute that contains the names of the group's members."
+#: sssd-ldap.5.xml:877
 msgid "Name of the LDAP attribute containing the email address of the user."
-msgstr "El atributo LDAP que contiene los nombres de los miembros del grupo."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-#, fuzzy
-#| msgid "Default: false"
+#: sssd-ldap.5.xml:881
 msgid "Default: mail"
-msgstr "Predeterminado: false"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:860
+#: sssd-ldap.5.xml:887
 msgid "ldap_group_object_class (string)"
 msgstr "ldap_group_object_class (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:890
 msgid "The object class of a group entry in LDAP."
 msgstr "La clase de objeto de una entrada de grupo LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:893
 msgid "Default: posixGroup"
 msgstr "Por defecto: posixGroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:872
+#: sssd-ldap.5.xml:899
 msgid "ldap_group_name (string)"
 msgstr "ldap_group_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:875
+#: sssd-ldap.5.xml:902
 msgid "The LDAP attribute that corresponds to the group name."
 msgstr "El atributo LDAP que corresponde al nombre de grupo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:879
+#: sssd-ldap.5.xml:906
 msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:886
+#: sssd-ldap.5.xml:913
 msgid "ldap_group_gid_number (string)"
 msgstr "ldap_group_gid_number (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:916
 msgid "The LDAP attribute that corresponds to the group's id."
 msgstr "El atributo LDAP que corresponde al id del grupo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:926
 msgid "ldap_group_member (string)"
 msgstr "ldap_group_member (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:902
+#: sssd-ldap.5.xml:929
 msgid "The LDAP attribute that contains the names of the group's members."
 msgstr "El atributo LDAP que contiene los nombres de los miembros del grupo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:933
 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
 msgstr "Valor predeterminado: memberuid (rfc2307) / member (rfc2307bis)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:939
 msgid "ldap_group_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:942
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:953
 msgid "ldap_group_objectsid (string)"
 msgstr "ldap_group_objectsid (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:929
+#: sssd-ldap.5.xml:956
 msgid ""
 "The LDAP attribute that contains the objectSID of an LDAP group object. This "
 "is usually only necessary for ActiveDirectory servers."
@@ -5306,24 +5438,24 @@ msgstr ""
 "normalmente sólo necesario para servidores ActiveDirectory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:968
 msgid "ldap_group_modify_timestamp (string)"
 msgstr "ldap_group_modify_timestamp (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:981
 msgid "ldap_group_type (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:957
+#: sssd-ldap.5.xml:984
 msgid ""
 "The LDAP attribute that contains an integer value indicating the type of the "
 "group and maybe other flags."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:962
+#: sssd-ldap.5.xml:989
 msgid ""
 "This attribute is currently only used by the AD provider to determine if a "
 "group is a domain local groups and has to be filtered out for trusted "
@@ -5331,36 +5463,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:968
+#: sssd-ldap.5.xml:995
 msgid "Default: groupType in the AD provider, otherwise not set"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:975
-#, fuzzy
-#| msgid "ldap_group_member (string)"
+#: sssd-ldap.5.xml:1002
 msgid "ldap_group_external_member (string)"
-msgstr "ldap_group_member (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:978
+#: sssd-ldap.5.xml:1005
 msgid ""
 "The LDAP attribute that references group members that are defined in an "
 "external domain. At the moment, only IPA's external members are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:1011
 msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1018
 msgid "ldap_group_nesting_level (integer)"
 msgstr "ldap_group_nesting_level (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1021
 msgid ""
 "If ldap_schema is set to a schema format that supports nested groups (e.g. "
 "RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -5372,7 +5502,7 @@ msgstr ""
 "esquema RFC2307."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
+#: sssd-ldap.5.xml:1028
 msgid ""
 "Note: This option specifies the guaranteed level of nested groups to be "
 "processed for any lookup. However, nested groups beyond this limit "
@@ -5382,7 +5512,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1037
 msgid ""
 "If ldap_group_nesting_level is set to 0 then no nested groups are processed "
 "at all. However, when connected to Active-Directory Server 2008 and later "
@@ -5392,17 +5522,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1046
 msgid "Default: 2"
 msgstr "Predeterminado: 2"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1025
+#: sssd-ldap.5.xml:1052
 msgid "ldap_groups_use_matching_rule_in_chain"
 msgstr "ldap_groups_use_matching_rule_in_chain"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1028
+#: sssd-ldap.5.xml:1055
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which may speed up group lookup operations on deployments with "
@@ -5413,7 +5543,7 @@ msgstr ""
 "despliegues con grupos complejos o profundamente anidados."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1034
+#: sssd-ldap.5.xml:1061
 msgid ""
 "In most common cases, it is best to leave this option disabled. It generally "
 "only provides a performance increase on very complex nestings."
@@ -5423,7 +5553,7 @@ msgstr ""
 "muy complejos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039 sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1093
 msgid ""
 "If this option is enabled, SSSD will use it if it detects that the server "
 "supports it during initial connection. So \"True\" here essentially means "
@@ -5434,7 +5564,7 @@ msgstr ""
 "esencialmente “auto-detect”."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1072
+#: sssd-ldap.5.xml:1072 sssd-ldap.5.xml:1099
 msgid ""
 "Note: This feature is currently known to work only with Active Directory "
 "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -5447,12 +5577,12 @@ msgstr ""
 "documentation</ulink> para más detalles."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1057
+#: sssd-ldap.5.xml:1084
 msgid "ldap_initgroups_use_matching_rule_in_chain"
 msgstr "ldap_initgroups_use_matching_rule_in_chain"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1087
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which might speed up initgroups operations (most notably when "
@@ -5463,80 +5593,80 @@ msgstr ""
 "notable cuando se trata con grupos complejos o profundamente anidados)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1114
 msgid ""
 "This options enables or disables use of Token-Groups attribute when "
 "performing initgroup for users from Active Directory Server 2008 and later."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1092
+#: sssd-ldap.5.xml:1119
 msgid "Default: True for AD and IPA otherwise False."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1125
 msgid "ldap_netgroup_object_class (string)"
 msgstr "ldap_netgroup_object_class (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1101
+#: sssd-ldap.5.xml:1128
 msgid "The object class of a netgroup entry in LDAP."
 msgstr "La clase de objeto de una entrada netgroup en LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1104
+#: sssd-ldap.5.xml:1131
 msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
 msgstr "En proveedor IPA, ipa_netgroup_object_class, se usaría en su lugar."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1108
+#: sssd-ldap.5.xml:1135
 msgid "Default: nisNetgroup"
 msgstr "Predeterminado: nisNetgroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1114
+#: sssd-ldap.5.xml:1141
 msgid "ldap_netgroup_name (string)"
 msgstr "ldap_netgroup_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1117
+#: sssd-ldap.5.xml:1144
 msgid "The LDAP attribute that corresponds to the netgroup name."
 msgstr "El atributo LDAP que corresponde al nombre del netgroup."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1121
+#: sssd-ldap.5.xml:1148
 msgid "In IPA provider, ipa_netgroup_name should be used instead."
 msgstr "Un proveedor IPA, ipa_netgroup_name sería usado en su lugar."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1131
+#: sssd-ldap.5.xml:1158
 msgid "ldap_netgroup_member (string)"
 msgstr "ldap_netgroup_member (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1134
+#: sssd-ldap.5.xml:1161
 msgid "The LDAP attribute that contains the names of the netgroup's members."
 msgstr ""
 "El atributo LDAP que contiene los nombres de los miembros de grupo de red."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1165
 msgid "In IPA provider, ipa_netgroup_member should be used instead."
 msgstr "Un proveedor IPA, ipa_netgroup_member sería usado en su lugar."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1142
+#: sssd-ldap.5.xml:1169
 msgid "Default: memberNisNetgroup"
 msgstr "Predeterminado: memberNisNetgroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1175
 msgid "ldap_netgroup_triple (string)"
 msgstr "ldap_netgroup_triple (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1178
 msgid ""
 "The LDAP attribute that contains the (host, user, domain) netgroup triples."
 msgstr ""
@@ -5544,42 +5674,42 @@ msgstr ""
 "de red."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1155 sssd-ldap.5.xml:1171
+#: sssd-ldap.5.xml:1182 sssd-ldap.5.xml:1198
 msgid "This option is not available in IPA provider."
 msgstr "Esta opción no está disponible en el proveedor IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1158
+#: sssd-ldap.5.xml:1185
 msgid "Default: nisNetgroupTriple"
 msgstr "Predeterminado: nisNetgroupTriple"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1191
 msgid "ldap_netgroup_modify_timestamp (string)"
 msgstr "ldap_netgroup_modify_timestamp (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1207
 msgid "ldap_service_object_class (string)"
 msgstr "ldap_service_object_class (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1210
 msgid "The object class of a service entry in LDAP."
 msgstr "La clase objeto de una entrada de servicio en LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1186
+#: sssd-ldap.5.xml:1213
 msgid "Default: ipService"
 msgstr "Por defecto: ipService"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1192
+#: sssd-ldap.5.xml:1219
 msgid "ldap_service_name (string)"
 msgstr "ldap_service_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1195
+#: sssd-ldap.5.xml:1222
 msgid ""
 "The LDAP attribute that contains the name of service attributes and their "
 "aliases."
@@ -5587,49 +5717,49 @@ msgstr ""
 "El atributo LDAP que contiene el nombre de servicio de atributos y sus alias."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1205
+#: sssd-ldap.5.xml:1232
 msgid "ldap_service_port (string)"
 msgstr "ldap_service_port (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1235
 msgid "The LDAP attribute that contains the port managed by this service."
 msgstr "El atributo LDAP que contiene el puerto manejado por este servicio."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1239
 msgid "Default: ipServicePort"
 msgstr "Por defecto: ipServicePort"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1245
 msgid "ldap_service_proto (string)"
 msgstr "ldap_service_proto (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1248
 msgid ""
 "The LDAP attribute that contains the protocols understood by this service."
 msgstr ""
 "El atributo LDAP que contiene los protocolos entendidos por este servicio."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1252
 msgid "Default: ipServiceProtocol"
 msgstr "Por defecto: ipServiceProtocol"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1231
+#: sssd-ldap.5.xml:1258
 msgid "ldap_service_search_base (string)"
 msgstr "ldap_service_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1236
+#: sssd-ldap.5.xml:1263
 msgid "ldap_search_timeout (integer)"
 msgstr "ldap_search_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1266
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches are allowed to run "
 "before they are cancelled and cached results are returned (and offline mode "
@@ -5640,7 +5770,7 @@ msgstr ""
 "escondidos devueltos (y se entra en modo fuera de línea)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1245
+#: sssd-ldap.5.xml:1272
 msgid ""
 "Note: this option is subject to change in future versions of the SSSD. It "
 "will likely be replaced at some point by a series of timeouts for specific "
@@ -5651,12 +5781,12 @@ msgstr ""
 "espera para tipos específicos de búsqueda."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1257
+#: sssd-ldap.5.xml:1284
 msgid "ldap_enumeration_search_timeout (integer)"
 msgstr "ldap_enumeration_search_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1260
+#: sssd-ldap.5.xml:1287
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches for user and group "
 "enumerations are allowed to run before they are cancelled and cached results "
@@ -5668,12 +5798,12 @@ msgstr ""
 "fuera de línea)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1273
+#: sssd-ldap.5.xml:1300
 msgid "ldap_network_timeout (integer)"
 msgstr "ldap_network_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1303
 msgid ""
 "Specifies the timeout (in seconds) after which the <citerefentry> "
 "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -5690,12 +5820,12 @@ msgstr ""
 "citerefentry> vuelve en caso de no actividad."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1326
 msgid "ldap_opt_timeout (integer)"
 msgstr "ldap_opt_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1329
 msgid ""
 "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
 "will abort if no response is received. Also controls the timeout when "
@@ -5704,12 +5834,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1344
 msgid "ldap_connection_expire_timeout (integer)"
 msgstr "ldap_connection_expire_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1347
 msgid ""
 "Specifies a timeout (in seconds) that a connection to an LDAP server will be "
 "maintained. After this time, the connection will be re-established. If used "
@@ -5722,17 +5852,17 @@ msgstr ""
 "temprano (este valor contra el tiempo de vida TGT)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1328 sssd-ldap.5.xml:2397
+#: sssd-ldap.5.xml:1355 sssd-ldap.5.xml:2433
 msgid "Default: 900 (15 minutes)"
 msgstr "Predeterminado: 900 (15 minutos)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1361
 msgid "ldap_page_size (integer)"
 msgstr "ldap_page_size (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1364
 msgid ""
 "Specify the number of records to retrieve from LDAP in a single request. "
 "Some LDAP servers enforce a maximum limit per-request."
@@ -5741,17 +5871,17 @@ msgstr ""
 "Algunos servidores LDAP hacen cumplir un límite máximo por petición."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1342
+#: sssd-ldap.5.xml:1369
 msgid "Default: 1000"
 msgstr "Predeterminado: 1000"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1375
 msgid "ldap_disable_paging (boolean)"
 msgstr "ldap_disable_paging (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1378
 msgid ""
 "Disable the LDAP paging control. This option should be used if the LDAP "
 "server reports that it supports the LDAP paging control in its RootDSE but "
@@ -5762,7 +5892,7 @@ msgstr ""
 "RootDSE pero no está habilitado o no se comporta apropiadamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1384
 msgid ""
 "Example: OpenLDAP servers with the paging control module installed on the "
 "server but not enabled will report it in the RootDSE but be unable to use it."
@@ -5772,7 +5902,7 @@ msgstr ""
 "pero es incapaz de usarlo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1363
+#: sssd-ldap.5.xml:1390
 msgid ""
 "Example: 389 DS has a bug where it can only support a one paging control at "
 "a time on a single connection. On busy clients, this can result in some "
@@ -5783,17 +5913,17 @@ msgstr ""
 "puede ocasionar que algunas peticiones sean denegadas."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1375
+#: sssd-ldap.5.xml:1402
 msgid "ldap_disable_range_retrieval (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1378
+#: sssd-ldap.5.xml:1405
 msgid "Disable Active Directory range retrieval."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1381
+#: sssd-ldap.5.xml:1408
 msgid ""
 "Active Directory limits the number of members to be retrieved in a single "
 "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -5803,12 +5933,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1396
+#: sssd-ldap.5.xml:1423
 msgid "ldap_sasl_minssf (integer)"
 msgstr "ldap_sasl_minssf (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1426
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -5819,19 +5949,19 @@ msgstr ""
 "de esta opción son definidos por OpenLDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1432
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 "Por defecto: Usa el sistema por defecto (normalmente especificado por ldap."
 "conf)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1439
 msgid "ldap_deref_threshold (integer)"
 msgstr "ldap_deref_threshold (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1415
+#: sssd-ldap.5.xml:1442
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -5842,7 +5972,7 @@ msgstr ""
 "deference. Si hay menos miembros desaparecidos, se buscarán individualmente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1448
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0."
 msgstr ""
@@ -5850,7 +5980,7 @@ msgstr ""
 "a 0."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1452
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -5863,7 +5993,7 @@ msgstr ""
 "soportados son 389/RHDS, OpenLDAP y Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1433
+#: sssd-ldap.5.xml:1460
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -5874,12 +6004,12 @@ msgstr ""
 "será deshabilitado sin tener en cuenta este ajuste."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1473
 msgid "ldap_tls_reqcert (string)"
 msgstr "ldap_tls_reqcert (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1449
+#: sssd-ldap.5.xml:1476
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
@@ -5889,7 +6019,7 @@ msgstr ""
 "los siguientes valores:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1482
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
@@ -5898,7 +6028,7 @@ msgstr ""
 "certificado de servidor."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1486
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5909,7 +6039,7 @@ msgstr ""
 "certificado malo, será ignorado y la sesión continua normalmente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466
+#: sssd-ldap.5.xml:1493
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5920,7 +6050,7 @@ msgstr ""
 "certificado malo, la sesión se termina inmediatamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1472
+#: sssd-ldap.5.xml:1499
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -5931,22 +6061,22 @@ msgstr ""
 "termina inmediatamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1478
+#: sssd-ldap.5.xml:1505
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1509
 msgid "Default: hard"
 msgstr "Predeterminado: hard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1515
 msgid "ldap_tls_cacert (string)"
 msgstr "ldap_tls_cacert (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1518
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
@@ -5955,7 +6085,7 @@ msgstr ""
 "de Certificación que <command>sssd</command> reconocerá."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1496 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1523 sssd-ldap.5.xml:1541 sssd-ldap.5.xml:1582
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
@@ -5964,12 +6094,12 @@ msgstr ""
 "etc/openldap/ldap.conf</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1530
 msgid "ldap_tls_cacertdir (string)"
 msgstr "ldap_tls_cacertdir (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1533
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -5983,33 +6113,33 @@ msgstr ""
 "para crear los nombres correctos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1548
 msgid "ldap_tls_cert (string)"
 msgstr "ldap_tls_cert (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1524
+#: sssd-ldap.5.xml:1551
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 "Especifica el fichero que contiene el certificado para la clave del cliente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1534
+#: sssd-ldap.5.xml:1561
 msgid "ldap_tls_key (string)"
 msgstr "ldap_tls_key (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1564
 msgid "Specifies the file that contains the client's key."
 msgstr "Especifica el archivo que contiene la clave del cliente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1573
 msgid "ldap_tls_cipher_suite (string)"
 msgstr "ldap_tls_cipher_suite (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1576
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -6017,12 +6147,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1589
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr "ldap_id_use_start_tls (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1565
+#: sssd-ldap.5.xml:1592
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem class="
 "\"protocol\">tls</systemitem> to protect the channel."
@@ -6031,12 +6161,12 @@ msgstr ""
 "<systemitem class=\"protocol\">tls</systemitem> para proteger el canal."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1602
 msgid "ldap_id_mapping (boolean)"
 msgstr "ldap_id_mapping (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1605
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -6047,20 +6177,18 @@ msgstr ""
 "ldap_user_uid_number y ldap_group_gid_number."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1584
+#: sssd-ldap.5.xml:1611
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 "Actualmente está función soporta sólo mapeos de objectSID de ActiveDirectory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1594
-#, fuzzy
-#| msgid "min_id,max_id (integer)"
+#: sssd-ldap.5.xml:1621
 msgid "ldap_min_id, ldap_max_id (integer)"
-msgstr "min_id, max_id (entero)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1624
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -6071,17 +6199,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1636
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1642
 msgid "ldap_sasl_mech (string)"
 msgstr "ldap_sasl_mech (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1645
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
 "supported."
@@ -6090,12 +6218,12 @@ msgstr ""
 "probado y soportado."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1655
 msgid "ldap_sasl_authid (string)"
 msgstr "ldap_sasl_authid (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1658
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI is used, this "
 "represents the Kerberos principal used for authentication to the directory.  "
@@ -6108,17 +6236,17 @@ msgstr ""
 "myhost@EXAMPLE.COM) o sólo en nombre principal (por ejemplo host/myhost)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1666
 msgid "Default: host/hostname@REALM"
 msgstr "Por defecto: host/nombre_de_host@REALM"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1672
 msgid "ldap_sasl_realm (string)"
 msgstr "ldap_sasl_realm (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1648
+#: sssd-ldap.5.xml:1675
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -6129,17 +6257,17 @@ msgstr ""
 "reino también, esta opción se ignora."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1681
 msgid "Default: the value of krb5_realm."
 msgstr "Por defecto: el valor de krb5_realm."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1687
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr "ldap_sasl_canonicalize (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1663
+#: sssd-ldap.5.xml:1690
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
@@ -6148,34 +6276,34 @@ msgstr ""
 "para para canocalizar el nombre de host durante una unión SASL."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1668
+#: sssd-ldap.5.xml:1695
 msgid "Default: false;"
 msgstr "Predeterminado: false;"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1701
 msgid "ldap_krb5_keytab (string)"
 msgstr "ldap_krb5_keytab (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1677
+#: sssd-ldap.5.xml:1704
 msgid "Specify the keytab to use when using SASL/GSSAPI."
 msgstr "Especifica la keytab a usar cuando se utilice SASL/GSSAPI."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1680
+#: sssd-ldap.5.xml:1707
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 "Por defecto: Keytab del sistema, normalmente <filename>/etc/krb5.keytab</"
 "filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1686
+#: sssd-ldap.5.xml:1713
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr "ldap_krb5_init_creds (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1689
+#: sssd-ldap.5.xml:1716
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -6186,27 +6314,27 @@ msgstr ""
 "es GSSAPI."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1728
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr "ldap_krb5_ticket_lifetime (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1704
+#: sssd-ldap.5.xml:1731
 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr "Especifica el tiempo de vida en segundos del TGT si se usa GSSAPI."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1708 sssd-ad.5.xml:914
+#: sssd-ldap.5.xml:1735 sssd-ad.5.xml:914
 msgid "Default: 86400 (24 hours)"
 msgstr "Predeterminado: 86400 (24 horas)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1714 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1741 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr "krb5_server, krb5_backup_server (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1717
+#: sssd-ldap.5.xml:1744
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -6225,7 +6353,7 @@ msgstr ""
 "información, vea la sección <quote>SERVICE DISCOVERY</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1756 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -6236,7 +6364,7 @@ msgstr ""
 "regresa a _tcp si no se encuentra nada."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1761 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -6248,29 +6376,29 @@ msgstr ""
 "configuración para usar <quote>krb5_server</quote> en su lugar."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1743 sssd-ipa.5.xml:418 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1770 sssd-ipa.5.xml:432 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr "krb5_realm (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1746
+#: sssd-ldap.5.xml:1773
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
 msgstr "Especifica el REALM Kerberos (para autorización SASL/GSSAPI)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1749
+#: sssd-ldap.5.xml:1776
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 "Predeterminado: Predeterminados del sistema, vea <filename>/etc/krb5.conf</"
 "filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1755 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1782 sssd-krb5.5.xml:462
 msgid "krb5_canonicalize (boolean)"
 msgstr "krb5_canonicalize (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1785
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -6279,12 +6407,12 @@ msgstr ""
 "servidor LDAP. Esta función está disponible con MIT Kerberos >= 1.7"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1770 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1797 sssd-krb5.5.xml:477
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1773 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1800 sssd-krb5.5.xml:480
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -6294,7 +6422,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1811 sssd-krb5.5.xml:491
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -6302,12 +6430,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1825
 msgid "ldap_pwd_policy (string)"
 msgstr "ldap_pwd_policy (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1828
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
@@ -6316,7 +6444,7 @@ msgstr ""
 "del cliente. Los siguientes valores son permitidos:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1806
+#: sssd-ldap.5.xml:1833
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
@@ -6325,7 +6453,7 @@ msgstr ""
 "no puede deshabilitar las políticas de password en el lado servidor."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1811
+#: sssd-ldap.5.xml:1838
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -6336,7 +6464,7 @@ msgstr ""
 "manvolnum></citerefentry> para evaluar si la contraseña ha expirado."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1817
+#: sssd-ldap.5.xml:1844
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -6348,26 +6476,26 @@ msgstr ""
 "password."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1826
+#: sssd-ldap.5.xml:1853
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1861
 msgid "ldap_referrals (boolean)"
 msgstr "ldap_referrals (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1864
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 "Especifica si el seguimiento de referencias automático debería ser "
 "habilitado."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1868
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
@@ -6376,7 +6504,7 @@ msgstr ""
 "está compilado con OpenLDAP versión 2.4.13 o más alta."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1873
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -6389,29 +6517,29 @@ msgstr ""
 "esta opción a false le llevará a una notable mejora de rendimiento."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1887
 msgid "ldap_dns_service_name (string)"
 msgstr "ldap_dns_service_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1890
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 "Especifica el nombre del servicio para utilizar cuando está habilitado el "
 "servicio de descubrimiento."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1894
 msgid "Default: ldap"
 msgstr "Predeterminado: ldap"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1900
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr "ldap_chpass_dns_service_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1876
+#: sssd-ldap.5.xml:1903
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
@@ -6421,17 +6549,17 @@ msgstr ""
 "descubrimiento."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1881
+#: sssd-ldap.5.xml:1908
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr "Por defecto: no fijado, esto es servicio descubridor deshabilitado."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1887
+#: sssd-ldap.5.xml:1914
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr "ldap_chpass_update_last_change (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1890
+#: sssd-ldap.5.xml:1917
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
@@ -6440,12 +6568,12 @@ msgstr ""
 "desde el Epoch después de una operación de cambio de contraseña."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1902
+#: sssd-ldap.5.xml:1929
 msgid "ldap_access_filter (string)"
 msgstr "ldap_access_filter (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1932
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -6461,12 +6589,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1952
 msgid "Example:"
 msgstr "Ejemplo:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1928
+#: sssd-ldap.5.xml:1955
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -6475,43 +6603,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1959
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1937
-#, fuzzy
-#| msgid ""
-#| "Offline caching for this feature is limited to determining whether the "
-#| "user's last online login was granted access permission. If they were "
-#| "granted access during their last login, they will continue to be granted "
-#| "access while offline and vice-versa."
+#: sssd-ldap.5.xml:1964
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
 "access during their last login, they will continue to be granted access "
 "while offline and vice versa."
 msgstr ""
-"El escondrijo fuera de línea para esta característica está limitado a "
-"determinar si el último login en línea del usuario alcanzó permiso de "
-"acceso. Si les fue concedido acceso durante su último login, continuará "
-"obteniendo acceso mientras esté fuera de línea y viceversa."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1945 sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:1972 sssd-ldap.5.xml:2029
 msgid "Default: Empty"
 msgstr "Predeterminado: vacío"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1951
+#: sssd-ldap.5.xml:1978
 msgid "ldap_account_expire_policy (string)"
 msgstr "ldap_account_expire_policy (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1981
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
@@ -6520,7 +6638,7 @@ msgstr ""
 "control de acceso del lado cliente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1958
+#: sssd-ldap.5.xml:1985
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -6531,12 +6649,12 @@ msgstr ""
 "una código de error definible aunque el password sea correcto."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1965
+#: sssd-ldap.5.xml:1992
 msgid "The following values are allowed:"
 msgstr "Los siguientes valores están permitidos:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1995
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
@@ -6545,7 +6663,7 @@ msgstr ""
 "determinar si la cuenta ha expirado."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1973
+#: sssd-ldap.5.xml:2000
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -6558,7 +6676,7 @@ msgstr ""
 "se comprueba el tiempo de expiración de la cuenta."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:2007
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -6569,7 +6687,7 @@ msgstr ""
 "el acceso o no."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1986
+#: sssd-ldap.5.xml:2013
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -6582,7 +6700,7 @@ msgstr ""
 "permitido. Si ambos atributos están desaparecidos se concede el acceso."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2022
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -6590,24 +6708,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2035
 msgid "ldap_access_order (string)"
 msgstr "ldap_access_order (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2011
+#: sssd-ldap.5.xml:2038
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 "Lista separada por coma de opciones de control de acceso.  Los valores "
 "permitidos son:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2042
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr "<emphasis>filtro</emphasis>: utilizar ldap_access_filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2045
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6617,14 +6735,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2028
+#: sssd-ldap.5.xml:2055
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2062
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6637,12 +6755,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2052
+#: sssd-ldap.5.xml:2079
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr "<emphasis>caducar</emphasis>: utilizar ldap_account_expire_policy"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2056
+#: sssd-ldap.5.xml:2083
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -6652,7 +6770,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2093
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -6662,20 +6780,20 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2101
 msgid ""
 "Note If user password is expired no explicit message is prompted by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2105
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2083
+#: sssd-ldap.5.xml:2110
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
@@ -6684,18 +6802,36 @@ msgstr ""
 "autorizedService para determinar el acceso"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2115
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 "<emphasis>host</emphasis>: usa el atributo host para determinar el acceso"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2092
+#: sssd-ldap.5.xml:2119
+#, fuzzy
+#| msgid ""
+#| "<emphasis>host</emphasis>: use the host attribute to determine access"
+msgid ""
+"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
+"remote host can access"
+msgstr ""
+"<emphasis>host</emphasis>: usa el atributo host para determinar el acceso"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2123
+msgid ""
+"Please note, rhost field in pam is set by application, it is better to check "
+"what the application sends to pam, before enabling this access control option"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2128
 msgid "Default: filter"
 msgstr "Predeterminado: filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2095
+#: sssd-ldap.5.xml:2131
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
@@ -6704,12 +6840,12 @@ msgstr ""
 "una vez."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2102
+#: sssd-ldap.5.xml:2138
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2105
+#: sssd-ldap.5.xml:2141
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -6718,22 +6854,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2113
+#: sssd-ldap.5.xml:2149
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2152
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2122
+#: sssd-ldap.5.xml:2158
 msgid "ldap_deref (string)"
 msgstr "ldap_deref (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2125
+#: sssd-ldap.5.xml:2161
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
@@ -6742,13 +6878,13 @@ msgstr ""
 "lleva a cabo una búsqueda. Están permitidas las siguientes opciones:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2130
+#: sssd-ldap.5.xml:2166
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 "<emphasis>never</emphasis>: Nunca serán eliminadas las referencias al alias."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2134
+#: sssd-ldap.5.xml:2170
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
@@ -6758,7 +6894,7 @@ msgstr ""
 "búsqueda."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2139
+#: sssd-ldap.5.xml:2175
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
@@ -6767,7 +6903,7 @@ msgstr ""
 "cuando se localice el objeto base de la búsqueda."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2144
+#: sssd-ldap.5.xml:2180
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
@@ -6776,7 +6912,7 @@ msgstr ""
 "para la búsqueda como en la localización del objeto base de la búsqueda."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2149
+#: sssd-ldap.5.xml:2185
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
@@ -6785,12 +6921,12 @@ msgstr ""
 "librerías cliente LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2157
+#: sssd-ldap.5.xml:2193
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr "ldap_rfc2307_fallback_to_local_users (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2196
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
@@ -6799,7 +6935,7 @@ msgstr ""
 "servidores que usan el esquema RFC2307."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2200
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -6817,7 +6953,7 @@ msgstr ""
 "llamadas getpw*() o initgroups()."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2175
+#: sssd-ldap.5.xml:2211
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -6828,26 +6964,26 @@ msgstr ""
 "initgroups() aumentará los usuarios locales con los grupos LDAP adicionales."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2223 sssd-ifp.5.xml:136
 #, fuzzy
 #| msgid "ldap_opt_timeout (integer)"
-msgid "wildcart_limit (integer)"
+msgid "wildcard_limit (integer)"
 msgstr "ldap_opt_timeout (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2226
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2194
+#: sssd-ldap.5.xml:2230
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2234
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
@@ -6867,12 +7003,12 @@ msgstr ""
 "completos. <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2244
 msgid "SUDO OPTIONS"
 msgstr "OPCIONES SUDO"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2210
+#: sssd-ldap.5.xml:2246
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -6880,52 +7016,52 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2221
+#: sssd-ldap.5.xml:2257
 msgid "ldap_sudorule_object_class (string)"
 msgstr "ldap_sudorule_object_class (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2260
 msgid "The object class of a sudo rule entry in LDAP."
 msgstr "El objeto clase de una regla de entrada sudo en LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2227
+#: sssd-ldap.5.xml:2263
 msgid "Default: sudoRole"
 msgstr "Por defecto: sudoRole"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2233
+#: sssd-ldap.5.xml:2269
 msgid "ldap_sudorule_name (string)"
 msgstr "ldap_sudorule_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2272
 msgid "The LDAP attribute that corresponds to the sudo rule name."
 msgstr "El atributo LDAP que corresponde a la regla nombre de sudo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2246
+#: sssd-ldap.5.xml:2282
 msgid "ldap_sudorule_command (string)"
 msgstr "ldap_sudorule_command (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2249
+#: sssd-ldap.5.xml:2285
 msgid "The LDAP attribute that corresponds to the command name."
 msgstr "El atributo LDAP que corresponde al nombre de comando."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2253
+#: sssd-ldap.5.xml:2289
 msgid "Default: sudoCommand"
 msgstr "Por defecto: sudoCommand"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2259
+#: sssd-ldap.5.xml:2295
 msgid "ldap_sudorule_host (string)"
 msgstr "ldap_sudorule_host (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2262
+#: sssd-ldap.5.xml:2298
 msgid ""
 "The LDAP attribute that corresponds to the host name (or host IP address, "
 "host IP network, or host netgroup)"
@@ -6934,17 +7070,17 @@ msgstr ""
 "red IP del host o grupo de red del host)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2303
 msgid "Default: sudoHost"
 msgstr "Por defecto: sudoHost"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2273
+#: sssd-ldap.5.xml:2309
 msgid "ldap_sudorule_user (string)"
 msgstr "ldap_sudorule_user (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2276
+#: sssd-ldap.5.xml:2312
 msgid ""
 "The LDAP attribute that corresponds to the user name (or UID, group name or "
 "user's netgroup)"
@@ -6953,32 +7089,32 @@ msgstr ""
 "grupo o grupo de red del usuario)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2316
 msgid "Default: sudoUser"
 msgstr "Por defecto: sudoUser"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2286
+#: sssd-ldap.5.xml:2322
 msgid "ldap_sudorule_option (string)"
 msgstr "ldap_sudorule_option (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2289
+#: sssd-ldap.5.xml:2325
 msgid "The LDAP attribute that corresponds to the sudo options."
 msgstr "El atributo LDAP que corresponde a las opciones sudo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2329
 msgid "Default: sudoOption"
 msgstr "Por defecto: sudoOption"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2335
 msgid "ldap_sudorule_runasuser (string)"
 msgstr "ldap_sudorule_runasuser (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2302
+#: sssd-ldap.5.xml:2338
 msgid ""
 "The LDAP attribute that corresponds to the user name that commands may be "
 "run as."
@@ -6987,17 +7123,17 @@ msgstr ""
 "pueden ejecutar como."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2306
+#: sssd-ldap.5.xml:2342
 msgid "Default: sudoRunAsUser"
 msgstr "Por defectot: sudoRunAsUser"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2312
+#: sssd-ldap.5.xml:2348
 msgid "ldap_sudorule_runasgroup (string)"
 msgstr "ldap_sudorule_runasgroup (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2351
 msgid ""
 "The LDAP attribute that corresponds to the group name or group GID that "
 "commands may be run as."
@@ -7006,17 +7142,17 @@ msgstr ""
 "ejecutar comandos como."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2319
+#: sssd-ldap.5.xml:2355
 msgid "Default: sudoRunAsGroup"
 msgstr "Por defecto: sudoRunAsGroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2361
 msgid "ldap_sudorule_notbefore (string)"
 msgstr "ldap_sudorule_notbefore (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2328
+#: sssd-ldap.5.xml:2364
 msgid ""
 "The LDAP attribute that corresponds to the start date/time for when the sudo "
 "rule is valid."
@@ -7025,17 +7161,17 @@ msgstr ""
 "regla sudo es válida."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2332
+#: sssd-ldap.5.xml:2368
 msgid "Default: sudoNotBefore"
 msgstr "Por defecto: sudoNotBefore"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2338
+#: sssd-ldap.5.xml:2374
 msgid "ldap_sudorule_notafter (string)"
 msgstr "ldap_sudorule_notafter (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2341
+#: sssd-ldap.5.xml:2377
 msgid ""
 "The LDAP attribute that corresponds to the expiration date/time, after which "
 "the sudo rule will no longer be valid."
@@ -7044,32 +7180,32 @@ msgstr ""
 "la regla sudo dejará de ser válida."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2346
+#: sssd-ldap.5.xml:2382
 msgid "Default: sudoNotAfter"
 msgstr "Por defecto: sudoNotAfter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2352
+#: sssd-ldap.5.xml:2388
 msgid "ldap_sudorule_order (string)"
 msgstr "ldap_sudorule_order (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2391
 msgid "The LDAP attribute that corresponds to the ordering index of the rule."
 msgstr "El atributo LDAP que corresponde al índice de ordenación de la regla."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2359
+#: sssd-ldap.5.xml:2395
 msgid "Default: sudoOrder"
 msgstr "Por defecto: sudoOrder"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2365
+#: sssd-ldap.5.xml:2401
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr "ldap_sudo_full_refresh_interval (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2368
+#: sssd-ldap.5.xml:2404
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
@@ -7079,7 +7215,7 @@ msgstr ""
 "servidor)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2373
+#: sssd-ldap.5.xml:2409
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
@@ -7088,17 +7224,17 @@ msgstr ""
 "emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2378
+#: sssd-ldap.5.xml:2414
 msgid "Default: 21600 (6 hours)"
 msgstr "Por defecto: 21600 (6 horas)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2420
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr "ldap_sudo_smart_refresh_interval (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387
+#: sssd-ldap.5.xml:2423
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest USN "
@@ -7109,7 +7245,7 @@ msgstr ""
 "USBN más alto que el USN más alto de las reglas escondidas)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2429
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
@@ -7118,12 +7254,12 @@ msgstr ""
 "atributo modifyTimestamp."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2403
+#: sssd-ldap.5.xml:2439
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr "ldap_sudo_use_host_filter (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2406
+#: sssd-ldap.5.xml:2442
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
@@ -7132,12 +7268,12 @@ msgstr ""
 "máquina (usando las direcciones de host/red y nombres de host IPv4 o IPv6)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2417
+#: sssd-ldap.5.xml:2453
 msgid "ldap_sudo_hostnames (string)"
 msgstr "ldap_sudo_hostnames (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2420
+#: sssd-ldap.5.xml:2456
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
@@ -7146,7 +7282,7 @@ msgstr ""
 "totalmente cualificados que sería usada para filtrar las reglas."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2425
+#: sssd-ldap.5.xml:2461
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
@@ -7155,8 +7291,8 @@ msgstr ""
 "nombre de dominio totalmente cualificado automáticamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2430 sssd-ldap.5.xml:2453 sssd-ldap.5.xml:2471
-#: sssd-ldap.5.xml:2489
+#: sssd-ldap.5.xml:2466 sssd-ldap.5.xml:2489 sssd-ldap.5.xml:2507
+#: sssd-ldap.5.xml:2525
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
@@ -7165,17 +7301,17 @@ msgstr ""
 "emphasis> esta opción no tiene efecto."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2435 sssd-ldap.5.xml:2458
+#: sssd-ldap.5.xml:2471 sssd-ldap.5.xml:2494
 msgid "Default: not specified"
 msgstr "Por defecto: no especificado"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2477
 msgid "ldap_sudo_ip (string)"
 msgstr "ldap_sudo_ip (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2444
+#: sssd-ldap.5.xml:2480
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
@@ -7184,7 +7320,7 @@ msgstr ""
 "usada para filtrar las reglas."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2449
+#: sssd-ldap.5.xml:2485
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
@@ -7193,12 +7329,12 @@ msgstr ""
 "automáticamente."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2464
+#: sssd-ldap.5.xml:2500
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr "sudo_include_netgroups (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2467
+#: sssd-ldap.5.xml:2503
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
@@ -7207,12 +7343,12 @@ msgstr ""
 "atributo sudoHost."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2482
+#: sssd-ldap.5.xml:2518
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr "ldap_sudo_include_regexp (booleano)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2485
+#: sssd-ldap.5.xml:2521
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
@@ -7221,7 +7357,7 @@ msgstr ""
 "atributo sudoHost."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2501
+#: sssd-ldap.5.xml:2537
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -7234,93 +7370,87 @@ msgstr ""
 "manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2547
 msgid "AUTOFS OPTIONS"
 msgstr "OPCIONES AUTOFS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2513
+#: sssd-ldap.5.xml:2549
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2555
 msgid "ldap_autofs_map_master_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2522
+#: sssd-ldap.5.xml:2558
 msgid "The name of the automount master map in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2525
+#: sssd-ldap.5.xml:2561
 msgid "Default: auto.master"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2532
+#: sssd-ldap.5.xml:2568
 msgid "ldap_autofs_map_object_class (string)"
 msgstr "ldap_autofs_map_object_class (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2535
+#: sssd-ldap.5.xml:2571
 msgid "The object class of an automount map entry in LDAP."
 msgstr "El objeto clase de una entrada de mapa de automontaje en LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2538
+#: sssd-ldap.5.xml:2574
 msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2546
+#: sssd-ldap.5.xml:2582
 msgid "ldap_autofs_map_name (string)"
 msgstr "ldap_autofs_map_name (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2549
+#: sssd-ldap.5.xml:2585
 msgid "The name of an automount map entry in LDAP."
 msgstr "El nombre de una entrada de mapa de automontaje en LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2552
+#: sssd-ldap.5.xml:2588
 msgid ""
 "Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2596
 msgid "ldap_autofs_entry_object_class (string)"
 msgstr "ldap_autofs_entry_object_class (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2563
-#, fuzzy
-#| msgid ""
-#| "The key of an automount entry in LDAP. The entry usually corresponds to a "
-#| "mount point."
+#: sssd-ldap.5.xml:2599
 msgid ""
 "The object class of an automount entry in LDAP. The entry usually "
 "corresponds to a mount point."
 msgstr ""
-"La clave de una entrada de automontaje en LDAP. La entrada corresponde "
-"normalmente a un punto de montaje."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2568
+#: sssd-ldap.5.xml:2604
 msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2576
+#: sssd-ldap.5.xml:2612
 msgid "ldap_autofs_entry_key (string)"
 msgstr "ldap_autofs_entry_key (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2579 sssd-ldap.5.xml:2594
+#: sssd-ldap.5.xml:2615 sssd-ldap.5.xml:2630
 msgid ""
 "The key of an automount entry in LDAP. The entry usually corresponds to a "
 "mount point."
@@ -7329,24 +7459,24 @@ msgstr ""
 "normalmente a un punto de montaje."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2583
+#: sssd-ldap.5.xml:2619
 msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2627
 msgid "ldap_autofs_entry_value (string)"
 msgstr "ldap_autofs_entry_value (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2598
+#: sssd-ldap.5.xml:2634
 msgid ""
 "Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
 "automountInformation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2517
+#: sssd-ldap.5.xml:2553
 msgid ""
 "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
 "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -7355,56 +7485,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2609
+#: sssd-ldap.5.xml:2645
 msgid "ADVANCED OPTIONS"
 msgstr "OPCIONES AVANZADAS"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2616
+#: sssd-ldap.5.xml:2652
 msgid "ldap_netgroup_search_base (string)"
 msgstr "ldap_netgroup_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2621
+#: sssd-ldap.5.xml:2657
 msgid "ldap_user_search_base (string)"
 msgstr "ldap_user_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2626
+#: sssd-ldap.5.xml:2662
 msgid "ldap_group_search_base (string)"
 msgstr "ldap_group_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2631
+#: sssd-ldap.5.xml:2667
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2633
+#: sssd-ldap.5.xml:2669
 msgid ""
-"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
+"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
 "memberships, even with no GID mapping. It is recommended to disable this "
 "feature, if group names are not being displayed correctly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2640
+#: sssd-ldap.5.xml:2676
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2642
+#: sssd-ldap.5.xml:2678
 msgid "ldap_sudo_search_base (string)"
 msgstr "ldap_sudo_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2647
+#: sssd-ldap.5.xml:2683
 msgid "ldap_autofs_search_base (string)"
 msgstr "ldap_autofs_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2611
+#: sssd-ldap.5.xml:2647
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -7412,8 +7542,15 @@ msgid ""
 "\"variablelist\" id=\"1\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2698 sssd-simple.5.xml:131 sssd-ipa.5.xml:717
+#: sssd-ad.5.xml:1018 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+msgid "EXAMPLE"
+msgstr "EJEMPLO"
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2664
+#: sssd-ldap.5.xml:2700
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -7424,7 +7561,7 @@ msgstr ""
 "replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2670
+#: sssd-ldap.5.xml:2706
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7437,26 +7574,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2669 sssd-ldap.5.xml:2687 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:681 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 include/ldap_id_mapping.xml:105
+#: sssd-ldap.5.xml:2705 sssd-ldap.5.xml:2723 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2681
+#: sssd-ldap.5.xml:2717
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2683
+#: sssd-ldap.5.xml:2719
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2688
+#: sssd-ldap.5.xml:2724
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7472,13 +7610,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2703 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2739 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1041 sssd.8.xml:195 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "NOTAS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2705
+#: sssd-ldap.5.xml:2741
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -7654,10 +7792,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:166
-#, fuzzy
-#| msgid "<option>forward_pass</option>"
 msgid "<option>allow_missing_name</option>"
-msgstr "<option>forward_pass</option>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:170
@@ -7687,10 +7823,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:190
-#, fuzzy
-#| msgid "<option>retry=N</option>"
 msgid "<option>prompt_always</option>"
-msgstr "<option>retry=N</option>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:194
@@ -7828,17 +7962,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd_krb5_locator_plugin.8.xml:73
-#, fuzzy
-#| msgid ""
-#| "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-#| "debug messages will be sent to stderr."
 msgid ""
 "If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value "
 "the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the "
 "caller."
 msgstr ""
-"Si la variable de entorno SSSD_KRB5_LOCATOR_DEBUR está fijada a cualquier "
-"valor los mensajes de depuración se enviarán a stderr."
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-simple.5.xml:10 sssd-simple.5.xml:16
@@ -8074,9 +8202,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:45
 msgid ""
-"The rules are process by priority while the number '0' (zero)  indicates the "
-"highest priority. The higher the number the lower is the priority. A missing "
-"value indicates the lowest priority."
+"The rules are processed by priority while the number '0' (zero)  indicates "
+"the highest priority. The higher the number the lower is the priority. A "
+"missing value indicates the lowest priority."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
@@ -8160,7 +8288,7 @@ msgstr ""
 #: sss-certmap.5.xml:112
 msgid ""
 "This option can be used to specify which key usage values the certificate "
-"should have. The following value can be used in a comma separate list:"
+"should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
@@ -8513,18 +8641,14 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:66
-#, fuzzy
-#| msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
 "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sss-certmap.5.xml:336
-#, fuzzy
-#| msgid "ID MAPPING"
 msgid "MAPPING RULE"
-msgstr "ASIGNACIÓN DE ID"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:338
@@ -8541,7 +8665,7 @@ msgid ""
 "exception is the proxy provider which is not of relevance here). Because of "
 "this the mapping rule is based on LDAP search filter syntax with templates "
 "to add certificate content to the filter. It is expected that the filter "
-"will only contain the specific data needed for the mapping an that the "
+"will only contain the specific data needed for the mapping and that the "
 "caller will embed it in another filter to do the actual search. Because of "
 "this the filter string should start and stop with '(' and ')' respectively."
 msgstr ""
@@ -8561,8 +8685,8 @@ msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
 "is that the user specific data in LDAP might change for various reasons "
-"would would break the mapping. On the other hand it would be hard to break "
-"the mapping on purpose for a specific user."
+"would break the mapping. On the other hand it would be hard to break the "
+"mapping on purpose for a specific user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -8656,7 +8780,7 @@ msgstr ""
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
-"represent the first part of the principal before the '@' sign."
+"represents the first part of the principal before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -8674,8 +8798,8 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:459
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by pkinit. The 'short_name' component represent the first part of the "
+"This template will add the Kerberos principal which is given by the SAN used "
+"by pkinit. The 'short_name' component represents the first part of the "
 "principal before the '@' sign."
 msgstr ""
 
@@ -8694,9 +8818,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:473
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by AD. The 'short_name' component represent the first part of the "
-"principal before the '@' sign."
+"This template will add the Kerberos principal which is given by the SAN used "
+"by AD. The 'short_name' component represent the first part of the principal "
+"before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -8709,7 +8833,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
-"represent the first part of the address before the '@' sign."
+"represents the first part of the address before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -8729,7 +8853,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
-"component represent the first part of the name before the first '.' sign."
+"component represents the first part of the name before the first '.' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -8845,7 +8969,7 @@ msgstr ""
 #: sss-certmap.5.xml:367
 msgid ""
 "The templates to add certificate data to the search filter are based on "
-"Python-style formatting strings. They consists of a keyword in curly braces "
+"Python-style formatting strings. They consist of a keyword in curly braces "
 "with an optional sub-component specifier separated by a '.' or an optional "
 "conversion/formatting option separated by a '!'.  Allowed values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -8853,10 +8977,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sss-certmap.5.xml:590
-#, fuzzy
-#| msgid "DOMAIN SECTIONS"
 msgid "DOMAIN LIST"
-msgstr "SECCIONES DE DOMINIO"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:592
@@ -8908,14 +9030,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:43
-#, fuzzy
-#| msgid ""
-#| "The IPA provider accepts the same options used by the <citerefentry> "
-#| "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> identity provider and the <citerefentry> "
-#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> authentication provider with some exceptions described "
-#| "below."
 msgid ""
 "The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity "
@@ -8925,11 +9039,6 @@ msgid ""
 "options used by the sssd-ldap and sssd-krb5 providers with some exceptions. "
 "However, it is neither necessary nor recommended to set these options."
 msgstr ""
-"El proveedor IPA acepta las mismas opciones usadas por el proveedor de "
-"identidad <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> y el proveedor de autenticación "
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> con algunas excepciones descritas abajo."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:57
@@ -8941,24 +9050,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:62
-#, fuzzy
-#| msgid ""
-#| "However, it is neither necessary nor recommended to set these options.  "
-#| "IPA provider can also be used as an access and chpass provider. As an "
-#| "access provider it uses HBAC (host-based access control) rules. Please "
-#| "refer to freeipa.org for more information about HBAC. No configuration of "
-#| "access provider is required on the client side."
 msgid ""
 "As an access provider, the IPA provider uses HBAC (host-based access "
 "control)  rules. Please refer to freeipa.org for more information about "
 "HBAC. No configuration of access provider is required on the client side."
 msgstr ""
-"Sin embargo, ni es necesario ni está recomendado fijar estas opciones. El "
-"proveedor IPA también puede ser usado como proveedor de acceso y cambio de "
-"contraseña. Como proveedor de acceso usa reglas HBAC (control de acceso "
-"basado en el host). Por favor vea freeipa.org para más información sobre "
-"HBAC. No se requiere configuración del proveedor de acceso en el lado "
-"cliente."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:67
@@ -9014,21 +9110,26 @@ msgstr "ipa_hostname (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:113
+#, fuzzy
+#| msgid ""
+#| "Optional. May be set on machines where the hostname(5) does not reflect "
+#| "the fully qualified name used in the IPA domain to identify this host."
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
+"fully qualified name used in the IPA domain to identify this host.  The "
+"hostname must be fully qualified."
 msgstr ""
 "Opcional. Puede ser fijado en máquinas donde hostname(5) no refleja el "
 "nombre totalmente cualificado usado en el dominio IPA para identificar este "
 "host."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121 sssd-ad.5.xml:843
+#: sssd-ipa.5.xml:122 sssd-ad.5.xml:843
 msgid "dyndns_update (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:125
 msgid ""
 "Optional. This option tells SSSD to automatically update the DNS server "
 "built into FreeIPA with the IP address of this client. The update is secured "
@@ -9038,7 +9139,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:133 sssd-ad.5.xml:857
+#: sssd-ipa.5.xml:134 sssd-ad.5.xml:857
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -9048,7 +9149,7 @@ msgstr ""
 "fijado apropiadamente en /etc/krb5.conf"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:139
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_update</"
@@ -9056,12 +9157,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:150 sssd-ad.5.xml:868
+#: sssd-ipa.5.xml:151 sssd-ad.5.xml:868
 msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:153 sssd-ad.5.xml:871
+#: sssd-ipa.5.xml:154 sssd-ad.5.xml:871
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -9069,7 +9170,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:159
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
@@ -9077,17 +9178,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:164
+#: sssd-ipa.5.xml:165
 msgid "Default: 1200 (seconds)"
 msgstr "Por defecto: 1200 (segundos)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:170 sssd-ad.5.xml:882
+#: sssd-ipa.5.xml:171 sssd-ad.5.xml:882
 msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173 sssd-ad.5.xml:885
+#: sssd-ipa.5.xml:174 sssd-ad.5.xml:885
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -9096,7 +9197,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180
+#: sssd-ipa.5.xml:181
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -9104,28 +9205,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:186
-#, fuzzy
-#| msgid "Default: Use the IP address of the IPA LDAP connection"
+#: sssd-ipa.5.xml:187
 msgid ""
 "Default: Use the IP addresses of the interface which is used for IPA LDAP "
 "connection"
-msgstr "Predeterminado: Utilizar la dirección IP de la conexión IPA LDAP"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:190 sssd-ad.5.xml:896
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:896
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196 sssd-ad.5.xml:947
-#, fuzzy
-#| msgid "ldap_sasl_authid (string)"
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:947
 msgid "dyndns_auth (string)"
-msgstr "ldap_sasl_authid (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199 sssd-ad.5.xml:950
+#: sssd-ipa.5.xml:200 sssd-ad.5.xml:950
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -9133,24 +9230,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:205 sssd-ad.5.xml:956
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:956
 msgid "Default: GSS-TSIG"
-msgstr "Predeterminado: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:212
 msgid "ipa_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:197
+#: sssd-ipa.5.xml:215 sssd-ad.5.xml:197
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:218
+#: sssd-ipa.5.xml:219
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, then the SSSD will first attempt location "
@@ -9162,12 +9257,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:237 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:238 sssd-ad.5.xml:902
 msgid "dyndns_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:240
+#: sssd-ipa.5.xml:241
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -9175,109 +9270,126 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:920
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:920
 msgid "dyndns_update_ptr (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:923
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:923
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:261
+#: sssd-ipa.5.xml:262
 msgid ""
 "This option should be False in most IPA deployments as the IPA server "
 "generates the PTR records automatically when forward records are changed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:268
 msgid "Default: False (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273 sssd-ad.5.xml:934
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:934
 msgid "dyndns_force_tcp (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276 sssd-ad.5.xml:937
+#: sssd-ipa.5.xml:277 sssd-ad.5.xml:937
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:941
+#: sssd-ipa.5.xml:281 sssd-ad.5.xml:941
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:286 sssd-ad.5.xml:962
-#, fuzzy
-#| msgid "ldap_dns_service_name (string)"
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:962
 msgid "dyndns_server (string)"
-msgstr "ldap_dns_service_name (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:289 sssd-ad.5.xml:965
+#: sssd-ipa.5.xml:290 sssd-ad.5.xml:965
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:294 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:295 sssd-ad.5.xml:970
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:299 sssd-ad.5.xml:975
+#: sssd-ipa.5.xml:300 sssd-ad.5.xml:975
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:304 sssd-ad.5.xml:980
+#: sssd-ipa.5.xml:305 sssd-ad.5.xml:980
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:310
-msgid "ipa_hbac_search_base (string)"
-msgstr "ipa_hbac_search_base (cadena)"
+#: sssd-ipa.5.xml:311
+#, fuzzy
+#| msgid "ipa_host_search_base (string)"
+msgid "ipa_deskprofile_search_base (string)"
+msgstr "ipa_host_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Optional. Use the given string as search base for HBAC related objects."
+#: sssd-ipa.5.xml:314
+#, fuzzy
+#| msgid ""
+#| "Optional. Use the given string as search base for HBAC related objects."
+msgid ""
+"Optional. Use the given string as search base for Desktop Profile related "
+"objects."
 msgstr ""
 "Opcional. Usa la cadena dada como base de búsqueda para los objetos HBAC "
 "relacionados."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:317
+#: sssd-ipa.5.xml:318 sssd-ipa.5.xml:331
 msgid "Default: Use base DN"
 msgstr "Predeterminado: Utilizar DN base"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:324
+msgid "ipa_hbac_search_base (string)"
+msgstr "ipa_hbac_search_base (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:327
+msgid "Optional. Use the given string as search base for HBAC related objects."
+msgstr ""
+"Opcional. Usa la cadena dada como base de búsqueda para los objetos HBAC "
+"relacionados."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:337
 msgid "ipa_host_search_base (string)"
 msgstr "ipa_host_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:326
+#: sssd-ipa.5.xml:340
 msgid "Optional. Use the given string as search base for host objects."
 msgstr "Opcional. Usa la cadena dada como base de búsqueda para objetos host."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:330 sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 sssd-ipa.5.xml:387
-#: sssd-ipa.5.xml:406
+#: sssd-ipa.5.xml:344 sssd-ipa.5.xml:363 sssd-ipa.5.xml:382 sssd-ipa.5.xml:401
+#: sssd-ipa.5.xml:420
 msgid ""
 "See <quote>ldap_search_base</quote> for information about configuring "
 "multiple search bases."
@@ -9286,72 +9398,72 @@ msgstr ""
 "de múltiples bases de búsqueda."
 
 #. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:335 sssd-ipa.5.xml:354 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 include/ldap_search_bases.xml:27
 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 msgstr "Predeterminado: el valor de <emphasis>ldap_search_base</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:356
 msgid "ipa_selinux_search_base (string)"
 msgstr "ipa_selinux_search_base (cadena)Opcional. "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:345
+#: sssd-ipa.5.xml:359
 msgid "Optional. Use the given string as search base for SELinux user maps."
 msgstr ""
 "Opcional. Usa la cadena dada como base de búsqueda para los mapas de usuario "
 "SELinux."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:375
 msgid "ipa_subdomains_search_base (string)"
 msgstr "ipa_subdomains_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364
+#: sssd-ipa.5.xml:378
 msgid "Optional. Use the given string as search base for trusted domains."
 msgstr ""
 "Opcional: Usa la cadena dada como base de búsqueda de dominios de confianza."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:373
+#: sssd-ipa.5.xml:387
 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
 msgstr "Por defecto: el valor de <emphasis>cn=trusts,%basedn</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:380
+#: sssd-ipa.5.xml:394
 msgid "ipa_master_domain_search_base (string)"
 msgstr "ipa_master_domain_search_base (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:383
+#: sssd-ipa.5.xml:397
 msgid "Optional. Use the given string as search base for master domain object."
 msgstr ""
 "Opcional: Usa la cadena dada como base de búsqueda para el objeto maestro de "
 "dominio."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:406
 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
 msgstr "Por defecto: el valor de <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:399
+#: sssd-ipa.5.xml:413
 msgid "ipa_views_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:402
+#: sssd-ipa.5.xml:416
 msgid "Optional. Use the given string as search base for views containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:411
+#: sssd-ipa.5.xml:425
 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:435
 msgid ""
 "The name of the Kerberos realm. This is optional and defaults to the value "
 "of <quote>ipa_domain</quote>."
@@ -9360,7 +9472,7 @@ msgstr ""
 "de <quote>ipa_domain</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:425
+#: sssd-ipa.5.xml:439
 msgid ""
 "The name of the Kerberos realm has a special meaning in IPA - it is "
 "converted into the base DN to use for performing LDAP operations."
@@ -9369,58 +9481,110 @@ msgstr ""
 "convertido hacia la base DN para usarlo para llevar a cabo operaciones LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:433 sssd-ad.5.xml:989
+#: sssd-ipa.5.xml:447 sssd-ad.5.xml:989
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:436 sssd-ad.5.xml:992
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:992
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:440 sssd-ad.5.xml:996
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:996
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:444 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1000
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:465
+#, fuzzy
+#| msgid "ipa_hbac_refresh (integer)"
+msgid "ipa_deskprofile_refresh (integer)"
 msgstr "ipa_hbac_refresh (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:468
+#, fuzzy
+#| msgid ""
+#| "The amount of time between lookups of the HBAC rules against the IPA "
+#| "server. This will reduce the latency and load on the IPA server if there "
+#| "are many access-control requests made in a short period."
 msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server. This will reduce the latency and load on the IPA server if there "
+"are many desktop profiles requests made in a short period."
 msgstr ""
 "La cantidad de tiempo entre vbúsquedas de las reglas HBAC contra el servidor "
 "IPA. Esto reducirá la latencia y la carga sobre el servidor IPA si hay "
 "muchas peticiones de control de acceso hechas en un corto período."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ipa.5.xml:477 sssd-ad.5.xml:408
+#: sssd-ipa.5.xml:475 sssd-ipa.5.xml:505 sssd-ipa.5.xml:521 sssd-ad.5.xml:408
 msgid "Default: 5 (seconds)"
 msgstr "Predeterminado: 5 (segundos)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:481
+#, fuzzy
+#| msgid "ldap_sudo_full_refresh_interval (integer)"
+msgid "ipa_deskprofile_request_interval (integer)"
+msgstr "ldap_sudo_full_refresh_interval (entero)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:484
+#, fuzzy
+#| msgid ""
+#| "The amount of time between lookups of the HBAC rules against the IPA "
+#| "server. This will reduce the latency and load on the IPA server if there "
+#| "are many access-control requests made in a short period."
+msgid ""
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server in case the last request did not return any rule."
+msgstr ""
+"La cantidad de tiempo entre vbúsquedas de las reglas HBAC contra el servidor "
+"IPA. Esto reducirá la latencia y la carga sobre el servidor IPA si hay "
+"muchas peticiones de control de acceso hechas en un corto período."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:489
+#, fuzzy
+#| msgid "Default: 900 (15 minutes)"
+msgid "Default: 60 (minutes)"
+msgstr "Predeterminado: 900 (15 minutos)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:495
+msgid "ipa_hbac_refresh (integer)"
+msgstr "ipa_hbac_refresh (entero)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:498
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+"La cantidad de tiempo entre vbúsquedas de las reglas HBAC contra el servidor "
+"IPA. Esto reducirá la latencia y la carga sobre el servidor IPA si hay "
+"muchas peticiones de control de acceso hechas en un corto período."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:511
 msgid "ipa_hbac_selinux (integer)"
 msgstr "ipa_hbac_selinux (entero)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:470
+#: sssd-ipa.5.xml:514
 msgid ""
 "The amount of time between lookups of the SELinux maps against the IPA "
 "server. This will reduce the latency and load on the IPA server if there are "
@@ -9431,194 +9595,192 @@ msgstr ""
 "hay muchas peticiones de acceso de usuario hechas en un corto período."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:527
 msgid "ipa_server_mode (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:486
+#: sssd-ipa.5.xml:530
 msgid ""
 "This option will be set by the IPA installer (ipa-server-install) "
 "automatically and denotes if SSSD is running on an IPA server or not."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:535
 msgid ""
 "On an IPA server SSSD will lookup users and groups from trusted domains "
 "directly while on a client it will ask an IPA server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:502
+#: sssd-ipa.5.xml:546
 msgid "ipa_automount_location (string)"
 msgstr "ipa_automount_location (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:505
+#: sssd-ipa.5.xml:549
 msgid "The automounter location this IPA client will be using"
 msgstr "La localización del automontador de este cliente IPA que será usada"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508
+#: sssd-ipa.5.xml:552
 msgid "Default: The location named \"default\""
 msgstr "Por defecto: La localización llamada “default”"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:516
+#: sssd-ipa.5.xml:560
 msgid "VIEWS AND OVERRIDES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:525
+#: sssd-ipa.5.xml:569
 msgid "ipa_view_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:572
 msgid "Objectclass of the view container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:575
 msgid "Default: nsContainer"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:537
+#: sssd-ipa.5.xml:581
 msgid "ipa_view_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:540
+#: sssd-ipa.5.xml:584
 msgid "Name of the attribute holding the name of the view."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:550
-#, fuzzy
-#| msgid "ldap_service_object_class (string)"
+#: sssd-ipa.5.xml:594
 msgid "ipa_override_object_class (string)"
-msgstr "ldap_service_object_class (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:597
 msgid "Objectclass of the override objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:556
+#: sssd-ipa.5.xml:600
 msgid "Default: ipaOverrideAnchor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:606
 msgid "ipa_anchor_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:565
+#: sssd-ipa.5.xml:609
 msgid ""
 "Name of the attribute containing the reference to the original object in a "
 "remote domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:613
 msgid "Default: ipaAnchorUUID"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:619
 msgid "ipa_user_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:578
+#: sssd-ipa.5.xml:622
 msgid ""
 "Name of the objectclass for user overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:583
+#: sssd-ipa.5.xml:627
 msgid "User overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:586
+#: sssd-ipa.5.xml:630
 msgid "ldap_user_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:589
+#: sssd-ipa.5.xml:633
 msgid "ldap_user_uid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:592
+#: sssd-ipa.5.xml:636
 msgid "ldap_user_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:595
+#: sssd-ipa.5.xml:639
 msgid "ldap_user_gecos"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:598
+#: sssd-ipa.5.xml:642
 msgid "ldap_user_home_directory"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:601
+#: sssd-ipa.5.xml:645
 msgid "ldap_user_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:604
+#: sssd-ipa.5.xml:648
 msgid "ldap_user_ssh_public_key"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:653
 msgid "Default: ipaUserOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:615
+#: sssd-ipa.5.xml:659
 msgid "ipa_group_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:618
+#: sssd-ipa.5.xml:662
 msgid ""
 "Name of the objectclass for group overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:623
+#: sssd-ipa.5.xml:667
 msgid "Group overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:626
+#: sssd-ipa.5.xml:670
 msgid "ldap_group_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:629
+#: sssd-ipa.5.xml:673
 msgid "ldap_group_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
+#: sssd-ipa.5.xml:678
 msgid "Default: ipaGroupOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:518
+#: sssd-ipa.5.xml:562
 msgid ""
 "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
 "later version. Since all paths and objectclasses are fixed on the server "
@@ -9628,12 +9790,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:646
+#: sssd-ipa.5.xml:690
 msgid "SUBDOMAINS PROVIDER"
 msgstr "PROVEEDOR DE SUBDOMINIOS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:692
 msgid ""
 "The IPA subdomains provider behaves slightly differently if it is configured "
 "explicitly or implicitly."
@@ -9642,7 +9804,7 @@ msgstr ""
 "si está configurado explícitamente o implícitamente."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:652
+#: sssd-ipa.5.xml:696
 msgid ""
 "If the option 'subdomains_provider = ipa' is found in the domain section of "
 "sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -9654,7 +9816,7 @@ msgstr ""
 "de IPA si es necesario."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:658
+#: sssd-ipa.5.xml:702
 msgid ""
 "If the option 'subdomains_provider' is not set in the domain section of sssd."
 "conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -9666,7 +9828,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:675
+#: sssd-ipa.5.xml:719
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -9677,7 +9839,7 @@ msgstr ""
 "Este ejemplo muestra sólo las opciones específicas del proveedor ipa."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:682
+#: sssd-ipa.5.xml:726
 #, no-wrap
 msgid ""
 "[domain/example.com]\n"
@@ -9714,11 +9876,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ad.5.xml:36
-#, fuzzy
-#| msgid ""
-#| "The AD provider is a back end used to connect to an Active Directory "
-#| "server. This provider requires that the machine be joined to the AD "
-#| "domain and a keytab is available."
 msgid ""
 "The AD provider is a back end used to connect to an Active Directory server. "
 "This provider requires that the machine be joined to the AD domain and a "
@@ -9726,9 +9883,6 @@ msgid ""
 "channel, SSL/TLS options should not be used with the AD provider and will be "
 "superceded by Kerberos usage."
 msgstr ""
-"El proveedor AD es el punto final usado para conectar a un servidor Active "
-"Directory. Este proveedor requiere que la máquina se una al dominio AD y "
-"esté disponible una keytab."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ad.5.xml:44
@@ -9751,14 +9905,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ad.5.xml:54
-#, fuzzy
-#| msgid ""
-#| "The AD provider accepts the same options used by the <citerefentry> "
-#| "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> identity provider and the <citerefentry> "
-#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> authentication provider with some exceptions described "
-#| "below."
 msgid ""
 "The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity "
@@ -9769,11 +9915,6 @@ msgid ""
 "exceptions. However, it is neither necessary nor recommended to set these "
 "options."
 msgstr ""
-"El proveedor de AD acepta las mismas opciones usadas por el proveedor de "
-"identidad <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> y el proveedor de autenticación "
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> con algunas excepciones descritas abajo."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ad.5.xml:69
@@ -9854,10 +9995,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:127
-#, fuzzy
-#| msgid "ad_domain (string)"
 msgid "ad_enabled_domains (string)"
-msgstr "ad_domain (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:130
@@ -9877,17 +10016,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:136
-#, fuzzy
-#| msgid ""
-#| "For proper operation, this option should be specified as the lower-case "
-#| "version of the long version of the Active Directory domain."
 msgid ""
 "For proper operation, this option must be specified in all lower-case and as "
 "the fully qualified domain name of the Active Directory domain. For example: "
 "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
-"Para una operativa apropiada, esta opción sería especificada en la versión "
-"minúscula de la versión larga del dominio Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:144
@@ -9903,25 +10036,11 @@ msgstr "ad_server, ad_backup_server (cadena)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:157
-#, fuzzy
-#| msgid ""
-#| "The comma-separated list of IP addresses or hostnames of the IPA servers "
-#| "to which SSSD should connect in the order of preference. For more "
-#| "information on failover and server redundancy, see the <quote>FAILOVER</"
-#| "quote> section.  This is optional if autodiscovery is enabled.  For more "
-#| "information on service discovery, refer to the <quote>SERVICE DISCOVERY</"
-#| "quote> section."
 msgid ""
 "The comma-separated list of hostnames of the AD servers to which SSSD should "
 "connect in order of preference. For more information on failover and server "
 "redundancy, see the <quote>FAILOVER</quote> section."
 msgstr ""
-"La lista separada por comas de direcciones IP o nombres de host de los "
-"servidores IPA a los que SSSD se conectaría en orden de preferencia. Para "
-"más información sobre conmutación en error y redundancia de servidores, vea "
-"la sección <quote>FAILOVER</quote>. Esto es opcional si autodiscovery está "
-"habilitado. Para más información sobre el servicio descubridor, vea la "
-"sección <quote>SERVICE DISCOVERY</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:164
@@ -10616,10 +10735,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:819
-#, fuzzy
-#| msgid "Default: 300"
 msgid "Default: 30 days"
-msgstr "Predeterminado: 300"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:825
@@ -10630,18 +10747,16 @@ msgstr ""
 #: sssd-ad.5.xml:828
 msgid ""
 "This option should only be used to test the machine account renewal task. "
-"The option expect 2 integers seperated by a colon (':'). The first integer "
+"The option expects 2 integers separated by a colon (':'). The first integer "
 "defines the interval in seconds how often the task is run. The second "
-"specifies the inital timeout in seconds before the task is run for the first "
-"time after startup."
+"specifies the initial timeout in seconds before the task is run for the "
+"first time after startup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:837
-#, fuzzy
-#| msgid "Default: 86400 (24 hours)"
 msgid "Default: 86400:750 (24h and 15m)"
-msgstr "Predeterminado: 86400 (24 horas)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:846
@@ -10661,12 +10776,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:892
-#, fuzzy
-#| msgid "Default: Use the IP address of the IPA LDAP connection"
 msgid ""
 "Default: Use the IP addresses of the interface which is used for AD LDAP "
 "connection"
-msgstr "Predeterminado: Utilizar la dirección IP de la conexión IPA LDAP"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:905
@@ -10759,8 +10872,8 @@ msgid ""
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
+#. type: Content of: <reference><refentry><refmeta><refentrytitle>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
 msgid "sssd-sudo"
 msgstr "sssd-sudo"
 
@@ -11167,12 +11280,12 @@ msgid "Run in the foreground, don't become a daemon."
 msgstr "Ejecutar en primer plano, no convertirse en un demonio."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117 sss_debuglevel.8.xml:42
+#: sssd.8.xml:117
 msgid "<option>-c</option>,<option>--config</option>"
 msgstr "<option>-c</option>,<option>--config</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121 sss_debuglevel.8.xml:46
+#: sssd.8.xml:121
 msgid ""
 "Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
 "conf</filename>. For reference on the config file syntax and options, "
@@ -11380,10 +11493,8 @@ msgstr "Predeterminado: <filename>/etc/sssd/sssd.conf</filename>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_override.8.xml:10 sss_override.8.xml:15
-#, fuzzy
-#| msgid "sss_userdel"
 msgid "sss_override"
-msgstr "sss_userdel"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_override.8.xml:16
@@ -11392,19 +11503,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_override.8.xml:21
-#, fuzzy
-#| msgid ""
-#| "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-#| "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-#| "arg>"
 msgid ""
 "<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</"
 "replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
 "arg>"
 msgstr ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:32
@@ -11473,16 +11576,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:94
-#, fuzzy
-#| msgid ""
-#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-#| "replaceable>"
 msgid ""
 "<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
 "optional>"
 msgstr ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMINIO</"
-"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:99
@@ -11578,16 +11675,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:191
-#, fuzzy
-#| msgid ""
-#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-#| "replaceable>"
 msgid ""
 "<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
 "optional>"
 msgstr ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMINIO</"
-"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:196
@@ -11655,24 +11746,18 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sss_override.8.xml:261 sssctl.8.xml:50
-#, fuzzy
-#| msgid "SUDO OPTIONS"
 msgid "COMMON OPTIONS"
-msgstr "OPCIONES SUDO"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:263 sssctl.8.xml:52
-#, fuzzy
-#| msgid "This option is not available in IPA provider."
 msgid "Those options are available with all commands."
-msgstr "Esta opción no está disponible en el proveedor IPA."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:268 sssctl.8.xml:57
-#, fuzzy
-#| msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
 msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
-msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_useradd.8.xml:10 sss_useradd.8.xml:15
@@ -12845,20 +12930,12 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_cache.8.xml:31
-#, fuzzy
-#| msgid ""
-#| "<command>sss_cache</command> invalidates records in SSSD cache.  "
-#| "Invalidated records are forced to be reloaded from server as soon as "
-#| "related SSSD backend is online."
 msgid ""
 "<command>sss_cache</command> invalidates records in SSSD cache.  Invalidated "
 "records are forced to be reloaded from server as soon as related SSSD "
 "backend is online. Options that invalidate a single object only accept a "
 "single provided argument."
 msgstr ""
-"<command>sss_cache</command> invalida resgistros en el escondrijo SSSD. Los "
-"registros invalidados son forzados a recargarse desde el servidor tan pronto "
-"como el punto final SSSD relacionado está en línea."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:43
@@ -12867,10 +12944,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:47
-#, fuzzy
-#| msgid "Invalidate specific service."
 msgid "Invalidate all cached entries."
-msgstr "Invalida servicio específico"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:53
@@ -13034,42 +13109,27 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:186
-#, fuzzy
-#| msgid ""
-#| "<option>-g</option>,<option>--group</option> <replaceable>group</"
-#| "replaceable>"
 msgid ""
 "<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
 "replaceable>"
 msgstr ""
-"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:191
-#, fuzzy
-#| msgid "Invalidate specific service."
 msgid "Invalidate particular sudo rule."
-msgstr "Invalida servicio específico"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:197
-#, fuzzy
-#| msgid "<option>-R</option>,<option>--no-remove</option>"
 msgid "<option>-R</option>,<option>--sudo-rules</option>"
-msgstr "<option>-R</option>,<option>--no-remove</option>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:201
-#, fuzzy
-#| msgid ""
-#| "Invalidate all user records. This option overrides invalidation of "
-#| "specific user if it was also set."
 msgid ""
 "Invalidate all cached sudo rules. This option overrides invalidation of "
 "specific sudo rule if it was also set."
 msgstr ""
-"Invalida todos los registros de usuario. Esta opción anula la invalidación "
-"de usuario específico si también está fijada."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:209
@@ -13092,7 +13152,9 @@ msgstr "sss_debuglevel"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_debuglevel.8.xml:16
-msgid "change debug level while SSSD is running"
+#, fuzzy
+#| msgid "change debug level while SSSD is running"
+msgid "[DEPRECATED] change debug level while SSSD is running"
 msgstr "cambia el nivel de depuración mientras SSSD está corriendo"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
@@ -13109,18 +13171,10 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_debuglevel.8.xml:32
 msgid ""
-"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
-"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
-"running."
+"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl "
+"debug-level command. Please refer to the <command>sssctl</command> man page "
+"for more information on sssctl usage."
 msgstr ""
-"<command>sss_debuglevel</command> cambia el nivel de depuración del monitor "
-"y proveedores SSSD a <replaceable>NEW_DEBUG_LEVEL</replaceable> mientras "
-"SSSD está corriendo."
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_debuglevel.8.xml:59
-msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
-msgstr "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_seed.8.xml:10 sss_seed.8.xml:15
@@ -13546,7 +13600,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><title>
-#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:182 include/seealso.xml:2
+#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:180 include/seealso.xml:2
 msgid "SEE ALSO"
 msgstr "VEA TAMBIEN"
 
@@ -13601,15 +13655,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_ssh_authorizedkeys.1.xml:41
-#, fuzzy
-#| msgid ""
-#| "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-#| "manvolnum></citerefentry> can be configured to use "
-#| "<command>sss_ssh_authorizedkeys</command> for public key user "
-#| "authentication if it is compiled with support for either "
-#| "<quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</quote> "
-#| "<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
-#| "manvolnum></citerefentry> options."
 msgid ""
 "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
 "citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
@@ -13618,13 +13663,6 @@ msgid ""
 "<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
 "manvolnum></citerefentry> man page for more details about this option."
 msgstr ""
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> puede ser configurado para usar "
-"<command>sss_ssh_authorizedkeys</command> para autenticación de la clave "
-"pública del usuario si está compilado para soporte de  "
-"<quote>AuthorizedKeysCommand</quote> o de <quote>PubkeyAgent</quote> "
-"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> options."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sss_ssh_authorizedkeys.1.xml:59
@@ -13689,15 +13727,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_ssh_knownhostsproxy.1.xml:33
-#, fuzzy
-#| msgid ""
-#| "<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys "
-#| "for host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
-#| "known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> "
-#| "section of <citerefentry><refentrytitle>sshd</refentrytitle> "
-#| "<manvolnum>8</manvolnum></citerefentry> for more information)  <filename>/"
-#| "var/lib/sss/pubconf/known_hosts</filename> and estabilishes connection to "
-#| "the host."
 msgid ""
 "<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for "
 "host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
@@ -13706,13 +13735,6 @@ msgid ""
 "manvolnum></citerefentry> for more information)  <filename>/var/lib/sss/"
 "pubconf/known_hosts</filename> and establishes the connection to the host."
 msgstr ""
-"<command>sss_ssh_knownhostsproxy</command> adquiere las claves públicas SSH "
-"del host para el host <replaceable>HOST</replaceable>, las almacena en un "
-"fichero personal OpenSSH conocido por el host (vea la sección "
-"<quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> de "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> para más información) <filename>/var/lib/sss/pubconf/"
-"known_hosts</filename> y establece la conexión al host."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_ssh_knownhostsproxy.1.xml:43
@@ -13775,14 +13797,12 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: idmap_sss.8.xml:10 idmap_sss.8.xml:15
-#, fuzzy
-#| msgid "pam_sss"
 msgid "idmap_sss"
-msgstr "pam_sss"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: idmap_sss.8.xml:16
-msgid "SSSSD's idmap_sss Backend for Winbind"
+msgid "SSSD's idmap_sss Backend for Winbind"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
@@ -13794,10 +13814,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: idmap_sss.8.xml:29
-#, fuzzy
-#| msgid "SUDO OPTIONS"
 msgid "IDMAP OPTIONS"
-msgstr "OPCIONES SUDO"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: idmap_sss.8.xml:33
@@ -13811,13 +13829,6 @@ msgid ""
 "authoritative."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><title>
-#: idmap_sss.8.xml:43
-#, fuzzy
-#| msgid "EXAMPLE"
-msgid "EXAMPLES"
-msgstr "EJEMPLO"
-
 #. type: Content of: <reference><refentry><refsect1><para>
 #: idmap_sss.8.xml:45
 msgid ""
@@ -13849,19 +13860,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sssctl.8.xml:21
-#, fuzzy
-#| msgid ""
-#| "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-#| "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-#| "arg>"
 msgid ""
 "<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</"
 "replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
 "arg>"
 msgstr ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssctl.8.xml:32
@@ -13883,10 +13886,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-files.5.xml:10 sssd-files.5.xml:16
-#, fuzzy
-#| msgid "sssd-simple"
 msgid "sssd-files"
-msgstr "sssd-simple"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-files.5.xml:17
@@ -13895,14 +13896,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:23
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the AD provider for "
-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry>.  For a detailed syntax reference, refer to "
-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> manual page."
 msgid ""
 "This manual page describes the files provider for <citerefentry> "
 "<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -13910,23 +13903,9 @@ msgid ""
 "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
-"Esta página de manual describe la configuración del proveedor AD para "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>. Para una referencia detallada de sintaxis, vea la sección "
-"<quote>FILE FORMAT</quote> de la página de manual <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:36
-#, fuzzy
-#| msgid ""
-#| "Specifies the timeout (in seconds) after which the <citerefentry> "
-#| "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </"
-#| "citerefentry>/<citerefentry> <refentrytitle>select</refentrytitle> "
-#| "<manvolnum>2</manvolnum> </citerefentry> following a <citerefentry> "
-#| "<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-#| "citerefentry> returns in case of no activity."
 msgid ""
 "The files provider mirrors the content of the <citerefentry> "
 "<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -13937,21 +13916,9 @@ msgid ""
 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>."
 msgstr ""
-"Especifica el tiempo de salida (en segudos) después del cual <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> siguiendo un <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> vuelve en caso de no actividad."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:59
-#, fuzzy
-#| msgid ""
-#| "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> manual page for details on the configuration of an SSSD "
-#| "domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
 "The files provider has no specific options of its own, however, generic SSSD "
 "domain options can be set where applicable.  Refer to the section "
@@ -13959,25 +13926,13 @@ msgid ""
 "conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
 "for details on the configuration of an SSSD domain."
 msgstr ""
-"Vea la sección  <quote>DOMAIN SECTIONS</quote> de la página de manual "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> para detalles sobre la configuración de un "
-"dominio SSSD. <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:73
-#, fuzzy
-#| msgid ""
-#| "The following example assumes that SSSD is correctly configured and LDAP "
-#| "is set to one of the domains in the <replaceable>[domains]</replaceable> "
-#| "section."
 msgid ""
 "The following example assumes that SSSD is correctly configured and files is "
 "one of the domains in the <replaceable>[sssd]</replaceable> section."
 msgstr ""
-"El siguiente ejemplo asume que SSSS está configurado correctamente y LDAP "
-"está fijado a uno de los dominios de la sección <replaceable>[domains]</"
-"replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sssd-files.5.xml:79
@@ -13989,10 +13944,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-secrets.5.xml:10 sssd-secrets.5.xml:16
-#, fuzzy
-#| msgid "sssd-simple"
 msgid "sssd-secrets"
-msgstr "sssd-simple"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-secrets.5.xml:17
@@ -14001,14 +13954,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-secrets.5.xml:23
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the AD provider for "
-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry>.  For a detailed syntax reference, refer to "
-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> manual page."
 msgid ""
 "This manual page describes the configuration of the Secrets responder for "
 "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
@@ -14016,12 +13961,6 @@ msgid ""
 "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
-"Esta página de manual describe la configuración del proveedor AD para "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>. Para una referencia detallada de sintaxis, vea la sección "
-"<quote>FILE FORMAT</quote> de la página de manual <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-secrets.5.xml:36
@@ -14055,20 +13994,61 @@ msgid ""
 "nested."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:69
+msgid "secrets"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:70
+msgid "secrets for general usage"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:73
+msgid "kcm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:75
+#, fuzzy
+#| msgid ""
+#| "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
+#| "<manvolnum>8</manvolnum> </citerefentry> to specify the default "
+#| "permissions on a newly created home directory."
+msgid ""
+"used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> service."
+msgstr ""
+"Utilizado por <citerefentry><refentrytitle>sss_useradd</refentrytitle> "
+"<manvolnum>8</manvolnum></citerefentry> para especificar los permisos "
+"predeterminados en un directorio de inicio recién creado."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:61
+msgid ""
+"Since the secrets responder can be used both externally to store general "
+"secrets, as described in the rest of this man page, but also internally by "
+"other SSSD components to store their secret material, some configuration "
+"options, like quotas can be configured per <quote>hive</quote> in a "
+"configuration subsection named after the hive. The currently supported hives "
+"are: <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:63
+#: sssd-secrets.5.xml:89
 msgid "USING THE SECRETS RESPONDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:65
+#: sssd-secrets.5.xml:91
 msgid ""
 "The UNIX socket the SSSD responder listens on is located at <filename>/var/"
 "run/secrets.socket</filename>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:84 sssd-kcm.8.xml:132
+#: sssd-secrets.5.xml:110
 #, no-wrap
 msgid ""
 "systemctl start sssd-secrets.socket\n"
@@ -14078,7 +14058,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:69
+#: sssd-secrets.5.xml:95
 msgid ""
 "The secrets responder is socket-activated by <citerefentry> "
 "<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </"
@@ -14093,12 +14073,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:96
-#, fuzzy
-#| msgid ""
-#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page for more details."
+#: sssd-secrets.5.xml:122
 msgid ""
 "The generic SSSD responder options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the secrets responder.  Please refer "
@@ -14106,24 +14081,28 @@ msgid ""
 "manvolnum> </citerefentry> manual page for a complete list. In addition, "
 "there are some secrets-specific options as well."
 msgstr ""
-"Por favor vea el parámetro <quote>dns_discovery_domain</quote> en la página "
-"de manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> para más detalles."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:132
+msgid ""
+"The secrets responder is configured with a global <quote>[secrets]</quote> "
+"section and an optional per-user <quote>[secrets/users/$uid]</quote> section "
+"in <filename>sssd.conf</filename>. Please note that some options, notably as "
+"the provider type, can only be specified in the per-user subsections."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:107
-#, fuzzy
-#| msgid "id_provider (string)"
+#: sssd-secrets.5.xml:141
 msgid "provider (string)"
-msgstr "id_provider (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:120
+#: sssd-secrets.5.xml:157
 msgid "local"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:123
+#: sssd-secrets.5.xml:160
 msgid ""
 "The secrets are stored in a local database, encrypted at rest with a master "
 "key. The local provider does not have any additional config options at the "
@@ -14131,161 +14110,192 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:131
+#: sssd-secrets.5.xml:168
 msgid "proxy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:134
+#: sssd-secrets.5.xml:171
 msgid ""
 "The secrets responder forwards the requests to a Custodia server. The proxy "
 "provider supports several additional options (see below)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:110
+#: sssd-secrets.5.xml:144
 msgid ""
 "This option specifies where should the secrets be stored. The secrets "
-"responder can configure a per-user subsections that define which provider "
-"store the secrets for this particular user. The per-user subsections should "
-"contain all options for that user's provider. If a per-user section does not "
-"exist, the global settings from the secret responder's section are used.  "
-"The following providers are supported: <placeholder type=\"variablelist\" id="
-"\"0\"/>"
+"responder can configure a per-user subsections (e.g. <quote>[secrets/"
+"users/123]</quote> - see bottom of this manual page for a full example using "
+"Custodia for a particular user) that define which provider store the secrets "
+"for this particular user. The per-user subsections should contain all "
+"options for that user's provider. Please note that currently the global "
+"provider is always local, the proxy provider can only be specified in a per-"
+"user section. The following providers are supported: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:143
-#, fuzzy
-#| msgid "Default: ldap"
+#: sssd-secrets.5.xml:180
 msgid "Default: local"
-msgstr "Predeterminado: ldap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:186
+msgid ""
+"The following options affect only the secrets <quote>hive</quote> and "
+"therefore should be set in a per-hive subsection. Setting the option to 0 "
+"means \"unlimited\"."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:148
-#, fuzzy
-#| msgid "ldap_group_nesting_level (integer)"
+#: sssd-secrets.5.xml:192
 msgid "containers_nest_level (integer)"
-msgstr "ldap_group_nesting_level (entero)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:151
+#: sssd-secrets.5.xml:195
 msgid "This option specifies the maximum allowed number of nested containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:155
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-secrets.5.xml:199
 msgid "Default: 4"
-msgstr "Predeterminado: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:160
-#, fuzzy
-#| msgid "timeout (integer)"
+#: sssd-secrets.5.xml:204
 msgid "max_secrets (integer)"
-msgstr "timeout (entero)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:163
-msgid "This option specifies the maximum number of secrets that can be stored."
+#: sssd-secrets.5.xml:207
+msgid ""
+"This option specifies the maximum number of secrets that can be stored in "
+"the hive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:167
-#, fuzzy
-#| msgid "Default: 10"
-msgid "Default: 1024"
-msgstr "Predeterminado: 10"
+#: sssd-secrets.5.xml:211
+msgid "Default: 1024 (secrets hive), 256 (kcm hive)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:172
+#: sssd-secrets.5.xml:216
 #, fuzzy
-#| msgid "ldap_page_size (integer)"
+#| msgid "pam_id_timeout (integer)"
+msgid "max_uid_secrets (integer)"
+msgstr "pam_id_timeout (entero)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:219
+msgid ""
+"This option specifies the maximum number of secrets that can be stored per-"
+"UID in the hive."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:223
+msgid "Default: 256 (secrets hive), 64 (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:228
 msgid "max_payload_size (integer)"
-msgstr "ldap_page_size (entero)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:175
+#: sssd-secrets.5.xml:231
 msgid ""
 "This option specifies the maximum payload size allowed for a secret payload "
 "in kilobytes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:179
-#, fuzzy
-#| msgid "Default: 1"
-msgid "Default: 16"
-msgstr "Predeterminado: 1"
+#: sssd-secrets.5.xml:235
+msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-secrets.5.xml:244
+#, no-wrap
+msgid ""
+"[secrets/secrets]\n"
+"max_payload_size = 128\n"
+"\n"
+"[secrets/kcm]\n"
+"max_payload_size = 256\n"
+"            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:241
+msgid ""
+"For example, to adjust quotas differently for both the <quote>secrets</"
+"quote> and the <quote>kcm</quote> hives, configure the following: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:185
+#: sssd-secrets.5.xml:252
 msgid ""
 "The following options are only applicable for configurations that use the "
 "<quote>proxy</quote> provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:190
-#, fuzzy
-#| msgid "proxy_lib_name (string)"
+#: sssd-secrets.5.xml:257
 msgid "proxy_url (string)"
-msgstr "proxy_lib_name (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:193
+#: sssd-secrets.5.xml:260
 msgid ""
 "The URL the Custodia server is listening on. At the moment, http and https "
 "protocols are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:200
-#, fuzzy
-#| msgid "ldap[s]://&lt;host&gt;[:port]"
+#: sssd-secrets.5.xml:267
 msgid "http[s]://&lt;host&gt;[:port]"
-msgstr "ldap[s]://&lt;host&gt;[:port]"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:203
+#: sssd-secrets.5.xml:270
 msgid "Example: http://localhost:8080"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:208
-#, fuzzy
-#| msgid "auth_provider (string)"
+#: sssd-secrets.5.xml:275
 msgid "auth_type (string)"
-msgstr "auth_provider (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:211
+#: sssd-secrets.5.xml:278
 msgid ""
 "The method to use when authenticating to a Custodia server. The following "
 "authentication methods are supported:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:216
+#: sssd-secrets.5.xml:283
 msgid "basic_auth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:219
+#: sssd-secrets.5.xml:286
 msgid ""
 "Authenticate with a username and a password as set in the <quote>username</"
 "quote> and <quote>password</quote> options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:226
+#: sssd-secrets.5.xml:293
 msgid "header"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:229
+#: sssd-secrets.5.xml:296
 msgid ""
 "Authenticate with HTTP header value as defined in the "
 "<quote>auth_header_name</quote> and <quote>auth_header_value</quote> "
@@ -14293,14 +14303,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:240
-#, fuzzy
-#| msgid "ldap_user_name (string)"
+#: sssd-secrets.5.xml:307
 msgid "auth_header_name (string)"
-msgstr "ldap_user_name (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:243
+#: sssd-secrets.5.xml:310
 msgid ""
 "If set, the secrets responder would put a header with this name into the "
 "HTTP request with the value defined in the <quote>auth_header_value</quote> "
@@ -14308,95 +14316,81 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:248
+#: sssd-secrets.5.xml:315
 msgid "Example: MYSECRETNAME"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:253
-#, fuzzy
-#| msgid "ldap_autofs_entry_value (string)"
+#: sssd-secrets.5.xml:320
 msgid "auth_header_value (string)"
-msgstr "ldap_autofs_entry_value (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:256
+#: sssd-secrets.5.xml:323
 msgid ""
 "The value sssd-secrets would use for the <quote>auth_header_name</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:260
-#, fuzzy
-#| msgid "Example:"
+#: sssd-secrets.5.xml:327
 msgid "Example: mysecret"
-msgstr "Ejemplo:"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:265
-#, fuzzy
-#| msgid "override_homedir (string)"
+#: sssd-secrets.5.xml:332
 msgid "forward_headers (list of strings)"
-msgstr "override_homedir (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:268
+#: sssd-secrets.5.xml:335
 msgid ""
 "The list of HTTP headers to forward to the Custodia server together with the "
 "request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:277
-#, fuzzy
-#| msgid "try_inotify (boolean)"
+#: sssd-secrets.5.xml:344
 msgid "verify_peer (boolean)"
-msgstr "try_inotify (boolean)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:280
+#: sssd-secrets.5.xml:347
 msgid ""
 "Whether peer's certificate should be verified and valid if HTTPS protocol is "
 "used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:289
-#, fuzzy
-#| msgid "try_inotify (boolean)"
+#: sssd-secrets.5.xml:356
 msgid "verify_host (boolean)"
-msgstr "try_inotify (boolean)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:292
+#: sssd-secrets.5.xml:359
 msgid ""
 "Whether peer's hostname must match with hostname in its certificate if HTTPS "
 "protocol is used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:302
-#, fuzzy
-#| msgid "ldap_sasl_authid (string)"
+#: sssd-secrets.5.xml:369
 msgid "capath (string)"
-msgstr "ldap_sasl_authid (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:305
+#: sssd-secrets.5.xml:372
 msgid ""
 "Path to directory containing stored certificate authority certificates. "
 "System default path is used if this option is not set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:315
-#, fuzzy
-#| msgid "ldap_tls_cacert (string)"
+#: sssd-secrets.5.xml:382
 msgid "cacert (string)"
-msgstr "ldap_tls_cacert (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:318
+#: sssd-secrets.5.xml:385
 msgid ""
 "Path to file containing server's certificate authority certificate. If this "
 "option is not set then the CA's certificate is looked up in <quote>capath</"
@@ -14404,14 +14398,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:328
-#, fuzzy
-#| msgid "ldap_tls_cert (string)"
+#: sssd-secrets.5.xml:395
 msgid "cert (string)"
-msgstr "ldap_tls_cert (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:331
+#: sssd-secrets.5.xml:398
 msgid ""
 "Path to file containing client's certificate if required by the server. This "
 "file may also contain private key or the private key may be in separate file "
@@ -14419,26 +14411,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:342
-#, fuzzy
-#| msgid "skel_dir (string)"
+#: sssd-secrets.5.xml:409
 msgid "key (string)"
-msgstr "skel_dir (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:345
-#, fuzzy
-#| msgid "Specifies the file that contains the client's key."
+#: sssd-secrets.5.xml:412
 msgid "Path to file containing client's private key."
-msgstr "Especifica el archivo que contiene la clave del cliente."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:355
+#: sssd-secrets.5.xml:422
 msgid "USING THE REST API"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:357
+#: sssd-secrets.5.xml:424
 msgid ""
 "This section lists the available commands and includes examples using the "
 "<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> "
@@ -14453,19 +14441,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:374
+#: sssd-secrets.5.xml:441
 msgid "Listing secrets"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:377
+#: sssd-secrets.5.xml:444
 msgid ""
 "To list the available secrets, send a HTTP GET request with a trailing slash "
 "appended to the container path."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:383
+#: sssd-secrets.5.xml:450
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -14475,19 +14463,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:391
+#: sssd-secrets.5.xml:458
 msgid "Retrieving a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:394
+#: sssd-secrets.5.xml:461
 msgid ""
 "To read a value of a single secret, send a HTTP GET request without a "
 "trailing slash. The last portion of the URI is the name of the secret."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:401
+#: sssd-secrets.5.xml:468
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -14497,7 +14485,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:406
+#: sssd-secrets.5.xml:473
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -14507,21 +14495,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:399
-#, fuzzy
-#| msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
+#: sssd-secrets.5.xml:466
 msgid ""
 "Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
 "\"programlisting\" id=\"1\"/>"
-msgstr "ejemplo: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:414
+#: sssd-secrets.5.xml:481
 msgid "Setting a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:417
+#: sssd-secrets.5.xml:484
 msgid ""
 "To set a secret using the <quote>application/json</quote> type, send a HTTP "
 "PUT request with a JSON payload that includes type and value. The type "
@@ -14530,14 +14516,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:425
+#: sssd-secrets.5.xml:492
 msgid ""
 "The <quote>application/json</quote> type just sends the secret as the "
 "message payload."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:434
+#: sssd-secrets.5.xml:501
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -14548,7 +14534,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:440
+#: sssd-secrets.5.xml:507
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -14559,7 +14545,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:429
+#: sssd-secrets.5.xml:496
 msgid ""
 "The following example sets a secret named 'foo' to a value of 'foosecret' "
 "and a secret named 'bar' to a value of 'barsecret' using a different Content "
@@ -14568,12 +14554,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:449
+#: sssd-secrets.5.xml:516
 msgid "Creating a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:452
+#: sssd-secrets.5.xml:519
 msgid ""
 "Containers provide an additional namespace for this user's secrets. To "
 "create a container, send a HTTP POST request, whose URI ends with the "
@@ -14581,7 +14567,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:462
+#: sssd-secrets.5.xml:529
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -14591,16 +14577,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:459
-#, fuzzy
-#| msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
+#: sssd-secrets.5.xml:526
 msgid ""
 "The following example creates a container named 'mycontainer': <placeholder "
 "type=\"programlisting\" id=\"0\"/>"
-msgstr "ejemplo: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:471
+#: sssd-secrets.5.xml:538
 #, no-wrap
 msgid ""
 "http://localhost/secrets/mycontainer/mysecret\n"
@@ -14608,28 +14592,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:468
+#: sssd-secrets.5.xml:535
 msgid ""
 "To manipulate secrets under this container, just nest the secrets underneath "
 "the container path: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:477
-#, fuzzy
-#| msgid "delete a user account"
+#: sssd-secrets.5.xml:544
 msgid "Deleting a secret or a container"
-msgstr "eliminar una cuenta de usuario"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:480
+#: sssd-secrets.5.xml:547
 msgid ""
 "To delete a secret or a container, send a HTTP DELETE request with a path to "
 "the secret or the container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:486
+#: sssd-secrets.5.xml:553
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -14639,21 +14621,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:484
-#, fuzzy
-#| msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
+#: sssd-secrets.5.xml:551
 msgid ""
 "The following example deletes a secret named 'foo'.  <placeholder type="
 "\"programlisting\" id=\"0\"/>"
-msgstr "ejemplo: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:496
+#: sssd-secrets.5.xml:563
 msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:498
+#: sssd-secrets.5.xml:565
 msgid ""
 "For testing the proxy provider, you need to set up a Custodia server to "
 "proxy requests to. Please always consult the Custodia documentation, the "
@@ -14661,7 +14641,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:509
+#: sssd-secrets.5.xml:576
 #, no-wrap
 msgid ""
 "[global]\n"
@@ -14691,7 +14671,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:503
+#: sssd-secrets.5.xml:570
 msgid ""
 "This configuration will set up a Custodia server listening on http://"
 "localhost:8080, allowing anyone with header named MYSECRETNAME set to "
@@ -14701,14 +14681,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:535
+#: sssd-secrets.5.xml:602
 msgid ""
 "Then run the <replaceable>custodia</replaceable> command, pointing it at the "
 "config file as a command line argument."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:539
+#: sssd-secrets.5.xml:606
 msgid ""
 "Please note that currently it's not possible to proxy all requests globally "
 "to a Custodia instance. Instead, per-user subsections for user IDs that "
@@ -14719,7 +14699,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><programlisting>
-#: sssd-secrets.5.xml:547
+#: sssd-secrets.5.xml:614
 #, no-wrap
 msgid ""
 "[secrets]\n"
@@ -14734,11 +14714,92 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
+#: sssd-session-recording.5.xml:16
+msgid "sssd-session-recording"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-session-recording.5.xml:17
+#, fuzzy
+#| msgid "Configuring sudo to cooperate with SSSD"
+msgid "Configuring session recording with SSSD"
+msgstr "Configurando sudo para cooperar con SSSD"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:23
 #, fuzzy
-#| msgid "sssd-krb5"
+#| msgid ""
+#| "This manual page describes the configuration of the simple access-control "
+#| "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
+#| "<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax "
+#| "reference, refer to the <quote>FILE FORMAT</quote> section of the "
+#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> manual page."
+msgid ""
+"This manual page describes how to configure <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to "
+"implement user session recording on text terminals.  For a detailed "
+"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> "
+"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+"Esta página de manual describe la configuración del proveedor de control de "
+"acceso simple para <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>.  Para una referencia detallada de "
+"sintaxis, vea la sección <quote>FILE FORMAT</quote> de la página de manual "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:41
+msgid ""
+"SSSD can be set up to enable recording of everything specific users see or "
+"type during their sessions on text terminals. E.g.  when users log in on the "
+"console, or via SSH. SSSD itself doesn't record anything, but makes sure "
+"tlog-rec-session is started upon user login, so it can record according to "
+"its configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:48
+msgid ""
+"For users with session recording enabled, SSSD replaces the user shell with "
+"tlog-rec-session in NSS responses, and adds a variable specifying the "
+"original shell to the user environment, upon PAM session setup. This way "
+"tlog-rec-session can be started in place of the user shell, and know which "
+"actual shell to start, once it set up the recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:60
+#, fuzzy
+#| msgid "These options can be used to configure the PAC responder."
+msgid "These options can be used to configure the session recording."
+msgstr "Estas opciones pueden ser usadas para configurar el respondedor PAC."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:146
+msgid ""
+"The following snippet of sssd.conf enables session recording for users "
+"\"contractor1\" and \"contractor2\", and group \"students\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-session-recording.5.xml:151
+#, no-wrap
+msgid ""
+"[session_recording]\n"
+"scope = some\n"
+"users = contractor1, contractor2\n"
+"groups = students\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
 msgid "sssd-kcm"
-msgstr "sssd-krb5"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-kcm.8.xml:17
@@ -14796,20 +14857,12 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 #: sssd-kcm.8.xml:61
-#, fuzzy
-#| msgid ""
-#| "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> for more information on configuring Kerberos."
 msgid ""
 "the SSSD implementation stores the ccaches in the SSSD <citerefentry> "
 "<refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</manvolnum> </"
 "citerefentry> secrets store, allowing the ccaches to survive KCM server "
 "restarts or machine reboots."
 msgstr ""
-"<quote>krb5</quote> para autenticación Kerberos. Vea <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> para más información sobre la configuración de Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-kcm.8.xml:69
@@ -14835,12 +14888,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-kcm.8.xml:78
-#, fuzzy
-#| msgid ""
-#| "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> manual page for details on the configuration of an SSSD "
-#| "domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
 "In order to use KCM credential cache, it must be selected as the default "
 "credential type in <citerefentry> <refentrytitle>krb5.conf</"
@@ -14848,10 +14895,6 @@ msgid ""
 "cache name must be only <quote>KCM:</quote> without any template "
 "expansions.  For example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
-"Vea la sección  <quote>DOMAIN SECTIONS</quote> de la página de manual "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> para detalles sobre la configuración de un "
-"dominio SSSD. <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-kcm.8.xml:91
@@ -14870,7 +14913,6 @@ msgstr ""
 msgid ""
 "systemctl start sssd-kcm.socket\n"
 "systemctl enable sssd-kcm.socket\n"
-"systemctl enable sssd-kcm.service\n"
 "            "
 msgstr ""
 
@@ -14887,12 +14929,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-kcm.8.xml:123
+#: sssd-kcm.8.xml:122
 msgid "THE CREDENTIAL CACHE STORAGE"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:131
+#, no-wrap
+msgid ""
+"systemctl start sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.socket\n"
+"            "
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:125
+#: sssd-kcm.8.xml:124
 msgid ""
 "The credential caches are stored in the SSSD secrets service (see "
 "<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
@@ -14903,15 +14954,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:143
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the simple access-control "
-#| "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-#| "<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax "
-#| "reference, refer to the <quote>FILE FORMAT</quote> section of the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page."
+#: sssd-kcm.8.xml:141
 msgid ""
 "The KCM service is configured in the <quote>kcm</quote> section of the sssd."
 "conf file. Please note that currently, is it not sufficient to restart the "
@@ -14922,20 +14965,9 @@ msgid ""
 "<quote>FILE FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd."
 "conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
-"Esta página de manual describe la configuración del proveedor de control de "
-"acceso simple para <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>.  Para una referencia detallada de "
-"sintaxis, vea la sección <quote>FILE FORMAT</quote> de la página de manual "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:157
-#, fuzzy
-#| msgid ""
-#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page for more details."
+#: sssd-kcm.8.xml:155
 msgid ""
 "The generic SSSD service options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the kcm service.  Please refer to "
@@ -14943,45 +14975,428 @@ msgid ""
 "manvolnum> </citerefentry> manual page for a complete list. In addition, "
 "there are some KCM-specific options as well."
 msgstr ""
-"Por favor vea el parámetro <quote>dns_discovery_domain</quote> en la página "
-"de manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> para más detalles."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-kcm.8.xml:168
-#, fuzzy
-#| msgid "skel_dir (string)"
+#: sssd-kcm.8.xml:166
 msgid "socket_path (string)"
-msgstr "skel_dir (cadena)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:171
+#: sssd-kcm.8.xml:169
 msgid "The socket the KCM service will listen on."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:174
+#: sssd-kcm.8.xml:172
 msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:184
-#, fuzzy
-#| msgid ""
-#| "This manual page describes how to configure <citerefentry> "
-#| "<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </"
-#| "citerefentry> to work with <citerefentry> <refentrytitle>sssd</"
-#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> and how SSSD "
-#| "caches sudo rules."
+#: sssd-kcm.8.xml:182
 msgid ""
 "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>,"
 msgstr ""
-"Esta página de manual describe como configurar <citerefentry> "
-"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
-"para trabajar con <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> y como SSSD esconde reglas sudo."
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
+#, fuzzy
+#| msgid "sssd-simple"
+msgid "sssd-systemtap"
+msgstr "sssd-simple"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-systemtap.5.xml:17
+msgid "SSSD systemtap information"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:23
+#, fuzzy
+#| msgid ""
+#| "This manual page only describes attribute name mapping.  For detailed "
+#| "explanation of sudo related attribute semantics, see <citerefentry> "
+#| "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
+#| "citerefentry>"
+msgid ""
+"This manual page provides information about the systemtap functionality in "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+"Esta página de manual sólo describe el atributo de nombre mapping. Para una "
+"explicación detallada de la semántica del atributo relacionada con sudo, vea "
+"<citerefentry> <refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:32
+msgid ""
+"SystemTap Probe points have been added into various locations in SSSD code "
+"to assist in troubleshooting and analyzing performance related issues."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:40
+msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:46
+msgid ""
+"Probes and miscellaneous functions are defined in /usr/share/systemtap/"
+"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp "
+"respectively."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-systemtap.5.xml:57
+msgid "PROBE POINTS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:341
+msgid ""
+"The information below lists the probe points and arguments available in the "
+"following format:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:64
+#, fuzzy
+#| msgid "realm name"
+msgid "probe $name"
+msgstr "nombre de reino"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:67
+msgid "Description of probe point"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:70
+#, no-wrap
+msgid ""
+"variable1:datatype\n"
+"variable2:datatype\n"
+"variable3:datatype\n"
+"...\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:80
+msgid "Database Transaction Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:84
+msgid "probe sssd_transaction_start"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:87
+msgid ""
+"Start of a sysdb transaction, probes the sysdb_transaction_start() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118
+#: sssd-systemtap.5.xml:131
+#, no-wrap
+msgid ""
+"nesting:integer\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:97
+msgid "probe sssd_transaction_cancel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:100
+msgid ""
+"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel()  "
+"function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:111
+msgid "probe sssd_transaction_commit_before"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:114
+msgid "Probes the sysdb_transaction_commit_before()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:124
+msgid "probe sssd_transaction_commit_after"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:127
+msgid "Probes the sysdb_transaction_commit_after()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:141
+msgid "LDAP Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:145
+msgid "probe sdap_search_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:148
+msgid "Probes the sdap_get_generic_ext_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:152 sssd-systemtap.5.xml:167 sssd-systemtap.5.xml:196
+#, no-wrap
+msgid ""
+"base:string\n"
+"scope:integer\n"
+"filter:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:160
+msgid "probe sdap_search_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:163
+msgid "Probes the sdap_get_generic_ext_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:175
+msgid "probe sdap_deref_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:178
+msgid "Probes the sdap_deref_search_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:182
+#, no-wrap
+msgid ""
+"base_dn:string\n"
+"deref_attr:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:189
+msgid "probe sdap_deref_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:192
+msgid "Probes the sdap_deref_search_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:208
+msgid "LDAP Account Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:212
+msgid "probe sdap_acct_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:215
+msgid "Probes the sdap_acct_req_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:219 sssd-systemtap.5.xml:234
+#, no-wrap
+msgid ""
+"entry_type:int\n"
+"filter_type:int\n"
+"filter_value:string\n"
+"extra_value:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:227
+msgid "probe sdap_acct_req_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:230
+msgid "Probes the sdap_acct_req_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:246
+msgid "LDAP User Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:250
+msgid "probe sdap_search_user_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:253
+msgid "Probes the sdap_search_user_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
+#: sssd-systemtap.5.xml:293
+#, fuzzy, no-wrap
+#| msgid ""
+#| "fallback_homedir = /home/%u\n"
+#| "                            "
+msgid ""
+"filter:string\n"
+"                       "
+msgstr ""
+"fallback_homedir = /home/%u\n"
+"                            "
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:262
+msgid "probe sdap_search_user_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:265
+msgid "Probes the sdap_search_user_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:274
+msgid "probe sdap_search_user_save_begin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:277
+msgid "Probes the sdap_search_user_save_begin()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:286
+msgid "probe sdap_search_user_save_end"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:289
+msgid "Probes the sdap_search_user_save_end()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:302
+msgid "Data Provider Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:306
+msgid "probe dp_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:309
+msgid "A Data Provider request is submitted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:312
+#, no-wrap
+msgid ""
+"dp_req_domain:string\n"
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:320
+msgid "probe dp_req_done"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:323
+msgid "A Data Provider request is completed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:326
+#, no-wrap
+msgid ""
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"dp_ret:int\n"
+"dp_errorstr:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:339
+msgid "MISCELLANEOUS FUNCTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:346
+msgid "function acct_req_desc(entry_type)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:349
+msgid "Convert entry_type to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:354
+msgid ""
+"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
+"filter_value, extra_value)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:358
+msgid "Create probe string based on filter type"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:363
+msgid "function dp_target_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:366
+msgid "Convert target to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:371
+msgid "function dp_method_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:374
+msgid "Convert method to string and return string"
+msgstr ""
 
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
@@ -15070,16 +15485,10 @@ msgstr ""
 
 #. type: Content of: <refentryinfo>
 #: include/upstream.xml:2
-#, fuzzy
-#| msgid ""
-#| "<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-#| "fedorahosted.org/sssd</orgname>"
 msgid ""
 "<productname>SSSD</productname> <orgname>The SSSD upstream - https://pagure."
 "io/SSSD/sssd/</orgname>"
 msgstr ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
 
 #. type: Content of: outside any tag (error?)
 #: include/upstream.xml:1
@@ -15188,6 +15597,83 @@ msgstr ""
 "Si no hay más máquinas para intentarlo, el punto final al completo conmutará "
 "al modo fuera de línea y después intentará reconectar cada 30 segundo."
 
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:53
+msgid "Failover time outs and tuning"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:55
+msgid ""
+"Resolving a server to connect to can be as simple as running a single DNS "
+"query or can involve several steps, such as finding the correct site or "
+"trying out multiple host names in case some of the configured servers are "
+"not reachable. The more complex scenarios can take some time and SSSD needs "
+"to balance between providing enough time to finish the resolution process "
+"but on the other hand, not trying for too long before falling back to "
+"offline mode. If the SSSD debug logs show that the server resolution is "
+"timing out before a live server is contacted, you can consider changing the "
+"time outs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:76
+#, fuzzy
+#| msgid "dns_resolver_timeout (integer)"
+msgid "dns_resolver_op_timeout"
+msgstr "dns_resolver_timeout (entero)"
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:80
+msgid "How long would SSSD talk to a single DNS server."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:86
+#, fuzzy
+#| msgid "dns_resolver_timeout (integer)"
+msgid "dns_resolver_timeout"
+msgstr "dns_resolver_timeout (entero)"
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:90
+msgid ""
+"How long would SSSD try to resolve a failover service. This service "
+"resolution internally might include several steps, such as resolving DNS SRV "
+"queries or locating the site."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:67
+#, fuzzy
+#| msgid ""
+#| "All of the common configuration options that apply to SSSD domains also "
+#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
+#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details.  "
+#| "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgid ""
+"This section lists the available tunables. Please refer to their description "
+"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, manual page.  <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+"Todas las opciones de configuración comunes que se aplican a los dominios "
+"SSSD también se aplican a los dominios LDAP. Vea la sección <quote>DOMAIN "
+"SECTIONS</quote> de la página de manual <citerefentry> <refentrytitle>sssd."
+"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> para detalles "
+"completos. <placeholder type=\"variablelist\" id=\"0\"/>"
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:100
+msgid ""
+"For LDAP-based providers, the resolve operation is performed as part of an "
+"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"quote> timeout should be set to a larger value than "
+"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
+"value than <quote>dns_resolver_op_timeout</quote>."
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/ldap_id_mapping.xml:2
 msgid "ID MAPPING"
@@ -15355,20 +15841,11 @@ msgstr "ldap_id_mapping = True ldap_schema = ad \n"
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/ldap_id_mapping.xml:111
-#, fuzzy
-#| msgid ""
-#| "The default configuration results in configuring 10,000 slices, each "
-#| "capable of holding up to 200,000 IDs, starting from 10,001 and going up "
-#| "to 2,000,100,000. This should be sufficient for most deployments."
 msgid ""
 "The default configuration results in configuring 10,000 slices, each capable "
 "of holding up to 200,000 IDs, starting from 200,000 and going up to "
 "2,000,200,000. This should be sufficient for most deployments."
 msgstr ""
-"La configuración por defecto resulta en la configuración de 10.000 "
-"rebanadas, cada una capaz de sostener 200.000 IDs empezando por 10.001 y "
-"yendo hasta 2.000.100.000. Esto debería ser suficiente para la mayoría de "
-"los despliegues."
 
 #. type: Content of: <refsect1><refsect2><refsect3><title>
 #: include/ldap_id_mapping.xml:117
@@ -15554,10 +16031,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
 #: include/ldap_id_mapping.xml:249
-#, fuzzy
-#| msgid "ldap_idmap_range_size (integer)"
 msgid "ldap_idmap_helper_table_size (integer)"
-msgstr "ldap_idmap_range_size (entero)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
 #: include/ldap_id_mapping.xml:252
@@ -15805,16 +16280,10 @@ msgstr ""
 
 #. type: Content of: outside any tag (error?)
 #: include/experimental.xml:1
-#, fuzzy
-#| msgid ""
-#| "<emphasis> This is an experimental feature, please use http://"
-#| "fedorahosted.org/sssd to report any issues.  </emphasis>"
 msgid ""
 "<emphasis> This is an experimental feature, please use https://pagure.io/"
 "SSSD/sssd/ to report any issues.  </emphasis>"
 msgstr ""
-"<emphasis> Este es una función experimental, por favor utilice http://"
-"fedorahosted.org/sssd para reportar cualquier cuestión. </emphasis>"
 
 #. type: Content of: <refsect1><title>
 #: include/local.xml:2
@@ -15867,34 +16336,37 @@ msgid ""
 "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> "
 "<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+"citerefentry>, </phrase> <citerefentry> <refentrytitle>sssd-session-"
+"recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, "
+"<citerefentry> <refentrytitle>sss_cache</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
-"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
+"\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
 "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>.  <citerefentry> "
 "<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
+"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
+"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> </phrase>"
 msgstr ""
 
 #. type: Content of: <listitem><para>
@@ -16085,17 +16557,13 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13
-#, fuzzy
-#| msgid "krb5_validate (boolean)"
 msgid "krb5_validate = true"
-msgstr "krb5_validate (boolean)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:18
-#, fuzzy
-#| msgid "krb5_fast_principal (string)"
 msgid "krb5_use_enterprise_principal = true"
-msgstr "krb5_fast_principal (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/ad_modified_defaults.xml:24
@@ -16104,45 +16572,33 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:28
-#, fuzzy
-#| msgid "ldap_schema (string)"
 msgid "ldap_schema = ad"
-msgstr "ldap_schema (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38
-#, fuzzy
-#| msgid "ldap_force_upper_case_realm (boolean)"
 msgid "ldap_force_upper_case_realm = true"
-msgstr "ldap_force_upper_case_realm (boolean)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:38
-#, fuzzy
-#| msgid "ldap_id_mapping (boolean)"
 msgid "ldap_id_mapping = true"
-msgstr "ldap_id_mapping (booleano)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:43
-#, fuzzy
-#| msgid "ldap_sasl_mech (string)"
 msgid "ldap_sasl_mech = gssapi"
-msgstr "ldap_sasl_mech (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:48
-#, fuzzy
-#| msgid "ldap_referrals (boolean)"
 msgid "ldap_referrals = false"
-msgstr "ldap_referrals (boolean)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:53
-#, fuzzy
-#| msgid "ldap_account_expire_policy (string)"
 msgid "ldap_account_expire_policy = ad"
-msgstr "ldap_account_expire_policy (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58
@@ -16159,17 +16615,13 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:18
-#, fuzzy
-#| msgid "krb5_use_fast (string)"
 msgid "krb5_use_fast = try"
-msgstr "krb5_use_fast (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:23
-#, fuzzy
-#| msgid "krb5_canonicalize (boolean)"
 msgid "krb5_canonicalize = true"
-msgstr "krb5_canonicalize (boolean)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/ipa_modified_defaults.xml:29
@@ -16178,31 +16630,23 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:33
-#, fuzzy
-#| msgid "ldap_schema (string)"
 msgid "ldap_schema = ipa_v1"
-msgstr "ldap_schema (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:43
-#, fuzzy
-#| msgid "ldap_sasl_mech (string)"
 msgid "ldap_sasl_mech = GSSAPI"
-msgstr "ldap_sasl_mech (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:48
-#, fuzzy
-#| msgid "ldap_sasl_minssf (integer)"
 msgid "ldap_sasl_minssf = 56"
-msgstr "ldap_sasl_minssf (entero)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:53
-#, fuzzy
-#| msgid "ldap_account_expire_policy (string)"
 msgid "ldap_account_expire_policy = ipa"
-msgstr "ldap_account_expire_policy (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/ipa_modified_defaults.xml:64
@@ -16211,10 +16655,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:68
-#, fuzzy
-#| msgid "ldap_user_member_of (string)"
 msgid "ldap_user_member_of = memberOf"
-msgstr "ldap_user_member_of (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:73
@@ -16223,142 +16665,57 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:78
-#, fuzzy
-#| msgid "ldap_user_ssh_public_key (string)"
 msgid "ldap_user_ssh_public_key = ipaSshPubKey"
-msgstr "ldap_user_ssh_public_key (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:83
 msgid "ldap_user_auth_type = ipaUserAuthType"
 msgstr ""
 
-#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:88
-msgid "ldap_user_certificate = userCertificate;binary"
-msgstr ""
-
 #. type: Content of: <refsect1><refsect2><title>
-#: include/ipa_modified_defaults.xml:94
+#: include/ipa_modified_defaults.xml:89
 msgid "LDAP Provider - Group options"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:98
-#, fuzzy
-#| msgid "ldap_group_object_class (string)"
+#: include/ipa_modified_defaults.xml:93
 msgid "ldap_group_object_class = ipaUserGroup"
-msgstr "ldap_group_object_class (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:103
-#, fuzzy
-#| msgid "ldap_group_object_class (string)"
+#: include/ipa_modified_defaults.xml:98
 msgid "ldap_group_object_class_alt = posixGroup"
-msgstr "ldap_group_object_class (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:108
-#, fuzzy
-#| msgid "ldap_group_member (string)"
+#: include/ipa_modified_defaults.xml:103
 msgid "ldap_group_member = member"
-msgstr "ldap_group_member (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:113
+#: include/ipa_modified_defaults.xml:108
 msgid "ldap_group_uuid = ipaUniqueID"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:118
-#, fuzzy
-#| msgid "ldap_group_objectsid (string)"
+#: include/ipa_modified_defaults.xml:113
 msgid "ldap_group_objectsid = ipaNTSecurityIdentifier"
-msgstr "ldap_group_objectsid (cadena)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:123
+#: include/ipa_modified_defaults.xml:118
 msgid "ldap_group_external_member = ipaExternalMember"
 msgstr ""
 
 #~ msgid ""
-#~ "Comma separated list of services that are started when sssd itself starts."
+#~ "<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
+#~ "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
+#~ "running."
 #~ msgstr ""
-#~ "Una lista separadas por comas de los servicios que son iniciados cuando "
-#~ "se enciende sssd."
+#~ "<command>sss_debuglevel</command> cambia el nivel de depuración del "
+#~ "monitor y proveedores SSSD a <replaceable>NEW_DEBUG_LEVEL</replaceable> "
+#~ "mientras SSSD está corriendo."
 
-#~ msgid "force_timeout (integer)"
-#~ msgstr "force_timeout (entero)"
-
-#~ msgid ""
-#~ "If a service is not responding to ping checks (see the <quote>timeout</"
-#~ "quote> option), it is first sent the SIGTERM signal that instructs it to "
-#~ "quit gracefully.  If the service does not terminate after "
-#~ "<quote>force_timeout</quote> seconds, the monitor will forcibly shut it "
-#~ "down by sending a SIGKILL signal."
-#~ msgstr ""
-#~ "Si un servicio no está respondiendo a las comprobaciones ping (vea la "
-#~ "opción <quote>timeout</quote>), primero enviará la señal SIGTERM que le "
-#~ "instruye a salir amigablemente. Si el servicio no termina después de "
-#~ "<quote>force_timeout</quote> segundos, el monitor le forzara a caer "
-#~ "enviando una señal SIGKILL."
-
-#~ msgid "Default: uid"
-#~ msgstr "Predeterminado: uid"
-
-#~ msgid ""
-#~ "Please note that the default values correspond to the default schema "
-#~ "which is RFC2307."
-#~ msgstr ""
-#~ "Por favor advierta que los valores por defecto corresponden al esquema "
-#~ "por defecto del RFC2307."
-
-#~ msgid "Default: automountMap"
-#~ msgstr "Por defecto: automountMap"
-
-#~ msgid "Default: ou"
-#~ msgstr "Por defecto: ou"
-
-#~ msgid "Default: automountInformation"
-#~ msgstr "Por defecto: automountInformation"
-
-#~ msgid ""
-#~ "Verify with the help of krb5_keytab that the TGT obtained has not been "
-#~ "spoofed."
-#~ msgstr ""
-#~ "Verifica con la ayuda de krb5_keytab que el TGT obtenido no ha sido "
-#~ "burlado."
-
-#~ msgid ""
-#~ "Note that this default differs from the traditional Kerberos provider "
-#~ "back end."
-#~ msgstr ""
-#~ "Advierta que este valor por defecto difiere del proveedor back end "
-#~ "tradicional de Kerberos."
-
-#~ msgid ""
-#~ "Specifies if the host and user principal should be canonicalized when "
-#~ "connecting to IPA LDAP and also for AS requests. This feature is "
-#~ "available with MIT Kerberos >= 1.7"
-#~ msgstr ""
-#~ "Especifica si el host y el usuario principal deberían ser estandarizados "
-#~ "cuando se conecten a IPA LDAP y también para peticiones AS. Esta función "
-#~ "está disponible con MIT Kerberos >= 1.7"
-
-#~ msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-#~ msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-
-#~ msgid ""
-#~ "If <quote>PubkeyAgent</quote> is supported, "
-#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-#~ "manvolnum></citerefentry> can be configured to use it by using the "
-#~ "following directive for <citerefentry> <refentrytitle>sshd</"
-#~ "refentrytitle> <manvolnum>8</manvolnum></citerefentry> configuration: "
-#~ "<placeholder type=\"programlisting\" id=\"0\"/>"
-#~ msgstr ""
-#~ "Si se soporta <quote>PubkeyAgent</quote>, "
-#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-#~ "manvolnum></citerefentry> puede ser configurado para usarlo utilizando la "
-#~ "siguiente directiva para <citerefentry> <refentrytitle>sshd</"
-#~ "refentrytitle> <manvolnum>8</manvolnum></citerefentry> configuration: "
-#~ "<placeholder type=\"programlisting\" id=\"0\"/>"
+#~ msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+#~ msgstr "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
diff --git a/src/man/po/eu.po b/src/man/po/eu.po
index d4644b480..761291804 100644
--- a/src/man/po/eu.po
+++ b/src/man/po/eu.po
@@ -5,9 +5,9 @@
 # Translators:
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.12.90\n"
+"Project-Id-Version: sssd-docs 1.15.3\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2017-07-25 11:51+0200\n"
+"POT-Creation-Date: 2017-10-20 16:15+0200\n"
 "PO-Revision-Date: 2014-12-14 11:55-0500\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/"
@@ -29,7 +29,8 @@ msgstr ""
 #: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
 #: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
 #: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5
-#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-kcm.8.xml:5
+#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-session-recording.5.xml:5
+#: sssd-kcm.8.xml:5 sssd-systemtap.5.xml:5
 msgid "SSSD Manual pages"
 msgstr ""
 
@@ -71,7 +72,8 @@ msgstr ""
 #: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31
 #: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
 #: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30
-#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-kcm.8.xml:21
+#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-session-recording.5.xml:21
+#: sssd-kcm.8.xml:21 sssd-systemtap.5.xml:21
 msgid "DESCRIPTION"
 msgstr ""
 
@@ -86,8 +88,8 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr ""
 
@@ -129,7 +131,8 @@ msgstr ""
 #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
 #: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11
 #: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
-#: sssd-files.5.xml:11 sssd-secrets.5.xml:11
+#: sssd-files.5.xml:11 sssd-secrets.5.xml:11 sssd-session-recording.5.xml:11
+#: sssd-systemtap.5.xml:11
 msgid "5"
 msgstr ""
 
@@ -137,7 +140,8 @@ msgstr ""
 #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
 #: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12
 #: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
-#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-kcm.8.xml:12
+#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-session-recording.5.xml:12
+#: sssd-kcm.8.xml:12 sssd-systemtap.5.xml:12
 msgid "File Formats and Conventions"
 msgstr ""
 
@@ -288,11 +292,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:813
-#: sssd.conf.5.xml:1422 sssd-ldap.5.xml:1695 sssd-ldap.5.xml:1792
-#: sssd-ldap.5.xml:1854 sssd-ldap.5.xml:2411 sssd-ldap.5.xml:2476
-#: sssd-ldap.5.xml:2494 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:284 sssd-secrets.5.xml:297
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
+#: sssd.conf.5.xml:1467 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1881 sssd-ldap.5.xml:2447 sssd-ldap.5.xml:2512
+#: sssd-ldap.5.xml:2530 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
+#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr ""
 
@@ -309,17 +313,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:697
-#: sssd.conf.5.xml:1376 sssd.conf.5.xml:2691 sssd-ldap.5.xml:708
-#: sssd-ldap.5.xml:1569 sssd-ldap.5.xml:1588 sssd-ldap.5.xml:1764
-#: sssd-ldap.5.xml:2181 sssd-ipa.5.xml:144 sssd-ipa.5.xml:231
-#: sssd-ipa.5.xml:496 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
+#: sssd.conf.5.xml:1400 sssd.conf.5.xml:2865 sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:1596 sssd-ldap.5.xml:1615 sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:2217 sssd-ipa.5.xml:145 sssd-ipa.5.xml:232
+#: sssd-ipa.5.xml:540 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
 #: sssd-krb5.5.xml:471
 msgid "Default: false"
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2219
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2255
+#: sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:210
+#: sssd-systemtap.5.xml:248 sssd-systemtap.5.xml:304
 msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
@@ -342,8 +348,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1328 sssd.conf.5.xml:2707
-#: sssd-ldap.5.xml:1440 include/ldap_id_mapping.xml:264
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1352 sssd.conf.5.xml:2881
+#: sssd-ldap.5.xml:1467 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr ""
 
@@ -358,7 +364,7 @@ msgid "The [sssd] section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:2796
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:2970
 msgid "Section parameters"
 msgstr ""
 
@@ -406,19 +412,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:589
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
 msgid "reconnection_retries (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:592
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:597
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
 msgid "Default: 3"
 msgstr ""
 
@@ -438,7 +444,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2508
 msgid "re_expression (string)"
 msgstr ""
 
@@ -458,12 +464,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2391
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2559
 msgid "full_name_format (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2394
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2562
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -471,39 +477,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2405
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2573
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2574
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2577
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2412
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2580
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2418
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2586
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2421
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2589
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2402
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2570
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -627,11 +633,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1132 sssd-ldap.5.xml:679
-#: sssd-ldap.5.xml:1528 sssd-ldap.5.xml:1540 sssd-ldap.5.xml:1622
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1156 sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:1555 sssd-ldap.5.xml:1567 sssd-ldap.5.xml:1649
 #: sssd-ad.5.xml:667 sssd-ad.5.xml:742 sssd-krb5.5.xml:410 sssd-krb5.5.xml:556
-#: sssd-secrets.5.xml:272 sssd-secrets.5.xml:310 sssd-secrets.5.xml:323
-#: sssd-secrets.5.xml:337 sssd-secrets.5.xml:348
+#: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
+#: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415
 #: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
 msgid "Default: not set"
 msgstr ""
@@ -802,8 +808,24 @@ msgid ""
 "be looked up in a random order for each parent domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:563
+msgid ""
+"Please, note that when this option is set the output format of all commands "
+"is always fully-qualified even when using short names for input.  In case "
+"the administrator wants the output not fully-qualified, the full_name_format "
+"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
+"However, keep in mind that during login, login applications often "
+"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
+"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
+"shortname is returned for a qualified input (while trying to reach a user "
+"which exists in multiple domains) might re-route the login attempt into the "
+"domain which users shortnames, making this workaround totally not "
+"recommended in cases where usernames may overlap between domains."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563 sssd.conf.5.xml:1340 sssd.conf.5.xml:2757
+#: sssd.conf.5.xml:587 sssd.conf.5.xml:1364 sssd.conf.5.xml:2931
 #: sssd-ad.5.xml:148 sssd-ad.5.xml:286 sssd-ad.5.xml:300
 msgid "Default: Not set"
 msgstr ""
@@ -820,12 +842,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:574
+#: sssd.conf.5.xml:598
 msgid "SERVICES SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:600
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -834,22 +856,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:607
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:609
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:626
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:605
+#: sssd.conf.5.xml:629
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -859,17 +881,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:614
+#: sssd.conf.5.xml:638
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:643
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:646
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -879,18 +901,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:631 sssd.conf.5.xml:663 sssd.conf.5.xml:944
-#: sssd.conf.5.xml:1198 sssd-ldap.5.xml:1267
+#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
+#: sssd.conf.5.xml:1222 sssd-ldap.5.xml:1294
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:660
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:663
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -898,24 +920,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:670
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:673
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:678
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:681
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -923,12 +945,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:692
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:695
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -940,58 +962,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685 sssd.conf.5.xml:956 sssd.conf.5.xml:1514
+#: sssd.conf.5.xml:709 sssd.conf.5.xml:980 sssd.conf.5.xml:1559
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:690
+#: sssd.conf.5.xml:714
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:717
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:729
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:731
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:712
+#: sssd.conf.5.xml:736
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715
+#: sssd.conf.5.xml:739
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:719
+#: sssd.conf.5.xml:743
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:748
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
+#: sssd.conf.5.xml:751
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -999,7 +1021,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:733
+#: sssd.conf.5.xml:757
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1009,7 +1031,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:767
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1018,17 +1040,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:775 sssd.conf.5.xml:1421
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:780
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:783
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1036,34 +1058,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:765 sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:789 sssd.conf.5.xml:1445
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:770
+#: sssd.conf.5.xml:794
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:773
+#: sssd.conf.5.xml:797
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778 sssd.conf.5.xml:1186 sssd.conf.5.xml:2641 sssd.8.xml:79
+#: sssd.conf.5.xml:802 sssd.conf.5.xml:1210 sssd.conf.5.xml:2815 sssd.8.xml:79
 msgid "Default: 0"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:807
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:786
+#: sssd.conf.5.xml:810
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1072,7 +1094,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:817
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1081,41 +1103,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:801
+#: sssd.conf.5.xml:825
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:830
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:833
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:820
+#: sssd.conf.5.xml:844
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:847
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:852
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:834
+#: sssd.conf.5.xml:858
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1123,23 +1145,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1265 sssd.conf.5.xml:1284
+#: sssd.conf.5.xml:856 sssd.conf.5.xml:1289 sssd.conf.5.xml:1308
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:862
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:868
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:871
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1147,47 +1169,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:877
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:883
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:886
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:889
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:869
+#: sssd.conf.5.xml:893
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:898
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:879
+#: sssd.conf.5.xml:903
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:906
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1195,105 +1217,105 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:913
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:892
+#: sssd.conf.5.xml:916
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:920
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:925
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:904
+#: sssd.conf.5.xml:928
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:909
+#: sssd.conf.5.xml:933
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:936
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:940
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:945
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:948
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:954
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:937 sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:961 sssd.conf.5.xml:1215
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1218
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:973
 msgid "memcache_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:952
+#: sssd.conf.5.xml:976
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:983
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:967 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:991 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:994
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1304,96 +1326,96 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1007
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1012
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:993
+#: sssd.conf.5.xml:1017
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:996
+#: sssd.conf.5.xml:1020
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1025 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1004
+#: sssd.conf.5.xml:1028
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1012
+#: sssd.conf.5.xml:1036
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1038
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1043
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1022
+#: sssd.conf.5.xml:1046
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027 sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1051 sssd.conf.5.xml:1064
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1057
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1060
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1070
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1073
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1078
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1401,122 +1423,122 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1084 sssd.conf.5.xml:1182
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1090
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1093
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1098
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1101
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1104
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1108
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1111
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.8.xml:63
+#: sssd.conf.5.xml:1115 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1121
 msgid "pam_response_filter (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1124
 msgid ""
-"A comma separated list of strings which allows to remove (filter) data send "
+"A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
-"responses send to pam_sss e.g. messages displayed to the user or environment "
+"responses sent to pam_sss e.g. messages displayed to the user or environment "
 "variables which should be set by pam_sss."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1132
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1139
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1116
-msgid "Do not sent any environment variables to any service."
+#: sssd.conf.5.xml:1140
+msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1143
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
-msgid "Do not sent environment variable var_name to any service."
+#: sssd.conf.5.xml:1144
+msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1148
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1125
-msgid "Do not sent environment variable var_name to service."
+#: sssd.conf.5.xml:1149
+msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1137
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1159
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1165
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1168
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1524,7 +1546,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1174
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1533,17 +1555,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1188
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1167 sssd.conf.5.xml:1866
+#: sssd.conf.5.xml:1191 sssd.conf.5.xml:2010
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1194
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1551,26 +1573,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1869
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2013
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1205
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1227
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1206
+#: sssd.conf.5.xml:1230
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1580,74 +1602,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1240
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1220
+#: sssd.conf.5.xml:1244
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1251
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1254
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1258
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1238
+#: sssd.conf.5.xml:1262
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1242
+#: sssd.conf.5.xml:1266
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1246 sssd.conf.5.xml:1271 sssd.conf.5.xml:1290
-#: sssd.conf.5.xml:1663 sssd.conf.5.xml:2577 sssd-ldap.5.xml:1823
+#: sssd.conf.5.xml:1270 sssd.conf.5.xml:1295 sssd.conf.5.xml:1314
+#: sssd.conf.5.xml:1807 sssd.conf.5.xml:2751 sssd-ldap.5.xml:1850
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1275
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1254
+#: sssd.conf.5.xml:1278
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1283
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:1291
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1655,19 +1677,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1276
+#: sssd.conf.5.xml:1300
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1303
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1310
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1675,12 +1697,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1319
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1322
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1688,58 +1710,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1304 sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1078
-#: sssd-ldap.5.xml:1369 sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1896
+#: sssd.conf.5.xml:1328 sssd-ldap.5.xml:1078 sssd-ldap.5.xml:1105
+#: sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1417 sssd-ldap.5.xml:1923
 #: include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1309
+#: sssd.conf.5.xml:1333
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1312
+#: sssd.conf.5.xml:1336
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1340
 msgid "Default: /etc/pki/nssdb (NSS version)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1345
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1348
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1357
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1360
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1349
+#: sssd.conf.5.xml:1373
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1351
+#: sssd.conf.5.xml:1375
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1750,34 +1772,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1392
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1371
+#: sssd.conf.5.xml:1395
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1407
+msgid "sudo_threshold (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1410
+msgid ""
+"Maximum number of expired rules that can be refreshed at once. If number of "
+"expired rules is below threshold, those rules are refreshed with "
+"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
+"<quote>full refresh</quote> of sudo rules is triggered instead. This "
+"threshold number also applies to IPA sudo command and command group searches."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1429
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1431
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1390
+#: sssd.conf.5.xml:1435
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1393
+#: sssd.conf.5.xml:1438
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1785,68 +1822,68 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1409
+#: sssd.conf.5.xml:1454
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1411
+#: sssd.conf.5.xml:1456
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1415
+#: sssd.conf.5.xml:1460
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1463
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1427
+#: sssd.conf.5.xml:1472
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430
+#: sssd.conf.5.xml:1475
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1434
+#: sssd.conf.5.xml:1479
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1484
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1487
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1447
+#: sssd.conf.5.xml:1492
 msgid "Default: /etc/pki/nssdb"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1455
+#: sssd.conf.5.xml:1500
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1457
+#: sssd.conf.5.xml:1502
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1857,7 +1894,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1466
+#: sssd.conf.5.xml:1511
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1868,24 +1905,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1519
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1525
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1484 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1529 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1487
+#: sssd.conf.5.xml:1532
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1893,12 +1930,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1538
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1497
+#: sssd.conf.5.xml:1542
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -1907,29 +1944,142 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
+#: sssd.conf.5.xml:1551
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1554
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1567
+msgid "Session recording configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1569
+msgid ""
+"Session recording works in conjunction with <citerefentry> "
+"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>, a part of tlog package, to log what users see and type when "
+"they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
+"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1582
+msgid "These options can be used to configure session recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1586 sssd-session-recording.5.xml:64
+msgid "scope (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:71
+msgid "\"none\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:74
+msgid "No users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1601 sssd-session-recording.5.xml:79
+msgid "\"some\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1604 sssd-session-recording.5.xml:82
+msgid ""
+"Users/groups specified by <replaceable>users</replaceable> and "
+"<replaceable>groups</replaceable> options are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1613 sssd-session-recording.5.xml:91
+msgid "\"all\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1616 sssd-session-recording.5.xml:94
+msgid "All users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1589 sssd-session-recording.5.xml:67
+msgid ""
+"One of the following strings specifying the scope of session recording: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:101
+msgid "Default: \"none\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1628 sssd-session-recording.5.xml:106
+msgid "users (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1631 sssd-session-recording.5.xml:109
+msgid ""
+"A comma-separated list of users which should have session recording enabled. "
+"Matches user names as returned by NSS. I.e. after the possible space "
+"replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1637 sssd-session-recording.5.xml:115
+msgid "Default: Empty. Matches no users."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1642 sssd-session-recording.5.xml:120
+msgid "groups (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1645 sssd-session-recording.5.xml:123
+msgid ""
+"A comma-separated list of groups, members of which should have session "
+"recording enabled. Matches group names as returned by NSS. I.e. after the "
+"possible space replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1651 sssd-session-recording.5.xml:129
+msgid ""
+"NOTE: using this option (having it set to anything) has a considerable "
+"performance cost, because each uncached request for a user requires "
+"retrieving and matching the groups the user is member of."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:136
+msgid "Default: Empty. Matches no groups."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1668
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1531
+#: sssd.conf.5.xml:1675
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1534
+#: sssd.conf.5.xml:1678
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -1938,14 +2088,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1542
+#: sssd.conf.5.xml:1686
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546
+#: sssd.conf.5.xml:1690
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -1954,38 +2104,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1698
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1702
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1562
+#: sssd.conf.5.xml:1706
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1568
+#: sssd.conf.5.xml:1712
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1715
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1720
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1994,46 +2144,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1727
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1731
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1737
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596
+#: sssd.conf.5.xml:1740
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1744
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603
+#: sssd.conf.5.xml:1747
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1821 sssd.conf.5.xml:1988
+#: sssd.conf.5.xml:1750 sssd.conf.5.xml:1965 sssd.conf.5.xml:2132
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1609
+#: sssd.conf.5.xml:1753
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2045,14 +2195,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1766
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1771
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2061,39 +2211,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:1779
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1643
+#: sssd.conf.5.xml:1787
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1650
+#: sssd.conf.5.xml:1794
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1651
+#: sssd.conf.5.xml:1795
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1798
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1799
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1790
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2102,19 +2252,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1813
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672
+#: sssd.conf.5.xml:1816
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1820
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2125,151 +2275,151 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1689
+#: sssd.conf.5.xml:1833
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1695
+#: sssd.conf.5.xml:1839
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1698
+#: sssd.conf.5.xml:1842
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1702 sssd.conf.5.xml:1715 sssd.conf.5.xml:1728
-#: sssd.conf.5.xml:1741 sssd.conf.5.xml:1754 sssd.conf.5.xml:1768
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1846 sssd.conf.5.xml:1859 sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1885 sssd.conf.5.xml:1898 sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1926
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1708
+#: sssd.conf.5.xml:1852
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1711
+#: sssd.conf.5.xml:1855
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1721
+#: sssd.conf.5.xml:1865
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1868
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1878
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1881
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1891
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1750
+#: sssd.conf.5.xml:1894
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1760
+#: sssd.conf.5.xml:1904
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1763
+#: sssd.conf.5.xml:1907
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1774
+#: sssd.conf.5.xml:1918
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1921
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1932
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1791
+#: sssd.conf.5.xml:1935
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1796
+#: sssd.conf.5.xml:1940
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1944
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1804 sssd-ldap.5.xml:746 sssd-ipa.5.xml:247
+#: sssd.conf.5.xml:1948 sssd-ldap.5.xml:746 sssd-ipa.5.xml:248
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1810
+#: sssd.conf.5.xml:1954
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1957
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1961
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1827
+#: sssd.conf.5.xml:1971
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1830
+#: sssd.conf.5.xml:1974
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2277,24 +2427,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1981
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1986
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1992
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1995
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2303,17 +2453,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1858
+#: sssd.conf.5.xml:2002
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:2007
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1874
+#: sssd.conf.5.xml:2018
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2322,33 +2472,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1881
+#: sssd.conf.5.xml:2025
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:2031
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2034
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1894
+#: sssd.conf.5.xml:2038
 msgid "<quote>proxy</quote>: Support a legacy NSS provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897 sssd.conf.5.xml:2034
+#: sssd.conf.5.xml:2041 sssd.conf.5.xml:2178
 msgid "<quote>local</quote>: SSSD internal provider for local users"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:2045
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2356,8 +2506,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1909 sssd.conf.5.xml:2014 sssd.conf.5.xml:2069
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2053 sssd.conf.5.xml:2158 sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2366,8 +2516,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1918 sssd.conf.5.xml:2023 sssd.conf.5.xml:2078
-#: sssd.conf.5.xml:2141
+#: sssd.conf.5.xml:2062 sssd.conf.5.xml:2167 sssd.conf.5.xml:2222
+#: sssd.conf.5.xml:2285
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2375,19 +2525,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2073
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:2076
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2081
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2396,7 +2546,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1945
+#: sssd.conf.5.xml:2089
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2404,22 +2554,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1952
+#: sssd.conf.5.xml:2096
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2102
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1961
+#: sssd.conf.5.xml:2105
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2108
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2431,7 +2581,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1982
+#: sssd.conf.5.xml:2126
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2439,19 +2589,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1993
+#: sssd.conf.5.xml:2137
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1996
+#: sssd.conf.5.xml:2140
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000 sssd.conf.5.xml:2062
+#: sssd.conf.5.xml:2144 sssd.conf.5.xml:2206
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2459,7 +2609,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2007
+#: sssd.conf.5.xml:2151
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2467,30 +2617,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2175
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2182
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2041
+#: sssd.conf.5.xml:2185
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2191
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2194
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2498,19 +2648,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
+#: sssd.conf.5.xml:2200
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059
+#: sssd.conf.5.xml:2203
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2086
+#: sssd.conf.5.xml:2230
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2519,7 +2669,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2093
+#: sssd.conf.5.xml:2237
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -2527,29 +2677,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2244
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2247
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2108
+#: sssd.conf.5.xml:2252
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2111
+#: sssd.conf.5.xml:2255
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2116
+#: sssd.conf.5.xml:2260
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2557,7 +2707,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2124
+#: sssd.conf.5.xml:2268
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2565,35 +2715,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2149
+#: sssd.conf.5.xml:2293
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2153
+#: sssd.conf.5.xml:2297
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2300
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2163
+#: sssd.conf.5.xml:2307
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2166
+#: sssd.conf.5.xml:2310
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2314
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2601,32 +2751,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2178
+#: sssd.conf.5.xml:2322
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2326
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2186
+#: sssd.conf.5.xml:2330
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189 sssd.conf.5.xml:2267 sssd.conf.5.xml:2308
-#: sssd.conf.5.xml:2333
+#: sssd.conf.5.xml:2333 sssd.conf.5.xml:2411 sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2501
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2337
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2637,12 +2787,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2210
+#: sssd.conf.5.xml:2354
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2357
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -2650,7 +2800,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2219
+#: sssd.conf.5.xml:2363
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2658,31 +2808,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2227
+#: sssd.conf.5.xml:2371
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2230
+#: sssd.conf.5.xml:2374
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2380
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2383
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2245
+#: sssd.conf.5.xml:2389
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2690,7 +2840,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2254
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2699,23 +2849,54 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2263
+#: sssd.conf.5.xml:2407
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2417
+msgid "session_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2420
+msgid ""
+"The provider which configures and manages user session related tasks. The "
+"only user session task currently provided is the integration with Fleet "
+"Commander, which works only with IPA.  Supported session providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2427
+msgid "<quote>ipa</quote> to allow performing user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2431
+msgid ""
+"<quote>none</quote> does not perform any kind of user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2435
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can perform "
+"session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2442
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2445
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2449
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2723,7 +2904,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2288
+#: sssd.conf.5.xml:2456
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2731,7 +2912,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2296
+#: sssd.conf.5.xml:2464
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2739,24 +2920,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2305
+#: sssd.conf.5.xml:2473
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2483
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2486
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2322
+#: sssd.conf.5.xml:2490
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2764,12 +2945,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2330
+#: sssd.conf.5.xml:2498
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2343
+#: sssd.conf.5.xml:2511
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -2779,7 +2960,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2520
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2788,29 +2969,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2525
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2528
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2363
+#: sssd.conf.5.xml:2531
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2366
+#: sssd.conf.5.xml:2534
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2371
+#: sssd.conf.5.xml:2539
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2818,7 +2999,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2377
+#: sssd.conf.5.xml:2545
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2826,137 +3007,145 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2384
+#: sssd.conf.5.xml:2552
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2431
+#: sssd.conf.5.xml:2599
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2437
+#: sssd.conf.5.xml:2605
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2440
+#: sssd.conf.5.xml:2608
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2444
+#: sssd.conf.5.xml:2612
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2447
+#: sssd.conf.5.xml:2615
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2450
+#: sssd.conf.5.xml:2618
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2621
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2456
+#: sssd.conf.5.xml:2624
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2459
+#: sssd.conf.5.xml:2627
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2633
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2468
+#: sssd.conf.5.xml:2636
+msgid ""
+"Defines the amount of time (in seconds) to wait for a reply from the "
+"internal fail over service before assuming that the service is unreachable. "
+"If this timeout is reached, the domain will continue to operate in offline "
+"mode."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2643
 msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
+"Please see the section <quote>FAILOVER</quote> for more information about "
+"the service resolution."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2474 sssd-ldap.5.xml:1251 sssd-ldap.5.xml:1293
-#: sssd-ldap.5.xml:1311 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2648 sssd-ldap.5.xml:1278 sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1338 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2654
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2483
+#: sssd.conf.5.xml:2657
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2661
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2493
+#: sssd.conf.5.xml:2667
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2496
+#: sssd.conf.5.xml:2670
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2502
+#: sssd.conf.5.xml:2676
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2510
+#: sssd.conf.5.xml:2684
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2513
+#: sssd.conf.5.xml:2687
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2519
+#: sssd.conf.5.xml:2693
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2695
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2525
+#: sssd.conf.5.xml:2699
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2528
+#: sssd.conf.5.xml:2702
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -2964,7 +3153,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2505
+#: sssd.conf.5.xml:2679
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -2972,17 +3161,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2540
+#: sssd.conf.5.xml:2714
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2546
+#: sssd.conf.5.xml:2720
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2549
+#: sssd.conf.5.xml:2723
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -2990,34 +3179,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2729
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2558
+#: sssd.conf.5.xml:2732
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2561 sssd-ldap.5.xml:1084
+#: sssd.conf.5.xml:2735 sssd-ldap.5.xml:1111
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2564
+#: sssd.conf.5.xml:2738
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2567
+#: sssd.conf.5.xml:2741
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2573
+#: sssd.conf.5.xml:2747
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3025,32 +3214,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2571 sssd-secrets.5.xml:381
+#: sssd.conf.5.xml:2745 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2580
+#: sssd.conf.5.xml:2754
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2587
+#: sssd.conf.5.xml:2761
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2772
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2599
+#: sssd.conf.5.xml:2773
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2764
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3060,34 +3249,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:2778
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:2782
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2613
+#: sssd.conf.5.xml:2787
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2616
+#: sssd.conf.5.xml:2790
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2622
+#: sssd.conf.5.xml:2796
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2625
+#: sssd.conf.5.xml:2799
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3095,12 +3284,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2805
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2635
+#: sssd.conf.5.xml:2809
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3108,7 +3297,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1670
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3116,29 +3305,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2653
+#: sssd.conf.5.xml:2827
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2656
+#: sssd.conf.5.xml:2830
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2659
+#: sssd.conf.5.xml:2833
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2841
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2670
+#: sssd.conf.5.xml:2844
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3146,12 +3335,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2680
+#: sssd.conf.5.xml:2854
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2683
+#: sssd.conf.5.xml:2857
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3160,12 +3349,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2697
+#: sssd.conf.5.xml:2871
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2700
+#: sssd.conf.5.xml:2874
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3173,19 +3362,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2823
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2890
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2892
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3202,7 +3391,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2738
+#: sssd.conf.5.xml:2912
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3210,17 +3399,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2744
+#: sssd.conf.5.xml:2918
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2746
+#: sssd.conf.5.xml:2920
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2749
+#: sssd.conf.5.xml:2923
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3229,18 +3418,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2937
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
-"through the NSS responder. In addition, the application domains also "
-"requests the telephoneNumber attribute, stores it as the phone attribute in "
-"the cache and makes the phone attribute reachable through the D-Bus "
-"interface."
+"through the NSS responder. In addition, the application domain also requests "
+"the telephoneNumber attribute, stores it as the phone attribute in the cache "
+"and makes the phone attribute reachable through the D-Bus interface."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:2771
+#: sssd.conf.5.xml:2945
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3260,12 +3448,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2963
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2791
+#: sssd.conf.5.xml:2965
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3273,73 +3461,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2798
+#: sssd.conf.5.xml:2972
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2975
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2805
+#: sssd.conf.5.xml:2979
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2810
+#: sssd.conf.5.xml:2984
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2987
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2992
 msgid "Default: <filename>/home</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2823
+#: sssd.conf.5.xml:2997
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:3000
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830 sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:3004 sssd.conf.5.xml:3016
 msgid "Default: TRUE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2835
+#: sssd.conf.5.xml:3009
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2838
+#: sssd.conf.5.xml:3012
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2847
+#: sssd.conf.5.xml:3021
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2850
+#: sssd.conf.5.xml:3024
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3347,17 +3535,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2858
+#: sssd.conf.5.xml:3032
 msgid "Default: 077"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:3037
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2866
+#: sssd.conf.5.xml:3040
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3366,17 +3554,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2876
+#: sssd.conf.5.xml:3050
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2881
+#: sssd.conf.5.xml:3055
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2884
+#: sssd.conf.5.xml:3058
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3384,17 +3572,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2891
+#: sssd.conf.5.xml:3065
 msgid "Default: <filename>/var/mail</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:3070
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2899
+#: sssd.conf.5.xml:3073
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3402,86 +3590,85 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2905
+#: sssd.conf.5.xml:3079
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2915
+#: sssd.conf.5.xml:3089
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:3091
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
 "<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
-"replaceable>]</quote>.  Currently supported options in the trusted domain "
-"section are:"
+"replaceable>]</quote>.  Where DOMAIN_NAME is the actual joined-to base "
+"domain. Please refer to examples below for explanation.  Currently supported "
+"options in the trusted domain section are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2922
+#: sssd.conf.5.xml:3098
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:3099
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2924
+#: sssd.conf.5.xml:3100
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2925
+#: sssd.conf.5.xml:3101
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:3102
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2927
+#: sssd.conf.5.xml:3103
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2928
+#: sssd.conf.5.xml:3104
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2929
+#: sssd.conf.5.xml:3105
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2930
+#: sssd.conf.5.xml:3106
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2932
+#: sssd.conf.5.xml:3108
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2938 sssd-ldap.5.xml:2662 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:673 sssd-ad.5.xml:1018 sssd-krb5.5.xml:570
-#: sss_rpcidmapd.5.xml:98 sssd-files.5.xml:71
-msgid "EXAMPLE"
+#: sssd.conf.5.xml:3114 idmap_sss.8.xml:43
+msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2944
+#: sssd.conf.5.xml:3120
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3511,14 +3698,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2940
+#: sssd.conf.5.xml:3116
 msgid ""
-"The following example shows a typical SSSD config. It does not describe "
+"1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 "id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:3153
+#, no-wrap
+msgid ""
+"[domain/ipa.com/child.ad.com]\n"
+"use_fully_qualified_names = false\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3147
+msgid ""
+"2. The following example shows configuration of IPA AD trust where the AD "
+"forest consists of two domains in a parent-child structure.  Suppose IPA "
+"domain (ipa.com) has trust with AD domain(ad.com).  ad.com has child domain "
+"(child.ad.com). To enable shortnames in the child domain the following "
+"configuration should be used.  <placeholder type=\"programlisting\" id=\"0\"/"
+">"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
 msgid "sssd-ldap"
@@ -3559,7 +3765,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:75 sssd-ad.5.xml:99
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
-#: sssd-secrets.5.xml:94 sssd-kcm.8.xml:141
+#: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
 msgstr ""
 
@@ -3579,7 +3785,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:197
+#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:264
 msgid "The format of the URI must match the format defined in RFC 2732:"
 msgstr ""
 
@@ -3859,7 +4065,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:893
+#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:920
 msgid "Default: gidNumber"
 msgstr ""
 
@@ -3937,7 +4143,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:919
+#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:946
 msgid ""
 "Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
 "IPA"
@@ -3956,7 +4162,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:961
 msgid "Default: objectSid for ActiveDirectory, not set for other servers."
 msgstr ""
 
@@ -3966,14 +4172,14 @@ msgid "ldap_user_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:944 sssd-ldap.5.xml:1167
+#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:971 sssd-ldap.5.xml:1194
 msgid ""
 "The LDAP attribute that contains timestamp of the last modification of the "
 "parent object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:948 sssd-ldap.5.xml:1174
+#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:975 sssd-ldap.5.xml:1201
 msgid "Default: modifyTimestamp"
 msgstr ""
 
@@ -4368,8 +4574,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1199
-#: sssd-ldap.5.xml:2240 sssd-ipa.5.xml:544
+#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1152 sssd-ldap.5.xml:1226
+#: sssd-ldap.5.xml:2276 sssd-ipa.5.xml:588
 msgid "Default: cn"
 msgstr ""
 
@@ -4456,130 +4662,163 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:833
-msgid "ldap_user_certificate (string)"
+msgid "ldap_user_authorized_rhost (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:836
+msgid ""
+"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
+"presence of the rhost attribute in the user's LDAP entry to determine access "
+"privilege. Similarly to host verification process."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:843
+msgid ""
+"An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
+"explicit allow (rhost) and finally for allow_all (*)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:848
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>rhost</quote> in order for the "
+"ldap_user_authorized_rhost option to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:855
+msgid "Default: rhost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:861
+msgid "ldap_user_certificate (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
 msgid "Name of the LDAP attribute containing the X509 certificate of the user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:840
-msgid "Default: no set in the general case, userCertificate;binary for IPA"
+#: sssd-ldap.5.xml:868
+msgid "Default: userCertificate;binary"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:847
+#: sssd-ldap.5.xml:874
 msgid "ldap_user_email (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:850
+#: sssd-ldap.5.xml:877
 msgid "Name of the LDAP attribute containing the email address of the user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
+#: sssd-ldap.5.xml:881
 msgid "Default: mail"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:860
+#: sssd-ldap.5.xml:887
 msgid "ldap_group_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:890
 msgid "The object class of a group entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:893
 msgid "Default: posixGroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:872
+#: sssd-ldap.5.xml:899
 msgid "ldap_group_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:875
+#: sssd-ldap.5.xml:902
 msgid "The LDAP attribute that corresponds to the group name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:879
+#: sssd-ldap.5.xml:906
 msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:886
+#: sssd-ldap.5.xml:913
 msgid "ldap_group_gid_number (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:916
 msgid "The LDAP attribute that corresponds to the group's id."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:926
 msgid "ldap_group_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:902
+#: sssd-ldap.5.xml:929
 msgid "The LDAP attribute that contains the names of the group's members."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:933
 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:939
 msgid "ldap_group_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:942
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:953
 msgid "ldap_group_objectsid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:929
+#: sssd-ldap.5.xml:956
 msgid ""
 "The LDAP attribute that contains the objectSID of an LDAP group object. This "
 "is usually only necessary for ActiveDirectory servers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:968
 msgid "ldap_group_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:981
 msgid "ldap_group_type (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:957
+#: sssd-ldap.5.xml:984
 msgid ""
 "The LDAP attribute that contains an integer value indicating the type of the "
 "group and maybe other flags."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:962
+#: sssd-ldap.5.xml:989
 msgid ""
 "This attribute is currently only used by the AD provider to determine if a "
 "group is a domain local groups and has to be filtered out for trusted "
@@ -4587,34 +4826,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:968
+#: sssd-ldap.5.xml:995
 msgid "Default: groupType in the AD provider, otherwise not set"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:975
+#: sssd-ldap.5.xml:1002
 msgid "ldap_group_external_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:978
+#: sssd-ldap.5.xml:1005
 msgid ""
 "The LDAP attribute that references group members that are defined in an "
 "external domain. At the moment, only IPA's external members are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:1011
 msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1018
 msgid "ldap_group_nesting_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1021
 msgid ""
 "If ldap_schema is set to a schema format that supports nested groups (e.g. "
 "RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -4622,7 +4861,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
+#: sssd-ldap.5.xml:1028
 msgid ""
 "Note: This option specifies the guaranteed level of nested groups to be "
 "processed for any lookup. However, nested groups beyond this limit "
@@ -4632,7 +4871,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1037
 msgid ""
 "If ldap_group_nesting_level is set to 0 then no nested groups are processed "
 "at all. However, when connected to Active-Directory Server 2008 and later "
@@ -4642,17 +4881,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1046
 msgid "Default: 2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1025
+#: sssd-ldap.5.xml:1052
 msgid "ldap_groups_use_matching_rule_in_chain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1028
+#: sssd-ldap.5.xml:1055
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which may speed up group lookup operations on deployments with "
@@ -4660,14 +4899,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1034
+#: sssd-ldap.5.xml:1061
 msgid ""
 "In most common cases, it is best to leave this option disabled. It generally "
 "only provides a performance increase on very complex nestings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039 sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1093
 msgid ""
 "If this option is enabled, SSSD will use it if it detects that the server "
 "supports it during initial connection. So \"True\" here essentially means "
@@ -4675,7 +4914,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1072
+#: sssd-ldap.5.xml:1072 sssd-ldap.5.xml:1099
 msgid ""
 "Note: This feature is currently known to work only with Active Directory "
 "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4684,12 +4923,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1057
+#: sssd-ldap.5.xml:1084
 msgid "ldap_initgroups_use_matching_rule_in_chain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1087
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which might speed up initgroups operations (most notably when "
@@ -4697,168 +4936,168 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1114
 msgid ""
 "This options enables or disables use of Token-Groups attribute when "
 "performing initgroup for users from Active Directory Server 2008 and later."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1092
+#: sssd-ldap.5.xml:1119
 msgid "Default: True for AD and IPA otherwise False."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1125
 msgid "ldap_netgroup_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1101
+#: sssd-ldap.5.xml:1128
 msgid "The object class of a netgroup entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1104
+#: sssd-ldap.5.xml:1131
 msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1108
+#: sssd-ldap.5.xml:1135
 msgid "Default: nisNetgroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1114
+#: sssd-ldap.5.xml:1141
 msgid "ldap_netgroup_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1117
+#: sssd-ldap.5.xml:1144
 msgid "The LDAP attribute that corresponds to the netgroup name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1121
+#: sssd-ldap.5.xml:1148
 msgid "In IPA provider, ipa_netgroup_name should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1131
+#: sssd-ldap.5.xml:1158
 msgid "ldap_netgroup_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1134
+#: sssd-ldap.5.xml:1161
 msgid "The LDAP attribute that contains the names of the netgroup's members."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1165
 msgid "In IPA provider, ipa_netgroup_member should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1142
+#: sssd-ldap.5.xml:1169
 msgid "Default: memberNisNetgroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1175
 msgid "ldap_netgroup_triple (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1178
 msgid ""
 "The LDAP attribute that contains the (host, user, domain) netgroup triples."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1155 sssd-ldap.5.xml:1171
+#: sssd-ldap.5.xml:1182 sssd-ldap.5.xml:1198
 msgid "This option is not available in IPA provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1158
+#: sssd-ldap.5.xml:1185
 msgid "Default: nisNetgroupTriple"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1191
 msgid "ldap_netgroup_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1207
 msgid "ldap_service_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1210
 msgid "The object class of a service entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1186
+#: sssd-ldap.5.xml:1213
 msgid "Default: ipService"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1192
+#: sssd-ldap.5.xml:1219
 msgid "ldap_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1195
+#: sssd-ldap.5.xml:1222
 msgid ""
 "The LDAP attribute that contains the name of service attributes and their "
 "aliases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1205
+#: sssd-ldap.5.xml:1232
 msgid "ldap_service_port (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1235
 msgid "The LDAP attribute that contains the port managed by this service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1239
 msgid "Default: ipServicePort"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1245
 msgid "ldap_service_proto (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1248
 msgid ""
 "The LDAP attribute that contains the protocols understood by this service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1252
 msgid "Default: ipServiceProtocol"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1231
+#: sssd-ldap.5.xml:1258
 msgid "ldap_service_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1236
+#: sssd-ldap.5.xml:1263
 msgid "ldap_search_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1266
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches are allowed to run "
 "before they are cancelled and cached results are returned (and offline mode "
@@ -4866,7 +5105,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1245
+#: sssd-ldap.5.xml:1272
 msgid ""
 "Note: this option is subject to change in future versions of the SSSD. It "
 "will likely be replaced at some point by a series of timeouts for specific "
@@ -4874,12 +5113,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1257
+#: sssd-ldap.5.xml:1284
 msgid "ldap_enumeration_search_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1260
+#: sssd-ldap.5.xml:1287
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches for user and group "
 "enumerations are allowed to run before they are cancelled and cached results "
@@ -4887,12 +5126,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1273
+#: sssd-ldap.5.xml:1300
 msgid "ldap_network_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1303
 msgid ""
 "Specifies the timeout (in seconds) after which the <citerefentry> "
 "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4903,12 +5142,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1326
 msgid "ldap_opt_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1329
 msgid ""
 "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
 "will abort if no response is received. Also controls the timeout when "
@@ -4917,12 +5156,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1344
 msgid "ldap_connection_expire_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1347
 msgid ""
 "Specifies a timeout (in seconds) that a connection to an LDAP server will be "
 "maintained. After this time, the connection will be re-established. If used "
@@ -4931,34 +5170,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1328 sssd-ldap.5.xml:2397
+#: sssd-ldap.5.xml:1355 sssd-ldap.5.xml:2433
 msgid "Default: 900 (15 minutes)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1361
 msgid "ldap_page_size (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1364
 msgid ""
 "Specify the number of records to retrieve from LDAP in a single request. "
 "Some LDAP servers enforce a maximum limit per-request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1342
+#: sssd-ldap.5.xml:1369
 msgid "Default: 1000"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1375
 msgid "ldap_disable_paging (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1378
 msgid ""
 "Disable the LDAP paging control. This option should be used if the LDAP "
 "server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4966,14 +5205,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1384
 msgid ""
 "Example: OpenLDAP servers with the paging control module installed on the "
 "server but not enabled will report it in the RootDSE but be unable to use it."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1363
+#: sssd-ldap.5.xml:1390
 msgid ""
 "Example: 389 DS has a bug where it can only support a one paging control at "
 "a time on a single connection. On busy clients, this can result in some "
@@ -4981,17 +5220,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1375
+#: sssd-ldap.5.xml:1402
 msgid "ldap_disable_range_retrieval (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1378
+#: sssd-ldap.5.xml:1405
 msgid "Disable Active Directory range retrieval."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1381
+#: sssd-ldap.5.xml:1408
 msgid ""
 "Active Directory limits the number of members to be retrieved in a single "
 "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -5001,12 +5240,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1396
+#: sssd-ldap.5.xml:1423
 msgid "ldap_sasl_minssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1426
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -5014,17 +5253,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1432
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1439
 msgid "ldap_deref_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1415
+#: sssd-ldap.5.xml:1442
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -5032,13 +5271,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1448
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1452
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -5047,7 +5286,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1433
+#: sssd-ldap.5.xml:1460
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -5055,26 +5294,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1473
 msgid "ldap_tls_reqcert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1449
+#: sssd-ldap.5.xml:1476
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1482
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1486
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5082,7 +5321,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466
+#: sssd-ldap.5.xml:1493
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5090,7 +5329,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1472
+#: sssd-ldap.5.xml:1499
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -5098,41 +5337,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1478
+#: sssd-ldap.5.xml:1505
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1509
 msgid "Default: hard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1515
 msgid "ldap_tls_cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1518
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1496 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1523 sssd-ldap.5.xml:1541 sssd-ldap.5.xml:1582
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1530
 msgid "ldap_tls_cacertdir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1533
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -5141,32 +5380,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1548
 msgid "ldap_tls_cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1524
+#: sssd-ldap.5.xml:1551
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1534
+#: sssd-ldap.5.xml:1561
 msgid "ldap_tls_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1564
 msgid "Specifies the file that contains the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1573
 msgid "ldap_tls_cipher_suite (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1576
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -5174,24 +5413,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1589
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1565
+#: sssd-ldap.5.xml:1592
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem class="
 "\"protocol\">tls</systemitem> to protect the channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1602
 msgid "ldap_id_mapping (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1605
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -5199,17 +5438,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1584
+#: sssd-ldap.5.xml:1611
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1621
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1624
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -5220,29 +5459,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1636
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1642
 msgid "ldap_sasl_mech (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1645
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
 "supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1655
 msgid "ldap_sasl_authid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1658
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI is used, this "
 "represents the Kerberos principal used for authentication to the directory.  "
@@ -5251,17 +5490,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1666
 msgid "Default: host/hostname@REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1672
 msgid "ldap_sasl_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1648
+#: sssd-ldap.5.xml:1675
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -5269,49 +5508,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1681
 msgid "Default: the value of krb5_realm."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1687
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1663
+#: sssd-ldap.5.xml:1690
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1668
+#: sssd-ldap.5.xml:1695
 msgid "Default: false;"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1701
 msgid "ldap_krb5_keytab (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1677
+#: sssd-ldap.5.xml:1704
 msgid "Specify the keytab to use when using SASL/GSSAPI."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1680
+#: sssd-ldap.5.xml:1707
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1686
+#: sssd-ldap.5.xml:1713
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1689
+#: sssd-ldap.5.xml:1716
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -5319,27 +5558,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1728
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1704
+#: sssd-ldap.5.xml:1731
 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1708 sssd-ad.5.xml:914
+#: sssd-ldap.5.xml:1735 sssd-ad.5.xml:914
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1714 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1741 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1717
+#: sssd-ldap.5.xml:1744
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -5351,7 +5590,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1756 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -5359,7 +5598,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1761 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -5367,39 +5606,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1743 sssd-ipa.5.xml:418 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1770 sssd-ipa.5.xml:432 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1746
+#: sssd-ldap.5.xml:1773
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1749
+#: sssd-ldap.5.xml:1776
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1755 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1782 sssd-krb5.5.xml:462
 msgid "krb5_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1785
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1770 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1797 sssd-krb5.5.xml:477
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1773 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1800 sssd-krb5.5.xml:480
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -5409,7 +5648,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1811 sssd-krb5.5.xml:491
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -5417,26 +5656,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1825
 msgid "ldap_pwd_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1828
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1806
+#: sssd-ldap.5.xml:1833
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1811
+#: sssd-ldap.5.xml:1838
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -5444,7 +5683,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1817
+#: sssd-ldap.5.xml:1844
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5452,31 +5691,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1826
+#: sssd-ldap.5.xml:1853
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1861
 msgid "ldap_referrals (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1864
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1868
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1873
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5485,56 +5724,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1887
 msgid "ldap_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1890
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1894
 msgid "Default: ldap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1900
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1876
+#: sssd-ldap.5.xml:1903
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1881
+#: sssd-ldap.5.xml:1908
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1887
+#: sssd-ldap.5.xml:1914
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1890
+#: sssd-ldap.5.xml:1917
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1902
+#: sssd-ldap.5.xml:1929
 msgid "ldap_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1932
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -5550,12 +5789,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1952
 msgid "Example:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1928
+#: sssd-ldap.5.xml:1955
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -5564,14 +5803,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1959
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1964
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -5580,24 +5819,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1945 sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:1972 sssd-ldap.5.xml:2029
 msgid "Default: Empty"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1951
+#: sssd-ldap.5.xml:1978
 msgid "ldap_account_expire_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1981
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1958
+#: sssd-ldap.5.xml:1985
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5605,19 +5844,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1965
+#: sssd-ldap.5.xml:1992
 msgid "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1995
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1973
+#: sssd-ldap.5.xml:2000
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5626,7 +5865,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:2007
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5634,7 +5873,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1986
+#: sssd-ldap.5.xml:2013
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5643,7 +5882,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2022
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -5651,22 +5890,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2035
 msgid "ldap_access_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2011
+#: sssd-ldap.5.xml:2038
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2042
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2045
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5676,14 +5915,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2028
+#: sssd-ldap.5.xml:2055
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2062
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5696,12 +5935,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2052
+#: sssd-ldap.5.xml:2079
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2056
+#: sssd-ldap.5.xml:2083
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5711,7 +5950,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2093
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5721,49 +5960,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2101
 msgid ""
 "Note If user password is expired no explicit message is prompted by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2105
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2083
+#: sssd-ldap.5.xml:2110
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2115
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2092
+#: sssd-ldap.5.xml:2119
+msgid ""
+"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
+"remote host can access"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2123
+msgid ""
+"Please note, rhost field in pam is set by application, it is better to check "
+"what the application sends to pam, before enabling this access control option"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2128
 msgid "Default: filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2095
+#: sssd-ldap.5.xml:2131
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2102
+#: sssd-ldap.5.xml:2138
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2105
+#: sssd-ldap.5.xml:2141
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -5772,74 +6025,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2113
+#: sssd-ldap.5.xml:2149
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2152
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2122
+#: sssd-ldap.5.xml:2158
 msgid "ldap_deref (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2125
+#: sssd-ldap.5.xml:2161
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2130
+#: sssd-ldap.5.xml:2166
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2134
+#: sssd-ldap.5.xml:2170
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2139
+#: sssd-ldap.5.xml:2175
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2144
+#: sssd-ldap.5.xml:2180
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2149
+#: sssd-ldap.5.xml:2185
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2157
+#: sssd-ldap.5.xml:2193
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2196
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2200
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -5850,7 +6103,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2175
+#: sssd-ldap.5.xml:2211
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -5858,24 +6111,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187 sssd-ifp.5.xml:136
-msgid "wildcart_limit (integer)"
+#: sssd-ldap.5.xml:2223 sssd-ifp.5.xml:136
+msgid "wildcard_limit (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2226
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2194
+#: sssd-ldap.5.xml:2230
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2234
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
@@ -5890,12 +6143,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2244
 msgid "SUDO OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2210
+#: sssd-ldap.5.xml:2246
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5903,208 +6156,208 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2221
+#: sssd-ldap.5.xml:2257
 msgid "ldap_sudorule_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2260
 msgid "The object class of a sudo rule entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2227
+#: sssd-ldap.5.xml:2263
 msgid "Default: sudoRole"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2233
+#: sssd-ldap.5.xml:2269
 msgid "ldap_sudorule_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2272
 msgid "The LDAP attribute that corresponds to the sudo rule name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2246
+#: sssd-ldap.5.xml:2282
 msgid "ldap_sudorule_command (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2249
+#: sssd-ldap.5.xml:2285
 msgid "The LDAP attribute that corresponds to the command name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2253
+#: sssd-ldap.5.xml:2289
 msgid "Default: sudoCommand"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2259
+#: sssd-ldap.5.xml:2295
 msgid "ldap_sudorule_host (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2262
+#: sssd-ldap.5.xml:2298
 msgid ""
 "The LDAP attribute that corresponds to the host name (or host IP address, "
 "host IP network, or host netgroup)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2303
 msgid "Default: sudoHost"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2273
+#: sssd-ldap.5.xml:2309
 msgid "ldap_sudorule_user (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2276
+#: sssd-ldap.5.xml:2312
 msgid ""
 "The LDAP attribute that corresponds to the user name (or UID, group name or "
 "user's netgroup)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2316
 msgid "Default: sudoUser"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2286
+#: sssd-ldap.5.xml:2322
 msgid "ldap_sudorule_option (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2289
+#: sssd-ldap.5.xml:2325
 msgid "The LDAP attribute that corresponds to the sudo options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2329
 msgid "Default: sudoOption"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2335
 msgid "ldap_sudorule_runasuser (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2302
+#: sssd-ldap.5.xml:2338
 msgid ""
 "The LDAP attribute that corresponds to the user name that commands may be "
 "run as."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2306
+#: sssd-ldap.5.xml:2342
 msgid "Default: sudoRunAsUser"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2312
+#: sssd-ldap.5.xml:2348
 msgid "ldap_sudorule_runasgroup (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2351
 msgid ""
 "The LDAP attribute that corresponds to the group name or group GID that "
 "commands may be run as."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2319
+#: sssd-ldap.5.xml:2355
 msgid "Default: sudoRunAsGroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2361
 msgid "ldap_sudorule_notbefore (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2328
+#: sssd-ldap.5.xml:2364
 msgid ""
 "The LDAP attribute that corresponds to the start date/time for when the sudo "
 "rule is valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2332
+#: sssd-ldap.5.xml:2368
 msgid "Default: sudoNotBefore"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2338
+#: sssd-ldap.5.xml:2374
 msgid "ldap_sudorule_notafter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2341
+#: sssd-ldap.5.xml:2377
 msgid ""
 "The LDAP attribute that corresponds to the expiration date/time, after which "
 "the sudo rule will no longer be valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2346
+#: sssd-ldap.5.xml:2382
 msgid "Default: sudoNotAfter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2352
+#: sssd-ldap.5.xml:2388
 msgid "ldap_sudorule_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2391
 msgid "The LDAP attribute that corresponds to the ordering index of the rule."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2359
+#: sssd-ldap.5.xml:2395
 msgid "Default: sudoOrder"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2365
+#: sssd-ldap.5.xml:2401
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2368
+#: sssd-ldap.5.xml:2404
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2373
+#: sssd-ldap.5.xml:2409
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2378
+#: sssd-ldap.5.xml:2414
 msgid "Default: 21600 (6 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2420
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387
+#: sssd-ldap.5.xml:2423
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest USN "
@@ -6112,101 +6365,101 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2429
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2403
+#: sssd-ldap.5.xml:2439
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2406
+#: sssd-ldap.5.xml:2442
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2417
+#: sssd-ldap.5.xml:2453
 msgid "ldap_sudo_hostnames (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2420
+#: sssd-ldap.5.xml:2456
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2425
+#: sssd-ldap.5.xml:2461
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2430 sssd-ldap.5.xml:2453 sssd-ldap.5.xml:2471
-#: sssd-ldap.5.xml:2489
+#: sssd-ldap.5.xml:2466 sssd-ldap.5.xml:2489 sssd-ldap.5.xml:2507
+#: sssd-ldap.5.xml:2525
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2435 sssd-ldap.5.xml:2458
+#: sssd-ldap.5.xml:2471 sssd-ldap.5.xml:2494
 msgid "Default: not specified"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2477
 msgid "ldap_sudo_ip (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2444
+#: sssd-ldap.5.xml:2480
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2449
+#: sssd-ldap.5.xml:2485
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2464
+#: sssd-ldap.5.xml:2500
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2467
+#: sssd-ldap.5.xml:2503
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2482
+#: sssd-ldap.5.xml:2518
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2485
+#: sssd-ldap.5.xml:2521
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2501
+#: sssd-ldap.5.xml:2537
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -6215,111 +6468,111 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2547
 msgid "AUTOFS OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2513
+#: sssd-ldap.5.xml:2549
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2555
 msgid "ldap_autofs_map_master_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2522
+#: sssd-ldap.5.xml:2558
 msgid "The name of the automount master map in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2525
+#: sssd-ldap.5.xml:2561
 msgid "Default: auto.master"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2532
+#: sssd-ldap.5.xml:2568
 msgid "ldap_autofs_map_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2535
+#: sssd-ldap.5.xml:2571
 msgid "The object class of an automount map entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2538
+#: sssd-ldap.5.xml:2574
 msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2546
+#: sssd-ldap.5.xml:2582
 msgid "ldap_autofs_map_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2549
+#: sssd-ldap.5.xml:2585
 msgid "The name of an automount map entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2552
+#: sssd-ldap.5.xml:2588
 msgid ""
 "Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2596
 msgid "ldap_autofs_entry_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2563
+#: sssd-ldap.5.xml:2599
 msgid ""
 "The object class of an automount entry in LDAP. The entry usually "
 "corresponds to a mount point."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2568
+#: sssd-ldap.5.xml:2604
 msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2576
+#: sssd-ldap.5.xml:2612
 msgid "ldap_autofs_entry_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2579 sssd-ldap.5.xml:2594
+#: sssd-ldap.5.xml:2615 sssd-ldap.5.xml:2630
 msgid ""
 "The key of an automount entry in LDAP. The entry usually corresponds to a "
 "mount point."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2583
+#: sssd-ldap.5.xml:2619
 msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2627
 msgid "ldap_autofs_entry_value (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2598
+#: sssd-ldap.5.xml:2634
 msgid ""
 "Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
 "automountInformation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2517
+#: sssd-ldap.5.xml:2553
 msgid ""
 "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
 "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -6328,56 +6581,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2609
+#: sssd-ldap.5.xml:2645
 msgid "ADVANCED OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2616
+#: sssd-ldap.5.xml:2652
 msgid "ldap_netgroup_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2621
+#: sssd-ldap.5.xml:2657
 msgid "ldap_user_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2626
+#: sssd-ldap.5.xml:2662
 msgid "ldap_group_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2631
+#: sssd-ldap.5.xml:2667
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2633
+#: sssd-ldap.5.xml:2669
 msgid ""
-"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
+"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
 "memberships, even with no GID mapping. It is recommended to disable this "
 "feature, if group names are not being displayed correctly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2640
+#: sssd-ldap.5.xml:2676
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2642
+#: sssd-ldap.5.xml:2678
 msgid "ldap_sudo_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2647
+#: sssd-ldap.5.xml:2683
 msgid "ldap_autofs_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2611
+#: sssd-ldap.5.xml:2647
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -6385,8 +6638,15 @@ msgid ""
 "\"variablelist\" id=\"1\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2698 sssd-simple.5.xml:131 sssd-ipa.5.xml:717
+#: sssd-ad.5.xml:1018 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+msgid "EXAMPLE"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2664
+#: sssd-ldap.5.xml:2700
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -6394,7 +6654,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2670
+#: sssd-ldap.5.xml:2706
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -6407,26 +6667,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2669 sssd-ldap.5.xml:2687 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:681 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 include/ldap_id_mapping.xml:105
+#: sssd-ldap.5.xml:2705 sssd-ldap.5.xml:2723 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2681
+#: sssd-ldap.5.xml:2717
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2683
+#: sssd-ldap.5.xml:2719
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2688
+#: sssd-ldap.5.xml:2724
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -6442,13 +6703,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2703 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2739 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1041 sssd.8.xml:195 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2705
+#: sssd-ldap.5.xml:2741
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -6949,9 +7210,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:45
 msgid ""
-"The rules are process by priority while the number '0' (zero)  indicates the "
-"highest priority. The higher the number the lower is the priority. A missing "
-"value indicates the lowest priority."
+"The rules are processed by priority while the number '0' (zero)  indicates "
+"the highest priority. The higher the number the lower is the priority. A "
+"missing value indicates the lowest priority."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
@@ -7035,7 +7296,7 @@ msgstr ""
 #: sss-certmap.5.xml:112
 msgid ""
 "This option can be used to specify which key usage values the certificate "
-"should have. The following value can be used in a comma separate list:"
+"should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
@@ -7412,7 +7673,7 @@ msgid ""
 "exception is the proxy provider which is not of relevance here). Because of "
 "this the mapping rule is based on LDAP search filter syntax with templates "
 "to add certificate content to the filter. It is expected that the filter "
-"will only contain the specific data needed for the mapping an that the "
+"will only contain the specific data needed for the mapping and that the "
 "caller will embed it in another filter to do the actual search. Because of "
 "this the filter string should start and stop with '(' and ')' respectively."
 msgstr ""
@@ -7432,8 +7693,8 @@ msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
 "is that the user specific data in LDAP might change for various reasons "
-"would would break the mapping. On the other hand it would be hard to break "
-"the mapping on purpose for a specific user."
+"would break the mapping. On the other hand it would be hard to break the "
+"mapping on purpose for a specific user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -7527,7 +7788,7 @@ msgstr ""
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
-"represent the first part of the principal before the '@' sign."
+"represents the first part of the principal before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7545,8 +7806,8 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:459
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by pkinit. The 'short_name' component represent the first part of the "
+"This template will add the Kerberos principal which is given by the SAN used "
+"by pkinit. The 'short_name' component represents the first part of the "
 "principal before the '@' sign."
 msgstr ""
 
@@ -7565,9 +7826,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:473
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by AD. The 'short_name' component represent the first part of the "
-"principal before the '@' sign."
+"This template will add the Kerberos principal which is given by the SAN used "
+"by AD. The 'short_name' component represent the first part of the principal "
+"before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -7580,7 +7841,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
-"represent the first part of the address before the '@' sign."
+"represents the first part of the address before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7600,7 +7861,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
-"component represent the first part of the name before the first '.' sign."
+"component represents the first part of the name before the first '.' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7716,7 +7977,7 @@ msgstr ""
 #: sss-certmap.5.xml:367
 msgid ""
 "The templates to add certificate data to the search filter are based on "
-"Python-style formatting strings. They consists of a keyword in curly braces "
+"Python-style formatting strings. They consist of a keyword in curly braces "
 "with an optional sub-component specifier separated by a '.' or an optional "
 "conversion/formatting option separated by a '!'.  Allowed values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -7836,16 +8097,17 @@ msgstr ""
 #: sssd-ipa.5.xml:113
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
+"fully qualified name used in the IPA domain to identify this host.  The "
+"hostname must be fully qualified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121 sssd-ad.5.xml:843
+#: sssd-ipa.5.xml:122 sssd-ad.5.xml:843
 msgid "dyndns_update (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:125
 msgid ""
 "Optional. This option tells SSSD to automatically update the DNS server "
 "built into FreeIPA with the IP address of this client. The update is secured "
@@ -7855,14 +8117,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:133 sssd-ad.5.xml:857
+#: sssd-ipa.5.xml:134 sssd-ad.5.xml:857
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:139
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_update</"
@@ -7870,12 +8132,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:150 sssd-ad.5.xml:868
+#: sssd-ipa.5.xml:151 sssd-ad.5.xml:868
 msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:153 sssd-ad.5.xml:871
+#: sssd-ipa.5.xml:154 sssd-ad.5.xml:871
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -7883,7 +8145,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:159
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
@@ -7891,17 +8153,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:164
+#: sssd-ipa.5.xml:165
 msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:170 sssd-ad.5.xml:882
+#: sssd-ipa.5.xml:171 sssd-ad.5.xml:882
 msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173 sssd-ad.5.xml:885
+#: sssd-ipa.5.xml:174 sssd-ad.5.xml:885
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -7910,7 +8172,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180
+#: sssd-ipa.5.xml:181
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -7918,24 +8180,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:186
+#: sssd-ipa.5.xml:187
 msgid ""
 "Default: Use the IP addresses of the interface which is used for IPA LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:190 sssd-ad.5.xml:896
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:896
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196 sssd-ad.5.xml:947
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:947
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199 sssd-ad.5.xml:950
+#: sssd-ipa.5.xml:200 sssd-ad.5.xml:950
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -7943,22 +8205,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:205 sssd-ad.5.xml:956
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:956
 msgid "Default: GSS-TSIG"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:212
 msgid "ipa_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:197
+#: sssd-ipa.5.xml:215 sssd-ad.5.xml:197
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:218
+#: sssd-ipa.5.xml:219
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, then the SSSD will first attempt location "
@@ -7970,12 +8232,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:237 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:238 sssd-ad.5.xml:902
 msgid "dyndns_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:240
+#: sssd-ipa.5.xml:241
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -7983,234 +8245,276 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:920
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:920
 msgid "dyndns_update_ptr (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:923
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:923
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:261
+#: sssd-ipa.5.xml:262
 msgid ""
 "This option should be False in most IPA deployments as the IPA server "
 "generates the PTR records automatically when forward records are changed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:268
 msgid "Default: False (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273 sssd-ad.5.xml:934
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:934
 msgid "dyndns_force_tcp (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276 sssd-ad.5.xml:937
+#: sssd-ipa.5.xml:277 sssd-ad.5.xml:937
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:941
+#: sssd-ipa.5.xml:281 sssd-ad.5.xml:941
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:286 sssd-ad.5.xml:962
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:962
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:289 sssd-ad.5.xml:965
+#: sssd-ipa.5.xml:290 sssd-ad.5.xml:965
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:294 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:295 sssd-ad.5.xml:970
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:299 sssd-ad.5.xml:975
+#: sssd-ipa.5.xml:300 sssd-ad.5.xml:975
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:304 sssd-ad.5.xml:980
+#: sssd-ipa.5.xml:305 sssd-ad.5.xml:980
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:310
-msgid "ipa_hbac_search_base (string)"
+#: sssd-ipa.5.xml:311
+msgid "ipa_deskprofile_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Optional. Use the given string as search base for HBAC related objects."
+#: sssd-ipa.5.xml:314
+msgid ""
+"Optional. Use the given string as search base for Desktop Profile related "
+"objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:317
+#: sssd-ipa.5.xml:318 sssd-ipa.5.xml:331
 msgid "Default: Use base DN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:324
+msgid "ipa_hbac_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:327
+msgid "Optional. Use the given string as search base for HBAC related objects."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:337
 msgid "ipa_host_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:326
+#: sssd-ipa.5.xml:340
 msgid "Optional. Use the given string as search base for host objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:330 sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 sssd-ipa.5.xml:387
-#: sssd-ipa.5.xml:406
+#: sssd-ipa.5.xml:344 sssd-ipa.5.xml:363 sssd-ipa.5.xml:382 sssd-ipa.5.xml:401
+#: sssd-ipa.5.xml:420
 msgid ""
 "See <quote>ldap_search_base</quote> for information about configuring "
 "multiple search bases."
 msgstr ""
 
 #. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:335 sssd-ipa.5.xml:354 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 include/ldap_search_bases.xml:27
 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:356
 msgid "ipa_selinux_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:345
+#: sssd-ipa.5.xml:359
 msgid "Optional. Use the given string as search base for SELinux user maps."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:375
 msgid "ipa_subdomains_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364
+#: sssd-ipa.5.xml:378
 msgid "Optional. Use the given string as search base for trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:373
+#: sssd-ipa.5.xml:387
 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:380
+#: sssd-ipa.5.xml:394
 msgid "ipa_master_domain_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:383
+#: sssd-ipa.5.xml:397
 msgid "Optional. Use the given string as search base for master domain object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:406
 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:399
+#: sssd-ipa.5.xml:413
 msgid "ipa_views_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:402
+#: sssd-ipa.5.xml:416
 msgid "Optional. Use the given string as search base for views containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:411
+#: sssd-ipa.5.xml:425
 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:435
 msgid ""
 "The name of the Kerberos realm. This is optional and defaults to the value "
 "of <quote>ipa_domain</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:425
+#: sssd-ipa.5.xml:439
 msgid ""
 "The name of the Kerberos realm has a special meaning in IPA - it is "
 "converted into the base DN to use for performing LDAP operations."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:433 sssd-ad.5.xml:989
+#: sssd-ipa.5.xml:447 sssd-ad.5.xml:989
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:436 sssd-ad.5.xml:992
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:992
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:440 sssd-ad.5.xml:996
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:996
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:444 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1000
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:465
+msgid "ipa_deskprofile_refresh (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:468
 msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server. This will reduce the latency and load on the IPA server if there "
+"are many desktop profiles requests made in a short period."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ipa.5.xml:477 sssd-ad.5.xml:408
+#: sssd-ipa.5.xml:475 sssd-ipa.5.xml:505 sssd-ipa.5.xml:521 sssd-ad.5.xml:408
 msgid "Default: 5 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:481
+msgid "ipa_deskprofile_request_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:484
+msgid ""
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server in case the last request did not return any rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:489
+msgid "Default: 60 (minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:495
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:498
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:511
 msgid "ipa_hbac_selinux (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:470
+#: sssd-ipa.5.xml:514
 msgid ""
 "The amount of time between lookups of the SELinux maps against the IPA "
 "server. This will reduce the latency and load on the IPA server if there are "
@@ -8218,192 +8522,192 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:527
 msgid "ipa_server_mode (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:486
+#: sssd-ipa.5.xml:530
 msgid ""
 "This option will be set by the IPA installer (ipa-server-install) "
 "automatically and denotes if SSSD is running on an IPA server or not."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:535
 msgid ""
 "On an IPA server SSSD will lookup users and groups from trusted domains "
 "directly while on a client it will ask an IPA server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:502
+#: sssd-ipa.5.xml:546
 msgid "ipa_automount_location (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:505
+#: sssd-ipa.5.xml:549
 msgid "The automounter location this IPA client will be using"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508
+#: sssd-ipa.5.xml:552
 msgid "Default: The location named \"default\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:516
+#: sssd-ipa.5.xml:560
 msgid "VIEWS AND OVERRIDES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:525
+#: sssd-ipa.5.xml:569
 msgid "ipa_view_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:572
 msgid "Objectclass of the view container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:575
 msgid "Default: nsContainer"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:537
+#: sssd-ipa.5.xml:581
 msgid "ipa_view_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:540
+#: sssd-ipa.5.xml:584
 msgid "Name of the attribute holding the name of the view."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:550
+#: sssd-ipa.5.xml:594
 msgid "ipa_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:597
 msgid "Objectclass of the override objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:556
+#: sssd-ipa.5.xml:600
 msgid "Default: ipaOverrideAnchor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:606
 msgid "ipa_anchor_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:565
+#: sssd-ipa.5.xml:609
 msgid ""
 "Name of the attribute containing the reference to the original object in a "
 "remote domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:613
 msgid "Default: ipaAnchorUUID"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:619
 msgid "ipa_user_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:578
+#: sssd-ipa.5.xml:622
 msgid ""
 "Name of the objectclass for user overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:583
+#: sssd-ipa.5.xml:627
 msgid "User overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:586
+#: sssd-ipa.5.xml:630
 msgid "ldap_user_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:589
+#: sssd-ipa.5.xml:633
 msgid "ldap_user_uid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:592
+#: sssd-ipa.5.xml:636
 msgid "ldap_user_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:595
+#: sssd-ipa.5.xml:639
 msgid "ldap_user_gecos"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:598
+#: sssd-ipa.5.xml:642
 msgid "ldap_user_home_directory"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:601
+#: sssd-ipa.5.xml:645
 msgid "ldap_user_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:604
+#: sssd-ipa.5.xml:648
 msgid "ldap_user_ssh_public_key"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:653
 msgid "Default: ipaUserOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:615
+#: sssd-ipa.5.xml:659
 msgid "ipa_group_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:618
+#: sssd-ipa.5.xml:662
 msgid ""
 "Name of the objectclass for group overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:623
+#: sssd-ipa.5.xml:667
 msgid "Group overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:626
+#: sssd-ipa.5.xml:670
 msgid "ldap_group_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:629
+#: sssd-ipa.5.xml:673
 msgid "ldap_group_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
+#: sssd-ipa.5.xml:678
 msgid "Default: ipaGroupOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:518
+#: sssd-ipa.5.xml:562
 msgid ""
 "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
 "later version. Since all paths and objectclasses are fixed on the server "
@@ -8413,19 +8717,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:646
+#: sssd-ipa.5.xml:690
 msgid "SUBDOMAINS PROVIDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:692
 msgid ""
 "The IPA subdomains provider behaves slightly differently if it is configured "
 "explicitly or implicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:652
+#: sssd-ipa.5.xml:696
 msgid ""
 "If the option 'subdomains_provider = ipa' is found in the domain section of "
 "sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -8433,7 +8737,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:658
+#: sssd-ipa.5.xml:702
 msgid ""
 "If the option 'subdomains_provider' is not set in the domain section of sssd."
 "conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -8445,7 +8749,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:675
+#: sssd-ipa.5.xml:719
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -8453,7 +8757,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:682
+#: sssd-ipa.5.xml:726
 #, no-wrap
 msgid ""
 "[domain/example.com]\n"
@@ -9341,10 +9645,10 @@ msgstr ""
 #: sssd-ad.5.xml:828
 msgid ""
 "This option should only be used to test the machine account renewal task. "
-"The option expect 2 integers seperated by a colon (':'). The first integer "
+"The option expects 2 integers separated by a colon (':'). The first integer "
 "defines the interval in seconds how often the task is run. The second "
-"specifies the inital timeout in seconds before the task is run for the first "
-"time after startup."
+"specifies the initial timeout in seconds before the task is run for the "
+"first time after startup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -9448,8 +9752,8 @@ msgid ""
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
+#. type: Content of: <reference><refentry><refmeta><refentrytitle>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
 msgid "sssd-sudo"
 msgstr ""
 
@@ -9772,12 +10076,12 @@ msgid "Run in the foreground, don't become a daemon."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117 sss_debuglevel.8.xml:42
+#: sssd.8.xml:117
 msgid "<option>-c</option>,<option>--config</option>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121 sss_debuglevel.8.xml:46
+#: sssd.8.xml:121
 msgid ""
 "Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
 "conf</filename>. For reference on the config file syntax and options, "
@@ -11447,7 +11751,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_debuglevel.8.xml:16
-msgid "change debug level while SSSD is running"
+msgid "[DEPRECATED] change debug level while SSSD is running"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
@@ -11461,14 +11765,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_debuglevel.8.xml:32
 msgid ""
-"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
-"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
-"running."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_debuglevel.8.xml:59
-msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl "
+"debug-level command. Please refer to the <command>sssctl</command> man page "
+"for more information on sssctl usage."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
@@ -11865,7 +12164,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><title>
-#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:182 include/seealso.xml:2
+#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:180 include/seealso.xml:2
 msgid "SEE ALSO"
 msgstr ""
 
@@ -12038,7 +12337,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: idmap_sss.8.xml:16
-msgid "SSSSD's idmap_sss Backend for Winbind"
+msgid "SSSD's idmap_sss Backend for Winbind"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
@@ -12065,11 +12364,6 @@ msgid ""
 "authoritative."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><title>
-#: idmap_sss.8.xml:43
-msgid "EXAMPLES"
-msgstr ""
-
 #. type: Content of: <reference><refentry><refsect1><para>
 #: idmap_sss.8.xml:45
 msgid ""
@@ -12235,20 +12529,53 @@ msgid ""
 "nested."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:69
+msgid "secrets"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:70
+msgid "secrets for general usage"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:73
+msgid "kcm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:75
+msgid ""
+"used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:61
+msgid ""
+"Since the secrets responder can be used both externally to store general "
+"secrets, as described in the rest of this man page, but also internally by "
+"other SSSD components to store their secret material, some configuration "
+"options, like quotas can be configured per <quote>hive</quote> in a "
+"configuration subsection named after the hive. The currently supported hives "
+"are: <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:63
+#: sssd-secrets.5.xml:89
 msgid "USING THE SECRETS RESPONDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:65
+#: sssd-secrets.5.xml:91
 msgid ""
 "The UNIX socket the SSSD responder listens on is located at <filename>/var/"
 "run/secrets.socket</filename>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:84 sssd-kcm.8.xml:132
+#: sssd-secrets.5.xml:110
 #, no-wrap
 msgid ""
 "systemctl start sssd-secrets.socket\n"
@@ -12258,7 +12585,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:69
+#: sssd-secrets.5.xml:95
 msgid ""
 "The secrets responder is socket-activated by <citerefentry> "
 "<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </"
@@ -12273,7 +12600,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:96
+#: sssd-secrets.5.xml:122
 msgid ""
 "The generic SSSD responder options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the secrets responder.  Please refer "
@@ -12282,18 +12609,27 @@ msgid ""
 "there are some secrets-specific options as well."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:132
+msgid ""
+"The secrets responder is configured with a global <quote>[secrets]</quote> "
+"section and an optional per-user <quote>[secrets/users/$uid]</quote> section "
+"in <filename>sssd.conf</filename>. Please note that some options, notably as "
+"the provider type, can only be specified in the per-user subsections."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:107
+#: sssd-secrets.5.xml:141
 msgid "provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:120
+#: sssd-secrets.5.xml:157
 msgid "local"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:123
+#: sssd-secrets.5.xml:160
 msgid ""
 "The secrets are stored in a local database, encrypted at rest with a master "
 "key. The local provider does not have any additional config options at the "
@@ -12301,141 +12637,190 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:131
+#: sssd-secrets.5.xml:168
 msgid "proxy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:134
+#: sssd-secrets.5.xml:171
 msgid ""
 "The secrets responder forwards the requests to a Custodia server. The proxy "
 "provider supports several additional options (see below)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:110
+#: sssd-secrets.5.xml:144
 msgid ""
 "This option specifies where should the secrets be stored. The secrets "
-"responder can configure a per-user subsections that define which provider "
-"store the secrets for this particular user. The per-user subsections should "
-"contain all options for that user's provider. If a per-user section does not "
-"exist, the global settings from the secret responder's section are used.  "
-"The following providers are supported: <placeholder type=\"variablelist\" id="
-"\"0\"/>"
+"responder can configure a per-user subsections (e.g. <quote>[secrets/"
+"users/123]</quote> - see bottom of this manual page for a full example using "
+"Custodia for a particular user) that define which provider store the secrets "
+"for this particular user. The per-user subsections should contain all "
+"options for that user's provider. Please note that currently the global "
+"provider is always local, the proxy provider can only be specified in a per-"
+"user section. The following providers are supported: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:143
+#: sssd-secrets.5.xml:180
 msgid "Default: local"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:186
+msgid ""
+"The following options affect only the secrets <quote>hive</quote> and "
+"therefore should be set in a per-hive subsection. Setting the option to 0 "
+"means \"unlimited\"."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:148
+#: sssd-secrets.5.xml:192
 msgid "containers_nest_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:151
+#: sssd-secrets.5.xml:195
 msgid "This option specifies the maximum allowed number of nested containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:155
+#: sssd-secrets.5.xml:199
 msgid "Default: 4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:160
+#: sssd-secrets.5.xml:204
 msgid "max_secrets (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:163
-msgid "This option specifies the maximum number of secrets that can be stored."
+#: sssd-secrets.5.xml:207
+msgid ""
+"This option specifies the maximum number of secrets that can be stored in "
+"the hive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:167
-msgid "Default: 1024"
+#: sssd-secrets.5.xml:211
+msgid "Default: 1024 (secrets hive), 256 (kcm hive)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:172
+#: sssd-secrets.5.xml:216
+msgid "max_uid_secrets (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:219
+msgid ""
+"This option specifies the maximum number of secrets that can be stored per-"
+"UID in the hive."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:223
+msgid "Default: 256 (secrets hive), 64 (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:228
 msgid "max_payload_size (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:175
+#: sssd-secrets.5.xml:231
 msgid ""
 "This option specifies the maximum payload size allowed for a secret payload "
 "in kilobytes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:179
-msgid "Default: 16"
+#: sssd-secrets.5.xml:235
+msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-secrets.5.xml:244
+#, no-wrap
+msgid ""
+"[secrets/secrets]\n"
+"max_payload_size = 128\n"
+"\n"
+"[secrets/kcm]\n"
+"max_payload_size = 256\n"
+"            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:241
+msgid ""
+"For example, to adjust quotas differently for both the <quote>secrets</"
+"quote> and the <quote>kcm</quote> hives, configure the following: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:185
+#: sssd-secrets.5.xml:252
 msgid ""
 "The following options are only applicable for configurations that use the "
 "<quote>proxy</quote> provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:190
+#: sssd-secrets.5.xml:257
 msgid "proxy_url (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:193
+#: sssd-secrets.5.xml:260
 msgid ""
 "The URL the Custodia server is listening on. At the moment, http and https "
 "protocols are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:200
+#: sssd-secrets.5.xml:267
 msgid "http[s]://&lt;host&gt;[:port]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:203
+#: sssd-secrets.5.xml:270
 msgid "Example: http://localhost:8080"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:208
+#: sssd-secrets.5.xml:275
 msgid "auth_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:211
+#: sssd-secrets.5.xml:278
 msgid ""
 "The method to use when authenticating to a Custodia server. The following "
 "authentication methods are supported:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:216
+#: sssd-secrets.5.xml:283
 msgid "basic_auth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:219
+#: sssd-secrets.5.xml:286
 msgid ""
 "Authenticate with a username and a password as set in the <quote>username</"
 "quote> and <quote>password</quote> options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:226
+#: sssd-secrets.5.xml:293
 msgid "header"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:229
+#: sssd-secrets.5.xml:296
 msgid ""
 "Authenticate with HTTP header value as defined in the "
 "<quote>auth_header_name</quote> and <quote>auth_header_value</quote> "
@@ -12443,12 +12828,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:240
+#: sssd-secrets.5.xml:307
 msgid "auth_header_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:243
+#: sssd-secrets.5.xml:310
 msgid ""
 "If set, the secrets responder would put a header with this name into the "
 "HTTP request with the value defined in the <quote>auth_header_value</quote> "
@@ -12456,81 +12841,81 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:248
+#: sssd-secrets.5.xml:315
 msgid "Example: MYSECRETNAME"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:253
+#: sssd-secrets.5.xml:320
 msgid "auth_header_value (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:256
+#: sssd-secrets.5.xml:323
 msgid ""
 "The value sssd-secrets would use for the <quote>auth_header_name</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:260
+#: sssd-secrets.5.xml:327
 msgid "Example: mysecret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:265
+#: sssd-secrets.5.xml:332
 msgid "forward_headers (list of strings)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:268
+#: sssd-secrets.5.xml:335
 msgid ""
 "The list of HTTP headers to forward to the Custodia server together with the "
 "request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:277
+#: sssd-secrets.5.xml:344
 msgid "verify_peer (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:280
+#: sssd-secrets.5.xml:347
 msgid ""
 "Whether peer's certificate should be verified and valid if HTTPS protocol is "
 "used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:289
+#: sssd-secrets.5.xml:356
 msgid "verify_host (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:292
+#: sssd-secrets.5.xml:359
 msgid ""
 "Whether peer's hostname must match with hostname in its certificate if HTTPS "
 "protocol is used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:302
+#: sssd-secrets.5.xml:369
 msgid "capath (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:305
+#: sssd-secrets.5.xml:372
 msgid ""
 "Path to directory containing stored certificate authority certificates. "
 "System default path is used if this option is not set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:315
+#: sssd-secrets.5.xml:382
 msgid "cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:318
+#: sssd-secrets.5.xml:385
 msgid ""
 "Path to file containing server's certificate authority certificate. If this "
 "option is not set then the CA's certificate is looked up in <quote>capath</"
@@ -12538,12 +12923,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:328
+#: sssd-secrets.5.xml:395
 msgid "cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:331
+#: sssd-secrets.5.xml:398
 msgid ""
 "Path to file containing client's certificate if required by the server. This "
 "file may also contain private key or the private key may be in separate file "
@@ -12551,22 +12936,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:342
+#: sssd-secrets.5.xml:409
 msgid "key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:345
+#: sssd-secrets.5.xml:412
 msgid "Path to file containing client's private key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:355
+#: sssd-secrets.5.xml:422
 msgid "USING THE REST API"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:357
+#: sssd-secrets.5.xml:424
 msgid ""
 "This section lists the available commands and includes examples using the "
 "<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> "
@@ -12581,19 +12966,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:374
+#: sssd-secrets.5.xml:441
 msgid "Listing secrets"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:377
+#: sssd-secrets.5.xml:444
 msgid ""
 "To list the available secrets, send a HTTP GET request with a trailing slash "
 "appended to the container path."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:383
+#: sssd-secrets.5.xml:450
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12603,19 +12988,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:391
+#: sssd-secrets.5.xml:458
 msgid "Retrieving a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:394
+#: sssd-secrets.5.xml:461
 msgid ""
 "To read a value of a single secret, send a HTTP GET request without a "
 "trailing slash. The last portion of the URI is the name of the secret."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:401
+#: sssd-secrets.5.xml:468
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12625,7 +13010,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:406
+#: sssd-secrets.5.xml:473
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -12635,19 +13020,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:399
+#: sssd-secrets.5.xml:466
 msgid ""
 "Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
 "\"programlisting\" id=\"1\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:414
+#: sssd-secrets.5.xml:481
 msgid "Setting a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:417
+#: sssd-secrets.5.xml:484
 msgid ""
 "To set a secret using the <quote>application/json</quote> type, send a HTTP "
 "PUT request with a JSON payload that includes type and value. The type "
@@ -12656,14 +13041,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:425
+#: sssd-secrets.5.xml:492
 msgid ""
 "The <quote>application/json</quote> type just sends the secret as the "
 "message payload."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:434
+#: sssd-secrets.5.xml:501
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12674,7 +13059,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:440
+#: sssd-secrets.5.xml:507
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -12685,7 +13070,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:429
+#: sssd-secrets.5.xml:496
 msgid ""
 "The following example sets a secret named 'foo' to a value of 'foosecret' "
 "and a secret named 'bar' to a value of 'barsecret' using a different Content "
@@ -12694,12 +13079,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:449
+#: sssd-secrets.5.xml:516
 msgid "Creating a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:452
+#: sssd-secrets.5.xml:519
 msgid ""
 "Containers provide an additional namespace for this user's secrets. To "
 "create a container, send a HTTP POST request, whose URI ends with the "
@@ -12707,7 +13092,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:462
+#: sssd-secrets.5.xml:529
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12717,14 +13102,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:459
+#: sssd-secrets.5.xml:526
 msgid ""
 "The following example creates a container named 'mycontainer': <placeholder "
 "type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:471
+#: sssd-secrets.5.xml:538
 #, no-wrap
 msgid ""
 "http://localhost/secrets/mycontainer/mysecret\n"
@@ -12732,26 +13117,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:468
+#: sssd-secrets.5.xml:535
 msgid ""
 "To manipulate secrets under this container, just nest the secrets underneath "
 "the container path: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:477
+#: sssd-secrets.5.xml:544
 msgid "Deleting a secret or a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:480
+#: sssd-secrets.5.xml:547
 msgid ""
 "To delete a secret or a container, send a HTTP DELETE request with a path to "
 "the secret or the container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:486
+#: sssd-secrets.5.xml:553
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12761,19 +13146,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:484
+#: sssd-secrets.5.xml:551
 msgid ""
 "The following example deletes a secret named 'foo'.  <placeholder type="
 "\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:496
+#: sssd-secrets.5.xml:563
 msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:498
+#: sssd-secrets.5.xml:565
 msgid ""
 "For testing the proxy provider, you need to set up a Custodia server to "
 "proxy requests to. Please always consult the Custodia documentation, the "
@@ -12781,7 +13166,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:509
+#: sssd-secrets.5.xml:576
 #, no-wrap
 msgid ""
 "[global]\n"
@@ -12811,7 +13196,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:503
+#: sssd-secrets.5.xml:570
 msgid ""
 "This configuration will set up a Custodia server listening on http://"
 "localhost:8080, allowing anyone with header named MYSECRETNAME set to "
@@ -12821,14 +13206,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:535
+#: sssd-secrets.5.xml:602
 msgid ""
 "Then run the <replaceable>custodia</replaceable> command, pointing it at the "
 "config file as a command line argument."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:539
+#: sssd-secrets.5.xml:606
 msgid ""
 "Please note that currently it's not possible to proxy all requests globally "
 "to a Custodia instance. Instead, per-user subsections for user IDs that "
@@ -12839,7 +13224,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><programlisting>
-#: sssd-secrets.5.xml:547
+#: sssd-secrets.5.xml:614
 #, no-wrap
 msgid ""
 "[secrets]\n"
@@ -12854,6 +13239,71 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-session-recording.5.xml:16
+msgid "sssd-session-recording"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-session-recording.5.xml:17
+msgid "Configuring session recording with SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:23
+msgid ""
+"This manual page describes how to configure <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to "
+"implement user session recording on text terminals.  For a detailed "
+"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> "
+"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:41
+msgid ""
+"SSSD can be set up to enable recording of everything specific users see or "
+"type during their sessions on text terminals. E.g.  when users log in on the "
+"console, or via SSH. SSSD itself doesn't record anything, but makes sure "
+"tlog-rec-session is started upon user login, so it can record according to "
+"its configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:48
+msgid ""
+"For users with session recording enabled, SSSD replaces the user shell with "
+"tlog-rec-session in NSS responses, and adds a variable specifying the "
+"original shell to the user environment, upon PAM session setup. This way "
+"tlog-rec-session can be started in place of the user shell, and know which "
+"actual shell to start, once it set up the recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:60
+msgid "These options can be used to configure the session recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:146
+msgid ""
+"The following snippet of sssd.conf enables session recording for users "
+"\"contractor1\" and \"contractor2\", and group \"students\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-session-recording.5.xml:151
+#, no-wrap
+msgid ""
+"[session_recording]\n"
+"scope = some\n"
+"users = contractor1, contractor2\n"
+"groups = students\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
 msgid "sssd-kcm"
 msgstr ""
@@ -12970,7 +13420,6 @@ msgstr ""
 msgid ""
 "systemctl start sssd-kcm.socket\n"
 "systemctl enable sssd-kcm.socket\n"
-"systemctl enable sssd-kcm.service\n"
 "            "
 msgstr ""
 
@@ -12987,12 +13436,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-kcm.8.xml:123
+#: sssd-kcm.8.xml:122
 msgid "THE CREDENTIAL CACHE STORAGE"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:131
+#, no-wrap
+msgid ""
+"systemctl start sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.socket\n"
+"            "
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:125
+#: sssd-kcm.8.xml:124
 msgid ""
 "The credential caches are stored in the SSSD secrets service (see "
 "<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
@@ -13003,7 +13461,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:143
+#: sssd-kcm.8.xml:141
 msgid ""
 "The KCM service is configured in the <quote>kcm</quote> section of the sssd."
 "conf file. Please note that currently, is it not sufficient to restart the "
@@ -13016,7 +13474,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:157
+#: sssd-kcm.8.xml:155
 msgid ""
 "The generic SSSD service options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the kcm service.  Please refer to "
@@ -13026,28 +13484,408 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-kcm.8.xml:168
+#: sssd-kcm.8.xml:166
 msgid "socket_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:171
+#: sssd-kcm.8.xml:169
 msgid "The socket the KCM service will listen on."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:174
+#: sssd-kcm.8.xml:172
 msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:184
+#: sssd-kcm.8.xml:182
 msgid ""
 "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>,"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
+msgid "sssd-systemtap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-systemtap.5.xml:17
+msgid "SSSD systemtap information"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:23
+msgid ""
+"This manual page provides information about the systemtap functionality in "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:32
+msgid ""
+"SystemTap Probe points have been added into various locations in SSSD code "
+"to assist in troubleshooting and analyzing performance related issues."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:40
+msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:46
+msgid ""
+"Probes and miscellaneous functions are defined in /usr/share/systemtap/"
+"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp "
+"respectively."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-systemtap.5.xml:57
+msgid "PROBE POINTS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:341
+msgid ""
+"The information below lists the probe points and arguments available in the "
+"following format:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:64
+msgid "probe $name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:67
+msgid "Description of probe point"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:70
+#, no-wrap
+msgid ""
+"variable1:datatype\n"
+"variable2:datatype\n"
+"variable3:datatype\n"
+"...\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:80
+msgid "Database Transaction Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:84
+msgid "probe sssd_transaction_start"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:87
+msgid ""
+"Start of a sysdb transaction, probes the sysdb_transaction_start() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118
+#: sssd-systemtap.5.xml:131
+#, no-wrap
+msgid ""
+"nesting:integer\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:97
+msgid "probe sssd_transaction_cancel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:100
+msgid ""
+"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel()  "
+"function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:111
+msgid "probe sssd_transaction_commit_before"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:114
+msgid "Probes the sysdb_transaction_commit_before()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:124
+msgid "probe sssd_transaction_commit_after"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:127
+msgid "Probes the sysdb_transaction_commit_after()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:141
+msgid "LDAP Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:145
+msgid "probe sdap_search_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:148
+msgid "Probes the sdap_get_generic_ext_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:152 sssd-systemtap.5.xml:167 sssd-systemtap.5.xml:196
+#, no-wrap
+msgid ""
+"base:string\n"
+"scope:integer\n"
+"filter:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:160
+msgid "probe sdap_search_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:163
+msgid "Probes the sdap_get_generic_ext_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:175
+msgid "probe sdap_deref_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:178
+msgid "Probes the sdap_deref_search_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:182
+#, no-wrap
+msgid ""
+"base_dn:string\n"
+"deref_attr:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:189
+msgid "probe sdap_deref_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:192
+msgid "Probes the sdap_deref_search_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:208
+msgid "LDAP Account Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:212
+msgid "probe sdap_acct_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:215
+msgid "Probes the sdap_acct_req_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:219 sssd-systemtap.5.xml:234
+#, no-wrap
+msgid ""
+"entry_type:int\n"
+"filter_type:int\n"
+"filter_value:string\n"
+"extra_value:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:227
+msgid "probe sdap_acct_req_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:230
+msgid "Probes the sdap_acct_req_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:246
+msgid "LDAP User Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:250
+msgid "probe sdap_search_user_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:253
+msgid "Probes the sdap_search_user_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
+#: sssd-systemtap.5.xml:293
+#, no-wrap
+msgid ""
+"filter:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:262
+msgid "probe sdap_search_user_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:265
+msgid "Probes the sdap_search_user_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:274
+msgid "probe sdap_search_user_save_begin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:277
+msgid "Probes the sdap_search_user_save_begin()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:286
+msgid "probe sdap_search_user_save_end"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:289
+msgid "Probes the sdap_search_user_save_end()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:302
+msgid "Data Provider Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:306
+msgid "probe dp_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:309
+msgid "A Data Provider request is submitted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:312
+#, no-wrap
+msgid ""
+"dp_req_domain:string\n"
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:320
+msgid "probe dp_req_done"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:323
+msgid "A Data Provider request is completed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:326
+#, no-wrap
+msgid ""
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"dp_ret:int\n"
+"dp_errorstr:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:339
+msgid "MISCELLANEOUS FUNCTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:346
+msgid "function acct_req_desc(entry_type)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:349
+msgid "Convert entry_type to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:354
+msgid ""
+"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
+"filter_value, extra_value)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:358
+msgid "Create probe string based on filter type"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:363
+msgid "function dp_target_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:366
+msgid "Convert target to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:371
+msgid "function dp_method_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:374
+msgid "Convert method to string and return string"
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
 msgid "SERVICE DISCOVERY"
@@ -13197,6 +14035,67 @@ msgid ""
 "offline mode, and then attempts to reconnect every 30 seconds."
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:53
+msgid "Failover time outs and tuning"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:55
+msgid ""
+"Resolving a server to connect to can be as simple as running a single DNS "
+"query or can involve several steps, such as finding the correct site or "
+"trying out multiple host names in case some of the configured servers are "
+"not reachable. The more complex scenarios can take some time and SSSD needs "
+"to balance between providing enough time to finish the resolution process "
+"but on the other hand, not trying for too long before falling back to "
+"offline mode. If the SSSD debug logs show that the server resolution is "
+"timing out before a live server is contacted, you can consider changing the "
+"time outs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:76
+msgid "dns_resolver_op_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:80
+msgid "How long would SSSD talk to a single DNS server."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:86
+msgid "dns_resolver_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:90
+msgid ""
+"How long would SSSD try to resolve a failover service. This service "
+"resolution internally might include several steps, such as resolving DNS SRV "
+"queries or locating the site."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:67
+msgid ""
+"This section lists the available tunables. Please refer to their description "
+"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, manual page.  <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:100
+msgid ""
+"For LDAP-based providers, the resolve operation is performed as part of an "
+"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"quote> timeout should be set to a larger value than "
+"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
+"value than <quote>dns_resolver_op_timeout</quote>."
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/ldap_id_mapping.xml:2
 msgid "ID MAPPING"
@@ -13776,34 +14675,37 @@ msgid ""
 "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> "
 "<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
+"citerefentry>, </phrase> <citerefentry> <refentrytitle>sssd-session-"
+"recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, "
+"<citerefentry> <refentrytitle>sss_cache</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
-"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
+"\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
 "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>.  <citerefentry> "
 "<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
+"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
+"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> </phrase>"
 msgstr ""
 
 #. type: Content of: <listitem><para>
@@ -14094,42 +14996,37 @@ msgstr ""
 msgid "ldap_user_auth_type = ipaUserAuthType"
 msgstr ""
 
-#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:88
-msgid "ldap_user_certificate = userCertificate;binary"
-msgstr ""
-
 #. type: Content of: <refsect1><refsect2><title>
-#: include/ipa_modified_defaults.xml:94
+#: include/ipa_modified_defaults.xml:89
 msgid "LDAP Provider - Group options"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:98
+#: include/ipa_modified_defaults.xml:93
 msgid "ldap_group_object_class = ipaUserGroup"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:103
+#: include/ipa_modified_defaults.xml:98
 msgid "ldap_group_object_class_alt = posixGroup"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:108
+#: include/ipa_modified_defaults.xml:103
 msgid "ldap_group_member = member"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:113
+#: include/ipa_modified_defaults.xml:108
 msgid "ldap_group_uuid = ipaUniqueID"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:118
+#: include/ipa_modified_defaults.xml:113
 msgid "ldap_group_objectsid = ipaNTSecurityIdentifier"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:123
+#: include/ipa_modified_defaults.xml:118
 msgid "ldap_group_external_member = ipaExternalMember"
 msgstr ""
diff --git a/src/man/po/fi.po b/src/man/po/fi.po
index 8d487f49c..74dfb431c 100644
--- a/src/man/po/fi.po
+++ b/src/man/po/fi.po
@@ -1,9 +1,9 @@
 # Toni Rantala <trantalafilo@gmail.com>, 2017. #zanata
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.12.90\n"
+"Project-Id-Version: sssd-docs 1.15.3\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2017-07-25 11:51+0200\n"
+"POT-Creation-Date: 2017-10-20 16:15+0200\n"
 "PO-Revision-Date: 2017-03-24 08:46-0400\n"
 "Last-Translator: Toni Rantala <trantalafilo@gmail.com>\n"
 "Language-Team: Finnish\n"
@@ -24,7 +24,8 @@ msgstr ""
 #: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
 #: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
 #: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5
-#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-kcm.8.xml:5
+#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-session-recording.5.xml:5
+#: sssd-kcm.8.xml:5 sssd-systemtap.5.xml:5
 msgid "SSSD Manual pages"
 msgstr "SSSD ohjesivut"
 
@@ -66,7 +67,8 @@ msgstr ""
 #: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31
 #: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
 #: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30
-#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-kcm.8.xml:21
+#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-session-recording.5.xml:21
+#: sssd-kcm.8.xml:21 sssd-systemtap.5.xml:21
 msgid "DESCRIPTION"
 msgstr "KUVAUS"
 
@@ -81,8 +83,8 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "VALINNAT"
 
@@ -124,7 +126,8 @@ msgstr "sssd.conf"
 #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
 #: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11
 #: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
-#: sssd-files.5.xml:11 sssd-secrets.5.xml:11
+#: sssd-files.5.xml:11 sssd-secrets.5.xml:11 sssd-session-recording.5.xml:11
+#: sssd-systemtap.5.xml:11
 msgid "5"
 msgstr "5"
 
@@ -132,7 +135,8 @@ msgstr "5"
 #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
 #: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12
 #: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
-#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-kcm.8.xml:12
+#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-session-recording.5.xml:12
+#: sssd-kcm.8.xml:12 sssd-systemtap.5.xml:12
 msgid "File Formats and Conventions"
 msgstr ""
 
@@ -258,10 +262,8 @@ msgstr "debug_level (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:112
-#, fuzzy
-#| msgid "debug_level (integer)"
 msgid "debug (integer)"
-msgstr "debug_level (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:115
@@ -285,11 +287,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:813
-#: sssd.conf.5.xml:1422 sssd-ldap.5.xml:1695 sssd-ldap.5.xml:1792
-#: sssd-ldap.5.xml:1854 sssd-ldap.5.xml:2411 sssd-ldap.5.xml:2476
-#: sssd-ldap.5.xml:2494 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:284 sssd-secrets.5.xml:297
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
+#: sssd.conf.5.xml:1467 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1881 sssd-ldap.5.xml:2447 sssd-ldap.5.xml:2512
+#: sssd-ldap.5.xml:2530 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
+#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr "Oletus:tosi"
 
@@ -306,17 +308,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:697
-#: sssd.conf.5.xml:1376 sssd.conf.5.xml:2691 sssd-ldap.5.xml:708
-#: sssd-ldap.5.xml:1569 sssd-ldap.5.xml:1588 sssd-ldap.5.xml:1764
-#: sssd-ldap.5.xml:2181 sssd-ipa.5.xml:144 sssd-ipa.5.xml:231
-#: sssd-ipa.5.xml:496 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
+#: sssd.conf.5.xml:1400 sssd.conf.5.xml:2865 sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:1596 sssd-ldap.5.xml:1615 sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:2217 sssd-ipa.5.xml:145 sssd-ipa.5.xml:232
+#: sssd-ipa.5.xml:540 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
 #: sssd-krb5.5.xml:471
 msgid "Default: false"
 msgstr "Oletus:epätosi"
 
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2219
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2255
+#: sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:210
+#: sssd-systemtap.5.xml:248 sssd-systemtap.5.xml:304
 msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
 
@@ -339,8 +343,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1328 sssd.conf.5.xml:2707
-#: sssd-ldap.5.xml:1440 include/ldap_id_mapping.xml:264
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1352 sssd.conf.5.xml:2881
+#: sssd-ldap.5.xml:1467 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr ""
 
@@ -355,7 +359,7 @@ msgid "The [sssd] section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:2796
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:2970
 msgid "Section parameters"
 msgstr ""
 
@@ -403,19 +407,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:589
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
 msgid "reconnection_retries (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:592
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:597
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
 msgid "Default: 3"
 msgstr ""
 
@@ -435,7 +439,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2508
 msgid "re_expression (string)"
 msgstr ""
 
@@ -455,12 +459,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2391
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2559
 msgid "full_name_format (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2394
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2562
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -468,39 +472,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2405
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2573
 msgid "%1$s"
 msgstr "%1$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2574
 msgid "user name"
 msgstr "käyttäjänimi"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2577
 msgid "%2$s"
 msgstr "%2$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2412
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2580
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2418
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2586
 msgid "%3$s"
 msgstr "%3$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2421
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2589
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2402
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2570
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -624,11 +628,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1132 sssd-ldap.5.xml:679
-#: sssd-ldap.5.xml:1528 sssd-ldap.5.xml:1540 sssd-ldap.5.xml:1622
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1156 sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:1555 sssd-ldap.5.xml:1567 sssd-ldap.5.xml:1649
 #: sssd-ad.5.xml:667 sssd-ad.5.xml:742 sssd-krb5.5.xml:410 sssd-krb5.5.xml:556
-#: sssd-secrets.5.xml:272 sssd-secrets.5.xml:310 sssd-secrets.5.xml:323
-#: sssd-secrets.5.xml:337 sssd-secrets.5.xml:348
+#: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
+#: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415
 #: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
 msgid "Default: not set"
 msgstr "Oletus: ei asetettu"
@@ -799,8 +803,24 @@ msgid ""
 "be looked up in a random order for each parent domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:563
+msgid ""
+"Please, note that when this option is set the output format of all commands "
+"is always fully-qualified even when using short names for input.  In case "
+"the administrator wants the output not fully-qualified, the full_name_format "
+"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
+"However, keep in mind that during login, login applications often "
+"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
+"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
+"shortname is returned for a qualified input (while trying to reach a user "
+"which exists in multiple domains) might re-route the login attempt into the "
+"domain which users shortnames, making this workaround totally not "
+"recommended in cases where usernames may overlap between domains."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563 sssd.conf.5.xml:1340 sssd.conf.5.xml:2757
+#: sssd.conf.5.xml:587 sssd.conf.5.xml:1364 sssd.conf.5.xml:2931
 #: sssd-ad.5.xml:148 sssd-ad.5.xml:286 sssd-ad.5.xml:300
 msgid "Default: Not set"
 msgstr ""
@@ -817,12 +837,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:574
+#: sssd.conf.5.xml:598
 msgid "SERVICES SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:600
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -831,22 +851,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:607
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:609
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:626
 msgid "fd_limit"
 msgstr "fd_limit"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:605
+#: sssd.conf.5.xml:629
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -856,17 +876,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:614
+#: sssd.conf.5.xml:638
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:643
 msgid "client_idle_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:646
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -876,18 +896,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:631 sssd.conf.5.xml:663 sssd.conf.5.xml:944
-#: sssd.conf.5.xml:1198 sssd-ldap.5.xml:1267
+#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
+#: sssd.conf.5.xml:1222 sssd-ldap.5.xml:1294
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:660
 msgid "offline_timeout (integer)"
 msgstr "offline_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:663
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -895,24 +915,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:670
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:673
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:678
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:681
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -920,14 +940,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:668
-#, fuzzy
-#| msgid "client_idle_timeout"
+#: sssd.conf.5.xml:692
 msgid "responder_idle_timeout"
-msgstr "client_idle_timeout"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:695
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -939,58 +957,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685 sssd.conf.5.xml:956 sssd.conf.5.xml:1514
+#: sssd.conf.5.xml:709 sssd.conf.5.xml:980 sssd.conf.5.xml:1559
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:690
+#: sssd.conf.5.xml:714
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:717
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:729
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:731
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:712
+#: sssd.conf.5.xml:736
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715
+#: sssd.conf.5.xml:739
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:719
+#: sssd.conf.5.xml:743
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:748
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
+#: sssd.conf.5.xml:751
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -998,7 +1016,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:733
+#: sssd.conf.5.xml:757
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1008,7 +1026,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:767
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1017,17 +1035,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:775 sssd.conf.5.xml:1421
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:780
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:783
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1035,36 +1053,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:765 sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:789 sssd.conf.5.xml:1445
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:770
-#, fuzzy
-#| msgid "offline_timeout (integer)"
+#: sssd.conf.5.xml:794
 msgid "local_negative_timeout (integer)"
-msgstr "offline_timeout (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:773
+#: sssd.conf.5.xml:797
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778 sssd.conf.5.xml:1186 sssd.conf.5.xml:2641 sssd.8.xml:79
+#: sssd.conf.5.xml:802 sssd.conf.5.xml:1210 sssd.conf.5.xml:2815 sssd.8.xml:79
 msgid "Default: 0"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:807
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:786
+#: sssd.conf.5.xml:810
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1073,7 +1089,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:817
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1082,41 +1098,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:801
+#: sssd.conf.5.xml:825
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:830
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:833
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:820
+#: sssd.conf.5.xml:844
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:847
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:852
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:834
+#: sssd.conf.5.xml:858
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1124,23 +1140,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1265 sssd.conf.5.xml:1284
+#: sssd.conf.5.xml:856 sssd.conf.5.xml:1289 sssd.conf.5.xml:1308
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:862
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:868
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:871
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1148,47 +1164,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:877
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:883
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:886
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:889
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:869
+#: sssd.conf.5.xml:893
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:898
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:879
+#: sssd.conf.5.xml:903
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:906
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1196,105 +1212,105 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:913
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:892
+#: sssd.conf.5.xml:916
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:920
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:925
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:904
+#: sssd.conf.5.xml:928
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:909
+#: sssd.conf.5.xml:933
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:936
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:940
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:945
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:948
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:954
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:937 sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:961 sssd.conf.5.xml:1215
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1218
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:973
 msgid "memcache_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:952
+#: sssd.conf.5.xml:976
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:983
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:967 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:991 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:994
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1305,96 +1321,96 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1007
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1012
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:993
+#: sssd.conf.5.xml:1017
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:996
+#: sssd.conf.5.xml:1020
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1025 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1004
+#: sssd.conf.5.xml:1028
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1012
+#: sssd.conf.5.xml:1036
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1038
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1043
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1022
+#: sssd.conf.5.xml:1046
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027 sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1051 sssd.conf.5.xml:1064
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1057
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1060
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1070
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1073
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1078
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1402,124 +1418,122 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1084 sssd.conf.5.xml:1182
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1090
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1093
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1098
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1101
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1104
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1108
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1111
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.8.xml:63
+#: sssd.conf.5.xml:1115 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1121
 msgid "pam_response_filter (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1124
 msgid ""
-"A comma separated list of strings which allows to remove (filter) data send "
+"A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
-"responses send to pam_sss e.g. messages displayed to the user or environment "
+"responses sent to pam_sss e.g. messages displayed to the user or environment "
 "variables which should be set by pam_sss."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1132
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1139
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1116
-msgid "Do not sent any environment variables to any service."
+#: sssd.conf.5.xml:1140
+msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1143
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
-msgid "Do not sent environment variable var_name to any service."
+#: sssd.conf.5.xml:1144
+msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1148
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1125
-msgid "Do not sent environment variable var_name to service."
+#: sssd.conf.5.xml:1149
+msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
-#, fuzzy
-#| msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
+#: sssd.conf.5.xml:1137
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
-msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1159
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1165
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1168
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1527,7 +1541,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1174
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1536,17 +1550,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1188
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1167 sssd.conf.5.xml:1866
+#: sssd.conf.5.xml:1191 sssd.conf.5.xml:2010
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1194
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1554,26 +1568,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1869
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2013
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1205
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1227
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1206
+#: sssd.conf.5.xml:1230
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1583,74 +1597,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1240
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1220
+#: sssd.conf.5.xml:1244
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1251
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1254
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1258
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1238
+#: sssd.conf.5.xml:1262
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1242
+#: sssd.conf.5.xml:1266
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1246 sssd.conf.5.xml:1271 sssd.conf.5.xml:1290
-#: sssd.conf.5.xml:1663 sssd.conf.5.xml:2577 sssd-ldap.5.xml:1823
+#: sssd.conf.5.xml:1270 sssd.conf.5.xml:1295 sssd.conf.5.xml:1314
+#: sssd.conf.5.xml:1807 sssd.conf.5.xml:2751 sssd-ldap.5.xml:1850
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1275
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1254
+#: sssd.conf.5.xml:1278
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1283
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:1291
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1658,19 +1672,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1276
+#: sssd.conf.5.xml:1300
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1303
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1310
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1678,12 +1692,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1319
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1322
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1691,60 +1705,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1304 sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1078
-#: sssd-ldap.5.xml:1369 sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1896
+#: sssd.conf.5.xml:1328 sssd-ldap.5.xml:1078 sssd-ldap.5.xml:1105
+#: sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1417 sssd-ldap.5.xml:1923
 #: include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1309
+#: sssd.conf.5.xml:1333
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1312
+#: sssd.conf.5.xml:1336
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1340
 msgid "Default: /etc/pki/nssdb (NSS version)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
-#, fuzzy
-#| msgid "enum_cache_timeout (integer)"
+#: sssd.conf.5.xml:1345
 msgid "p11_child_timeout (integer)"
-msgstr "enum_cache_timeout (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1348
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1357
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1360
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1349
+#: sssd.conf.5.xml:1373
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1351
+#: sssd.conf.5.xml:1375
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1755,34 +1767,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1392
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1371
+#: sssd.conf.5.xml:1395
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1407
+#, fuzzy
+#| msgid "debug_level (integer)"
+msgid "sudo_threshold (integer)"
+msgstr "debug_level (integer)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1410
+msgid ""
+"Maximum number of expired rules that can be refreshed at once. If number of "
+"expired rules is below threshold, those rules are refreshed with "
+"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
+"<quote>full refresh</quote> of sudo rules is triggered instead. This "
+"threshold number also applies to IPA sudo command and command group searches."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1429
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1431
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1390
+#: sssd.conf.5.xml:1435
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1393
+#: sssd.conf.5.xml:1438
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1790,68 +1819,68 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1409
+#: sssd.conf.5.xml:1454
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1411
+#: sssd.conf.5.xml:1456
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1415
+#: sssd.conf.5.xml:1460
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1463
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1427
+#: sssd.conf.5.xml:1472
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430
+#: sssd.conf.5.xml:1475
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1434
+#: sssd.conf.5.xml:1479
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1484
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1487
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1447
+#: sssd.conf.5.xml:1492
 msgid "Default: /etc/pki/nssdb"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1455
+#: sssd.conf.5.xml:1500
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1457
+#: sssd.conf.5.xml:1502
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1862,7 +1891,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1466
+#: sssd.conf.5.xml:1511
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1873,24 +1902,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1519
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1525
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1484 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1529 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1487
+#: sssd.conf.5.xml:1532
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1898,12 +1927,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1538
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1497
+#: sssd.conf.5.xml:1542
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -1912,31 +1941,144 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
-#, fuzzy
-#| msgid "offline_timeout (integer)"
+#: sssd.conf.5.xml:1551
 msgid "pac_lifetime (integer)"
-msgstr "offline_timeout (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1554
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1567
+msgid "Session recording configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1569
+msgid ""
+"Session recording works in conjunction with <citerefentry> "
+"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>, a part of tlog package, to log what users see and type when "
+"they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
+"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1582
+msgid "These options can be used to configure session recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1586 sssd-session-recording.5.xml:64
+msgid "scope (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:71
+msgid "\"none\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:74
+msgid "No users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1601 sssd-session-recording.5.xml:79
+msgid "\"some\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1604 sssd-session-recording.5.xml:82
+msgid ""
+"Users/groups specified by <replaceable>users</replaceable> and "
+"<replaceable>groups</replaceable> options are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1613 sssd-session-recording.5.xml:91
+msgid "\"all\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1616 sssd-session-recording.5.xml:94
+msgid "All users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1589 sssd-session-recording.5.xml:67
+msgid ""
+"One of the following strings specifying the scope of session recording: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:101
+#, fuzzy
+#| msgid "Default: not set"
+msgid "Default: \"none\""
+msgstr "Oletus: ei asetettu"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1628 sssd-session-recording.5.xml:106
+msgid "users (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1631 sssd-session-recording.5.xml:109
+msgid ""
+"A comma-separated list of users which should have session recording enabled. "
+"Matches user names as returned by NSS. I.e. after the possible space "
+"replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1637 sssd-session-recording.5.xml:115
+msgid "Default: Empty. Matches no users."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1642 sssd-session-recording.5.xml:120
+msgid "groups (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1645 sssd-session-recording.5.xml:123
+msgid ""
+"A comma-separated list of groups, members of which should have session "
+"recording enabled. Matches group names as returned by NSS. I.e. after the "
+"possible space replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1651 sssd-session-recording.5.xml:129
+msgid ""
+"NOTE: using this option (having it set to anything) has a considerable "
+"performance cost, because each uncached request for a user requires "
+"retrieving and matching the groups the user is member of."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:136
+msgid "Default: Empty. Matches no groups."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1668
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1531
+#: sssd.conf.5.xml:1675
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1534
+#: sssd.conf.5.xml:1678
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -1945,14 +2087,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1542
+#: sssd.conf.5.xml:1686
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546
+#: sssd.conf.5.xml:1690
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -1961,40 +2103,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1698
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1702
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1562
-#, fuzzy
-#| msgid "Default: not set"
+#: sssd.conf.5.xml:1706
 msgid "Default: posix"
-msgstr "Oletus: ei asetettu"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1568
+#: sssd.conf.5.xml:1712
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1715
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1720
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2003,46 +2143,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1727
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1731
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1737
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596
+#: sssd.conf.5.xml:1740
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1744
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603
+#: sssd.conf.5.xml:1747
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1821 sssd.conf.5.xml:1988
+#: sssd.conf.5.xml:1750 sssd.conf.5.xml:1965 sssd.conf.5.xml:2132
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1609
+#: sssd.conf.5.xml:1753
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2054,14 +2194,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1766
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1771
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2070,39 +2210,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:1779
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1643
+#: sssd.conf.5.xml:1787
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1650
+#: sssd.conf.5.xml:1794
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1651
+#: sssd.conf.5.xml:1795
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1798
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1799
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1790
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2111,19 +2251,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1813
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672
+#: sssd.conf.5.xml:1816
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1820
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2134,151 +2274,151 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1689
+#: sssd.conf.5.xml:1833
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1695
+#: sssd.conf.5.xml:1839
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1698
+#: sssd.conf.5.xml:1842
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1702 sssd.conf.5.xml:1715 sssd.conf.5.xml:1728
-#: sssd.conf.5.xml:1741 sssd.conf.5.xml:1754 sssd.conf.5.xml:1768
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1846 sssd.conf.5.xml:1859 sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1885 sssd.conf.5.xml:1898 sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1926
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1708
+#: sssd.conf.5.xml:1852
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1711
+#: sssd.conf.5.xml:1855
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1721
+#: sssd.conf.5.xml:1865
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1868
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1878
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1881
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1891
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1750
+#: sssd.conf.5.xml:1894
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1760
+#: sssd.conf.5.xml:1904
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1763
+#: sssd.conf.5.xml:1907
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1774
+#: sssd.conf.5.xml:1918
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1921
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1932
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1791
+#: sssd.conf.5.xml:1935
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1796
+#: sssd.conf.5.xml:1940
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1944
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1804 sssd-ldap.5.xml:746 sssd-ipa.5.xml:247
+#: sssd.conf.5.xml:1948 sssd-ldap.5.xml:746 sssd-ipa.5.xml:248
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1810
+#: sssd.conf.5.xml:1954
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1957
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1961
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1827
+#: sssd.conf.5.xml:1971
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1830
+#: sssd.conf.5.xml:1974
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2286,24 +2426,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1981
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1986
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1992
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1995
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2312,17 +2452,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1858
+#: sssd.conf.5.xml:2002
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:2007
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1874
+#: sssd.conf.5.xml:2018
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2331,33 +2471,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1881
+#: sssd.conf.5.xml:2025
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:2031
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2034
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1894
+#: sssd.conf.5.xml:2038
 msgid "<quote>proxy</quote>: Support a legacy NSS provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897 sssd.conf.5.xml:2034
+#: sssd.conf.5.xml:2041 sssd.conf.5.xml:2178
 msgid "<quote>local</quote>: SSSD internal provider for local users"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:2045
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2365,8 +2505,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1909 sssd.conf.5.xml:2014 sssd.conf.5.xml:2069
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2053 sssd.conf.5.xml:2158 sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2375,8 +2515,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1918 sssd.conf.5.xml:2023 sssd.conf.5.xml:2078
-#: sssd.conf.5.xml:2141
+#: sssd.conf.5.xml:2062 sssd.conf.5.xml:2167 sssd.conf.5.xml:2222
+#: sssd.conf.5.xml:2285
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2384,19 +2524,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2073
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:2076
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2081
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2405,7 +2545,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1945
+#: sssd.conf.5.xml:2089
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2413,22 +2553,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1952
+#: sssd.conf.5.xml:2096
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2102
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1961
+#: sssd.conf.5.xml:2105
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2108
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2440,7 +2580,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1982
+#: sssd.conf.5.xml:2126
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2448,19 +2588,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1993
+#: sssd.conf.5.xml:2137
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1996
+#: sssd.conf.5.xml:2140
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000 sssd.conf.5.xml:2062
+#: sssd.conf.5.xml:2144 sssd.conf.5.xml:2206
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2468,7 +2608,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2007
+#: sssd.conf.5.xml:2151
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2476,30 +2616,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2175
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2182
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2041
+#: sssd.conf.5.xml:2185
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2191
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2194
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2507,19 +2647,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
+#: sssd.conf.5.xml:2200
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059
+#: sssd.conf.5.xml:2203
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2086
+#: sssd.conf.5.xml:2230
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2528,7 +2668,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2093
+#: sssd.conf.5.xml:2237
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -2536,29 +2676,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2244
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2247
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2108
+#: sssd.conf.5.xml:2252
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2111
+#: sssd.conf.5.xml:2255
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2116
+#: sssd.conf.5.xml:2260
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2566,7 +2706,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2124
+#: sssd.conf.5.xml:2268
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2574,35 +2714,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2149
+#: sssd.conf.5.xml:2293
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2153
+#: sssd.conf.5.xml:2297
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2300
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2163
+#: sssd.conf.5.xml:2307
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2166
+#: sssd.conf.5.xml:2310
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2314
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2610,32 +2750,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2178
+#: sssd.conf.5.xml:2322
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2326
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2186
+#: sssd.conf.5.xml:2330
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189 sssd.conf.5.xml:2267 sssd.conf.5.xml:2308
-#: sssd.conf.5.xml:2333
+#: sssd.conf.5.xml:2333 sssd.conf.5.xml:2411 sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2501
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2337
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2646,12 +2786,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2210
+#: sssd.conf.5.xml:2354
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2357
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -2659,7 +2799,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2219
+#: sssd.conf.5.xml:2363
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2667,31 +2807,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2227
+#: sssd.conf.5.xml:2371
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2230
+#: sssd.conf.5.xml:2374
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2380
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2383
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2245
+#: sssd.conf.5.xml:2389
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2699,7 +2839,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2254
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2708,23 +2848,54 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2263
+#: sssd.conf.5.xml:2407
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2417
+msgid "session_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2420
+msgid ""
+"The provider which configures and manages user session related tasks. The "
+"only user session task currently provided is the integration with Fleet "
+"Commander, which works only with IPA.  Supported session providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2427
+msgid "<quote>ipa</quote> to allow performing user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2431
+msgid ""
+"<quote>none</quote> does not perform any kind of user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2435
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can perform "
+"session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2442
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2445
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2449
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2732,7 +2903,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2288
+#: sssd.conf.5.xml:2456
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2740,7 +2911,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2296
+#: sssd.conf.5.xml:2464
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2748,24 +2919,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2305
+#: sssd.conf.5.xml:2473
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2483
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2486
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2322
+#: sssd.conf.5.xml:2490
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2773,12 +2944,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2330
+#: sssd.conf.5.xml:2498
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2343
+#: sssd.conf.5.xml:2511
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -2788,7 +2959,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2520
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2797,29 +2968,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2525
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2528
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2363
+#: sssd.conf.5.xml:2531
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2366
+#: sssd.conf.5.xml:2534
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2371
+#: sssd.conf.5.xml:2539
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2827,7 +2998,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2377
+#: sssd.conf.5.xml:2545
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2835,137 +3006,145 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2384
+#: sssd.conf.5.xml:2552
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2431
+#: sssd.conf.5.xml:2599
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2437
+#: sssd.conf.5.xml:2605
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2440
+#: sssd.conf.5.xml:2608
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2444
+#: sssd.conf.5.xml:2612
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2447
+#: sssd.conf.5.xml:2615
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2450
+#: sssd.conf.5.xml:2618
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2621
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2456
+#: sssd.conf.5.xml:2624
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2459
+#: sssd.conf.5.xml:2627
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2633
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2468
+#: sssd.conf.5.xml:2636
+msgid ""
+"Defines the amount of time (in seconds) to wait for a reply from the "
+"internal fail over service before assuming that the service is unreachable. "
+"If this timeout is reached, the domain will continue to operate in offline "
+"mode."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2643
 msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
+"Please see the section <quote>FAILOVER</quote> for more information about "
+"the service resolution."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2474 sssd-ldap.5.xml:1251 sssd-ldap.5.xml:1293
-#: sssd-ldap.5.xml:1311 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2648 sssd-ldap.5.xml:1278 sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1338 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2654
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2483
+#: sssd.conf.5.xml:2657
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2661
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2493
+#: sssd.conf.5.xml:2667
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2496
+#: sssd.conf.5.xml:2670
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2502
+#: sssd.conf.5.xml:2676
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2510
+#: sssd.conf.5.xml:2684
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2513
+#: sssd.conf.5.xml:2687
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2519
+#: sssd.conf.5.xml:2693
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2695
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2525
+#: sssd.conf.5.xml:2699
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2528
+#: sssd.conf.5.xml:2702
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -2973,7 +3152,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2505
+#: sssd.conf.5.xml:2679
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -2981,17 +3160,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2540
+#: sssd.conf.5.xml:2714
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2546
+#: sssd.conf.5.xml:2720
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2549
+#: sssd.conf.5.xml:2723
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -2999,34 +3178,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2729
 msgid "ignore_group_members"
 msgstr "ignore_group_members"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2558
+#: sssd.conf.5.xml:2732
 msgid "ldap_purge_cache_timeout"
 msgstr "ldap_purge_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2561 sssd-ldap.5.xml:1084
+#: sssd.conf.5.xml:2735 sssd-ldap.5.xml:1111
 msgid "ldap_use_tokengroups"
 msgstr "ldap_use_tokengroups"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2564
+#: sssd.conf.5.xml:2738
 msgid "ldap_user_principal"
 msgstr "ldap_user_principal"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2567
+#: sssd.conf.5.xml:2741
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2573
+#: sssd.conf.5.xml:2747
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3036,32 +3215,32 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2571 sssd-secrets.5.xml:381
+#: sssd.conf.5.xml:2745 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "Esimerkki: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2580
+#: sssd.conf.5.xml:2754
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2587
+#: sssd.conf.5.xml:2761
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2772
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2599
+#: sssd.conf.5.xml:2773
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2764
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3071,36 +3250,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:2778
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:2782
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2613
+#: sssd.conf.5.xml:2787
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2616
+#: sssd.conf.5.xml:2790
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2622
-#, fuzzy
-#| msgid "enum_cache_timeout (integer)"
+#: sssd.conf.5.xml:2796
 msgid "cached_auth_timeout (int)"
-msgstr "enum_cache_timeout (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2625
+#: sssd.conf.5.xml:2799
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3108,12 +3285,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2805
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2635
+#: sssd.conf.5.xml:2809
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3121,7 +3298,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1670
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3129,29 +3306,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2653
+#: sssd.conf.5.xml:2827
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2656
+#: sssd.conf.5.xml:2830
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2659
+#: sssd.conf.5.xml:2833
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2841
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2670
+#: sssd.conf.5.xml:2844
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3159,12 +3336,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2680
+#: sssd.conf.5.xml:2854
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2683
+#: sssd.conf.5.xml:2857
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3173,12 +3350,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2697
+#: sssd.conf.5.xml:2871
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2700
+#: sssd.conf.5.xml:2874
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3186,19 +3363,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2823
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2890
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2892
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3215,7 +3392,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2738
+#: sssd.conf.5.xml:2912
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3223,17 +3400,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2744
+#: sssd.conf.5.xml:2918
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2746
+#: sssd.conf.5.xml:2920
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2749
+#: sssd.conf.5.xml:2923
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3242,18 +3419,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2937
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
-"through the NSS responder. In addition, the application domains also "
-"requests the telephoneNumber attribute, stores it as the phone attribute in "
-"the cache and makes the phone attribute reachable through the D-Bus "
-"interface."
+"through the NSS responder. In addition, the application domain also requests "
+"the telephoneNumber attribute, stores it as the phone attribute in the cache "
+"and makes the phone attribute reachable through the D-Bus interface."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:2771
+#: sssd.conf.5.xml:2945
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3273,12 +3449,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2963
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2791
+#: sssd.conf.5.xml:2965
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3286,73 +3462,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2798
+#: sssd.conf.5.xml:2972
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2975
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2805
+#: sssd.conf.5.xml:2979
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2810
+#: sssd.conf.5.xml:2984
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2987
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2992
 msgid "Default: <filename>/home</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2823
+#: sssd.conf.5.xml:2997
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:3000
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830 sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:3004 sssd.conf.5.xml:3016
 msgid "Default: TRUE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2835
+#: sssd.conf.5.xml:3009
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2838
+#: sssd.conf.5.xml:3012
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2847
+#: sssd.conf.5.xml:3021
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2850
+#: sssd.conf.5.xml:3024
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3360,17 +3536,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2858
+#: sssd.conf.5.xml:3032
 msgid "Default: 077"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:3037
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2866
+#: sssd.conf.5.xml:3040
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3379,17 +3555,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2876
+#: sssd.conf.5.xml:3050
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2881
+#: sssd.conf.5.xml:3055
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2884
+#: sssd.conf.5.xml:3058
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3397,17 +3573,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2891
+#: sssd.conf.5.xml:3065
 msgid "Default: <filename>/var/mail</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:3070
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2899
+#: sssd.conf.5.xml:3073
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3415,88 +3591,85 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2905
+#: sssd.conf.5.xml:3079
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2915
+#: sssd.conf.5.xml:3089
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:3091
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
 "<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
-"replaceable>]</quote>.  Currently supported options in the trusted domain "
-"section are:"
+"replaceable>]</quote>.  Where DOMAIN_NAME is the actual joined-to base "
+"domain. Please refer to examples below for explanation.  Currently supported "
+"options in the trusted domain section are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2922
+#: sssd.conf.5.xml:3098
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2923
-#, fuzzy
-#| msgid "ldap_user_principal"
+#: sssd.conf.5.xml:3099
 msgid "ldap_user_search_base,"
-msgstr "ldap_user_principal"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2924
+#: sssd.conf.5.xml:3100
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2925
+#: sssd.conf.5.xml:3101
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:3102
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2927
+#: sssd.conf.5.xml:3103
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2928
+#: sssd.conf.5.xml:3104
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2929
+#: sssd.conf.5.xml:3105
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2930
+#: sssd.conf.5.xml:3106
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2932
+#: sssd.conf.5.xml:3108
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2938 sssd-ldap.5.xml:2662 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:673 sssd-ad.5.xml:1018 sssd-krb5.5.xml:570
-#: sss_rpcidmapd.5.xml:98 sssd-files.5.xml:71
-msgid "EXAMPLE"
+#: sssd.conf.5.xml:3114 idmap_sss.8.xml:43
+msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2944
+#: sssd.conf.5.xml:3120
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3526,14 +3699,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2940
+#: sssd.conf.5.xml:3116
 msgid ""
-"The following example shows a typical SSSD config. It does not describe "
+"1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 "id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:3153
+#, no-wrap
+msgid ""
+"[domain/ipa.com/child.ad.com]\n"
+"use_fully_qualified_names = false\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3147
+msgid ""
+"2. The following example shows configuration of IPA AD trust where the AD "
+"forest consists of two domains in a parent-child structure.  Suppose IPA "
+"domain (ipa.com) has trust with AD domain(ad.com).  ad.com has child domain "
+"(child.ad.com). To enable shortnames in the child domain the following "
+"configuration should be used.  <placeholder type=\"programlisting\" id=\"0\"/"
+">"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
 msgid "sssd-ldap"
@@ -3574,7 +3766,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:75 sssd-ad.5.xml:99
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
-#: sssd-secrets.5.xml:94 sssd-kcm.8.xml:141
+#: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
 msgstr ""
 
@@ -3594,7 +3786,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:197
+#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:264
 msgid "The format of the URI must match the format defined in RFC 2732:"
 msgstr ""
 
@@ -3874,7 +4066,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:893
+#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:920
 msgid "Default: gidNumber"
 msgstr ""
 
@@ -3952,7 +4144,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:919
+#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:946
 msgid ""
 "Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
 "IPA"
@@ -3971,7 +4163,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:961
 msgid "Default: objectSid for ActiveDirectory, not set for other servers."
 msgstr ""
 
@@ -3981,14 +4173,14 @@ msgid "ldap_user_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:944 sssd-ldap.5.xml:1167
+#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:971 sssd-ldap.5.xml:1194
 msgid ""
 "The LDAP attribute that contains timestamp of the last modification of the "
 "parent object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:948 sssd-ldap.5.xml:1174
+#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:975 sssd-ldap.5.xml:1201
 msgid "Default: modifyTimestamp"
 msgstr ""
 
@@ -4383,8 +4575,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1199
-#: sssd-ldap.5.xml:2240 sssd-ipa.5.xml:544
+#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1152 sssd-ldap.5.xml:1226
+#: sssd-ldap.5.xml:2276 sssd-ipa.5.xml:588
 msgid "Default: cn"
 msgstr ""
 
@@ -4471,134 +4663,165 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:833
-msgid "ldap_user_certificate (string)"
+msgid "ldap_user_authorized_rhost (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:836
+msgid ""
+"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
+"presence of the rhost attribute in the user's LDAP entry to determine access "
+"privilege. Similarly to host verification process."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:843
+msgid ""
+"An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
+"explicit allow (rhost) and finally for allow_all (*)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:848
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>rhost</quote> in order for the "
+"ldap_user_authorized_rhost option to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:855
+#, fuzzy
+#| msgid "Default: not set"
+msgid "Default: rhost"
+msgstr "Oletus: ei asetettu"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:861
+msgid "ldap_user_certificate (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
 msgid "Name of the LDAP attribute containing the X509 certificate of the user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:840
-msgid "Default: no set in the general case, userCertificate;binary for IPA"
+#: sssd-ldap.5.xml:868
+msgid "Default: userCertificate;binary"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:847
-#, fuzzy
-#| msgid "ldap_user_principal"
+#: sssd-ldap.5.xml:874
 msgid "ldap_user_email (string)"
-msgstr "ldap_user_principal"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:850
+#: sssd-ldap.5.xml:877
 msgid "Name of the LDAP attribute containing the email address of the user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-#, fuzzy
-#| msgid "Default: false"
+#: sssd-ldap.5.xml:881
 msgid "Default: mail"
-msgstr "Oletus:epätosi"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:860
+#: sssd-ldap.5.xml:887
 msgid "ldap_group_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:890
 msgid "The object class of a group entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:893
 msgid "Default: posixGroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:872
+#: sssd-ldap.5.xml:899
 msgid "ldap_group_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:875
+#: sssd-ldap.5.xml:902
 msgid "The LDAP attribute that corresponds to the group name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:879
+#: sssd-ldap.5.xml:906
 msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:886
+#: sssd-ldap.5.xml:913
 msgid "ldap_group_gid_number (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:916
 msgid "The LDAP attribute that corresponds to the group's id."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:926
 msgid "ldap_group_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:902
+#: sssd-ldap.5.xml:929
 msgid "The LDAP attribute that contains the names of the group's members."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:933
 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:939
 msgid "ldap_group_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:942
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:953
 msgid "ldap_group_objectsid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:929
+#: sssd-ldap.5.xml:956
 msgid ""
 "The LDAP attribute that contains the objectSID of an LDAP group object. This "
 "is usually only necessary for ActiveDirectory servers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:968
 msgid "ldap_group_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:981
 msgid "ldap_group_type (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:957
+#: sssd-ldap.5.xml:984
 msgid ""
 "The LDAP attribute that contains an integer value indicating the type of the "
 "group and maybe other flags."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:962
+#: sssd-ldap.5.xml:989
 msgid ""
 "This attribute is currently only used by the AD provider to determine if a "
 "group is a domain local groups and has to be filtered out for trusted "
@@ -4606,34 +4829,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:968
+#: sssd-ldap.5.xml:995
 msgid "Default: groupType in the AD provider, otherwise not set"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:975
+#: sssd-ldap.5.xml:1002
 msgid "ldap_group_external_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:978
+#: sssd-ldap.5.xml:1005
 msgid ""
 "The LDAP attribute that references group members that are defined in an "
 "external domain. At the moment, only IPA's external members are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:1011
 msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1018
 msgid "ldap_group_nesting_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1021
 msgid ""
 "If ldap_schema is set to a schema format that supports nested groups (e.g. "
 "RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -4641,7 +4864,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
+#: sssd-ldap.5.xml:1028
 msgid ""
 "Note: This option specifies the guaranteed level of nested groups to be "
 "processed for any lookup. However, nested groups beyond this limit "
@@ -4651,7 +4874,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1037
 msgid ""
 "If ldap_group_nesting_level is set to 0 then no nested groups are processed "
 "at all. However, when connected to Active-Directory Server 2008 and later "
@@ -4661,17 +4884,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1046
 msgid "Default: 2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1025
+#: sssd-ldap.5.xml:1052
 msgid "ldap_groups_use_matching_rule_in_chain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1028
+#: sssd-ldap.5.xml:1055
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which may speed up group lookup operations on deployments with "
@@ -4679,14 +4902,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1034
+#: sssd-ldap.5.xml:1061
 msgid ""
 "In most common cases, it is best to leave this option disabled. It generally "
 "only provides a performance increase on very complex nestings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039 sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1093
 msgid ""
 "If this option is enabled, SSSD will use it if it detects that the server "
 "supports it during initial connection. So \"True\" here essentially means "
@@ -4694,7 +4917,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1072
+#: sssd-ldap.5.xml:1072 sssd-ldap.5.xml:1099
 msgid ""
 "Note: This feature is currently known to work only with Active Directory "
 "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4703,12 +4926,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1057
+#: sssd-ldap.5.xml:1084
 msgid "ldap_initgroups_use_matching_rule_in_chain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1087
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which might speed up initgroups operations (most notably when "
@@ -4716,168 +4939,168 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1114
 msgid ""
 "This options enables or disables use of Token-Groups attribute when "
 "performing initgroup for users from Active Directory Server 2008 and later."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1092
+#: sssd-ldap.5.xml:1119
 msgid "Default: True for AD and IPA otherwise False."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1125
 msgid "ldap_netgroup_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1101
+#: sssd-ldap.5.xml:1128
 msgid "The object class of a netgroup entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1104
+#: sssd-ldap.5.xml:1131
 msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1108
+#: sssd-ldap.5.xml:1135
 msgid "Default: nisNetgroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1114
+#: sssd-ldap.5.xml:1141
 msgid "ldap_netgroup_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1117
+#: sssd-ldap.5.xml:1144
 msgid "The LDAP attribute that corresponds to the netgroup name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1121
+#: sssd-ldap.5.xml:1148
 msgid "In IPA provider, ipa_netgroup_name should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1131
+#: sssd-ldap.5.xml:1158
 msgid "ldap_netgroup_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1134
+#: sssd-ldap.5.xml:1161
 msgid "The LDAP attribute that contains the names of the netgroup's members."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1165
 msgid "In IPA provider, ipa_netgroup_member should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1142
+#: sssd-ldap.5.xml:1169
 msgid "Default: memberNisNetgroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1175
 msgid "ldap_netgroup_triple (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1178
 msgid ""
 "The LDAP attribute that contains the (host, user, domain) netgroup triples."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1155 sssd-ldap.5.xml:1171
+#: sssd-ldap.5.xml:1182 sssd-ldap.5.xml:1198
 msgid "This option is not available in IPA provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1158
+#: sssd-ldap.5.xml:1185
 msgid "Default: nisNetgroupTriple"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1191
 msgid "ldap_netgroup_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1207
 msgid "ldap_service_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1210
 msgid "The object class of a service entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1186
+#: sssd-ldap.5.xml:1213
 msgid "Default: ipService"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1192
+#: sssd-ldap.5.xml:1219
 msgid "ldap_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1195
+#: sssd-ldap.5.xml:1222
 msgid ""
 "The LDAP attribute that contains the name of service attributes and their "
 "aliases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1205
+#: sssd-ldap.5.xml:1232
 msgid "ldap_service_port (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1235
 msgid "The LDAP attribute that contains the port managed by this service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1239
 msgid "Default: ipServicePort"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1245
 msgid "ldap_service_proto (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1248
 msgid ""
 "The LDAP attribute that contains the protocols understood by this service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1252
 msgid "Default: ipServiceProtocol"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1231
+#: sssd-ldap.5.xml:1258
 msgid "ldap_service_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1236
+#: sssd-ldap.5.xml:1263
 msgid "ldap_search_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1266
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches are allowed to run "
 "before they are cancelled and cached results are returned (and offline mode "
@@ -4885,7 +5108,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1245
+#: sssd-ldap.5.xml:1272
 msgid ""
 "Note: this option is subject to change in future versions of the SSSD. It "
 "will likely be replaced at some point by a series of timeouts for specific "
@@ -4893,12 +5116,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1257
+#: sssd-ldap.5.xml:1284
 msgid "ldap_enumeration_search_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1260
+#: sssd-ldap.5.xml:1287
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches for user and group "
 "enumerations are allowed to run before they are cancelled and cached results "
@@ -4906,12 +5129,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1273
+#: sssd-ldap.5.xml:1300
 msgid "ldap_network_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1303
 msgid ""
 "Specifies the timeout (in seconds) after which the <citerefentry> "
 "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4922,12 +5145,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1326
 msgid "ldap_opt_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1329
 msgid ""
 "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
 "will abort if no response is received. Also controls the timeout when "
@@ -4936,12 +5159,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1344
 msgid "ldap_connection_expire_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1347
 msgid ""
 "Specifies a timeout (in seconds) that a connection to an LDAP server will be "
 "maintained. After this time, the connection will be re-established. If used "
@@ -4950,34 +5173,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1328 sssd-ldap.5.xml:2397
+#: sssd-ldap.5.xml:1355 sssd-ldap.5.xml:2433
 msgid "Default: 900 (15 minutes)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1361
 msgid "ldap_page_size (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1364
 msgid ""
 "Specify the number of records to retrieve from LDAP in a single request. "
 "Some LDAP servers enforce a maximum limit per-request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1342
+#: sssd-ldap.5.xml:1369
 msgid "Default: 1000"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1375
 msgid "ldap_disable_paging (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1378
 msgid ""
 "Disable the LDAP paging control. This option should be used if the LDAP "
 "server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4985,14 +5208,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1384
 msgid ""
 "Example: OpenLDAP servers with the paging control module installed on the "
 "server but not enabled will report it in the RootDSE but be unable to use it."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1363
+#: sssd-ldap.5.xml:1390
 msgid ""
 "Example: 389 DS has a bug where it can only support a one paging control at "
 "a time on a single connection. On busy clients, this can result in some "
@@ -5000,17 +5223,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1375
+#: sssd-ldap.5.xml:1402
 msgid "ldap_disable_range_retrieval (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1378
+#: sssd-ldap.5.xml:1405
 msgid "Disable Active Directory range retrieval."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1381
+#: sssd-ldap.5.xml:1408
 msgid ""
 "Active Directory limits the number of members to be retrieved in a single "
 "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -5020,12 +5243,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1396
+#: sssd-ldap.5.xml:1423
 msgid "ldap_sasl_minssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1426
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -5033,17 +5256,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1432
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1439
 msgid "ldap_deref_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1415
+#: sssd-ldap.5.xml:1442
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -5051,13 +5274,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1448
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1452
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -5066,7 +5289,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1433
+#: sssd-ldap.5.xml:1460
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -5074,26 +5297,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1473
 msgid "ldap_tls_reqcert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1449
+#: sssd-ldap.5.xml:1476
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1482
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1486
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5101,7 +5324,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466
+#: sssd-ldap.5.xml:1493
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5109,7 +5332,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1472
+#: sssd-ldap.5.xml:1499
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -5117,41 +5340,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1478
+#: sssd-ldap.5.xml:1505
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1509
 msgid "Default: hard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1515
 msgid "ldap_tls_cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1518
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1496 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1523 sssd-ldap.5.xml:1541 sssd-ldap.5.xml:1582
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1530
 msgid "ldap_tls_cacertdir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1533
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -5160,32 +5383,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1548
 msgid "ldap_tls_cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1524
+#: sssd-ldap.5.xml:1551
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1534
+#: sssd-ldap.5.xml:1561
 msgid "ldap_tls_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1564
 msgid "Specifies the file that contains the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1573
 msgid "ldap_tls_cipher_suite (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1576
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -5193,24 +5416,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1589
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1565
+#: sssd-ldap.5.xml:1592
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem class="
 "\"protocol\">tls</systemitem> to protect the channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1602
 msgid "ldap_id_mapping (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1605
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -5218,17 +5441,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1584
+#: sssd-ldap.5.xml:1611
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1621
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1624
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -5239,29 +5462,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1636
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1642
 msgid "ldap_sasl_mech (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1645
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
 "supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1655
 msgid "ldap_sasl_authid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1658
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI is used, this "
 "represents the Kerberos principal used for authentication to the directory.  "
@@ -5270,17 +5493,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1666
 msgid "Default: host/hostname@REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1672
 msgid "ldap_sasl_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1648
+#: sssd-ldap.5.xml:1675
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -5288,49 +5511,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1681
 msgid "Default: the value of krb5_realm."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1687
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1663
+#: sssd-ldap.5.xml:1690
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1668
+#: sssd-ldap.5.xml:1695
 msgid "Default: false;"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1701
 msgid "ldap_krb5_keytab (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1677
+#: sssd-ldap.5.xml:1704
 msgid "Specify the keytab to use when using SASL/GSSAPI."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1680
+#: sssd-ldap.5.xml:1707
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1686
+#: sssd-ldap.5.xml:1713
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1689
+#: sssd-ldap.5.xml:1716
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -5338,27 +5561,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1728
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1704
+#: sssd-ldap.5.xml:1731
 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1708 sssd-ad.5.xml:914
+#: sssd-ldap.5.xml:1735 sssd-ad.5.xml:914
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1714 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1741 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1717
+#: sssd-ldap.5.xml:1744
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -5370,7 +5593,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1756 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -5378,7 +5601,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1761 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -5386,39 +5609,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1743 sssd-ipa.5.xml:418 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1770 sssd-ipa.5.xml:432 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1746
+#: sssd-ldap.5.xml:1773
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1749
+#: sssd-ldap.5.xml:1776
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1755 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1782 sssd-krb5.5.xml:462
 msgid "krb5_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1785
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1770 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1797 sssd-krb5.5.xml:477
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1773 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1800 sssd-krb5.5.xml:480
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -5428,7 +5651,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1811 sssd-krb5.5.xml:491
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -5436,26 +5659,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1825
 msgid "ldap_pwd_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1828
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1806
+#: sssd-ldap.5.xml:1833
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1811
+#: sssd-ldap.5.xml:1838
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -5463,7 +5686,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1817
+#: sssd-ldap.5.xml:1844
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5471,31 +5694,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1826
+#: sssd-ldap.5.xml:1853
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1861
 msgid "ldap_referrals (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1864
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1868
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1873
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5504,56 +5727,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1887
 msgid "ldap_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1890
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1894
 msgid "Default: ldap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1900
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1876
+#: sssd-ldap.5.xml:1903
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1881
+#: sssd-ldap.5.xml:1908
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1887
+#: sssd-ldap.5.xml:1914
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1890
+#: sssd-ldap.5.xml:1917
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1902
+#: sssd-ldap.5.xml:1929
 msgid "ldap_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1932
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -5569,12 +5792,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1952
 msgid "Example:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1928
+#: sssd-ldap.5.xml:1955
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -5583,14 +5806,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1959
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1964
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -5599,24 +5822,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1945 sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:1972 sssd-ldap.5.xml:2029
 msgid "Default: Empty"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1951
+#: sssd-ldap.5.xml:1978
 msgid "ldap_account_expire_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1981
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1958
+#: sssd-ldap.5.xml:1985
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5624,19 +5847,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1965
+#: sssd-ldap.5.xml:1992
 msgid "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1995
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1973
+#: sssd-ldap.5.xml:2000
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5645,7 +5868,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:2007
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5653,7 +5876,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1986
+#: sssd-ldap.5.xml:2013
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5662,7 +5885,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2022
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -5670,22 +5893,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2035
 msgid "ldap_access_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2011
+#: sssd-ldap.5.xml:2038
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2042
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2045
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5695,14 +5918,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2028
+#: sssd-ldap.5.xml:2055
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2062
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5715,12 +5938,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2052
+#: sssd-ldap.5.xml:2079
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2056
+#: sssd-ldap.5.xml:2083
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5730,7 +5953,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2093
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5740,49 +5963,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2101
 msgid ""
 "Note If user password is expired no explicit message is prompted by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2105
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2083
+#: sssd-ldap.5.xml:2110
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2115
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2092
+#: sssd-ldap.5.xml:2119
+msgid ""
+"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
+"remote host can access"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2123
+msgid ""
+"Please note, rhost field in pam is set by application, it is better to check "
+"what the application sends to pam, before enabling this access control option"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2128
 msgid "Default: filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2095
+#: sssd-ldap.5.xml:2131
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2102
+#: sssd-ldap.5.xml:2138
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2105
+#: sssd-ldap.5.xml:2141
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -5791,74 +6028,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2113
+#: sssd-ldap.5.xml:2149
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2152
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2122
+#: sssd-ldap.5.xml:2158
 msgid "ldap_deref (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2125
+#: sssd-ldap.5.xml:2161
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2130
+#: sssd-ldap.5.xml:2166
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2134
+#: sssd-ldap.5.xml:2170
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2139
+#: sssd-ldap.5.xml:2175
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2144
+#: sssd-ldap.5.xml:2180
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2149
+#: sssd-ldap.5.xml:2185
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2157
+#: sssd-ldap.5.xml:2193
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2196
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2200
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -5869,7 +6106,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2175
+#: sssd-ldap.5.xml:2211
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -5877,26 +6114,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2223 sssd-ifp.5.xml:136
 #, fuzzy
-#| msgid "force_timeout (integer)"
-msgid "wildcart_limit (integer)"
-msgstr "force_timeout (integer)"
+#| msgid "enum_cache_timeout (integer)"
+msgid "wildcard_limit (integer)"
+msgstr "enum_cache_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2226
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2194
+#: sssd-ldap.5.xml:2230
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2234
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
@@ -5911,12 +6148,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2244
 msgid "SUDO OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2210
+#: sssd-ldap.5.xml:2246
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5924,208 +6161,208 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2221
+#: sssd-ldap.5.xml:2257
 msgid "ldap_sudorule_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2260
 msgid "The object class of a sudo rule entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2227
+#: sssd-ldap.5.xml:2263
 msgid "Default: sudoRole"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2233
+#: sssd-ldap.5.xml:2269
 msgid "ldap_sudorule_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2272
 msgid "The LDAP attribute that corresponds to the sudo rule name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2246
+#: sssd-ldap.5.xml:2282
 msgid "ldap_sudorule_command (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2249
+#: sssd-ldap.5.xml:2285
 msgid "The LDAP attribute that corresponds to the command name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2253
+#: sssd-ldap.5.xml:2289
 msgid "Default: sudoCommand"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2259
+#: sssd-ldap.5.xml:2295
 msgid "ldap_sudorule_host (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2262
+#: sssd-ldap.5.xml:2298
 msgid ""
 "The LDAP attribute that corresponds to the host name (or host IP address, "
 "host IP network, or host netgroup)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2303
 msgid "Default: sudoHost"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2273
+#: sssd-ldap.5.xml:2309
 msgid "ldap_sudorule_user (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2276
+#: sssd-ldap.5.xml:2312
 msgid ""
 "The LDAP attribute that corresponds to the user name (or UID, group name or "
 "user's netgroup)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2316
 msgid "Default: sudoUser"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2286
+#: sssd-ldap.5.xml:2322
 msgid "ldap_sudorule_option (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2289
+#: sssd-ldap.5.xml:2325
 msgid "The LDAP attribute that corresponds to the sudo options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2329
 msgid "Default: sudoOption"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2335
 msgid "ldap_sudorule_runasuser (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2302
+#: sssd-ldap.5.xml:2338
 msgid ""
 "The LDAP attribute that corresponds to the user name that commands may be "
 "run as."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2306
+#: sssd-ldap.5.xml:2342
 msgid "Default: sudoRunAsUser"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2312
+#: sssd-ldap.5.xml:2348
 msgid "ldap_sudorule_runasgroup (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2351
 msgid ""
 "The LDAP attribute that corresponds to the group name or group GID that "
 "commands may be run as."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2319
+#: sssd-ldap.5.xml:2355
 msgid "Default: sudoRunAsGroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2361
 msgid "ldap_sudorule_notbefore (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2328
+#: sssd-ldap.5.xml:2364
 msgid ""
 "The LDAP attribute that corresponds to the start date/time for when the sudo "
 "rule is valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2332
+#: sssd-ldap.5.xml:2368
 msgid "Default: sudoNotBefore"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2338
+#: sssd-ldap.5.xml:2374
 msgid "ldap_sudorule_notafter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2341
+#: sssd-ldap.5.xml:2377
 msgid ""
 "The LDAP attribute that corresponds to the expiration date/time, after which "
 "the sudo rule will no longer be valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2346
+#: sssd-ldap.5.xml:2382
 msgid "Default: sudoNotAfter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2352
+#: sssd-ldap.5.xml:2388
 msgid "ldap_sudorule_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2391
 msgid "The LDAP attribute that corresponds to the ordering index of the rule."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2359
+#: sssd-ldap.5.xml:2395
 msgid "Default: sudoOrder"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2365
+#: sssd-ldap.5.xml:2401
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2368
+#: sssd-ldap.5.xml:2404
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2373
+#: sssd-ldap.5.xml:2409
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2378
+#: sssd-ldap.5.xml:2414
 msgid "Default: 21600 (6 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2420
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387
+#: sssd-ldap.5.xml:2423
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest USN "
@@ -6133,101 +6370,101 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2429
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2403
+#: sssd-ldap.5.xml:2439
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2406
+#: sssd-ldap.5.xml:2442
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2417
+#: sssd-ldap.5.xml:2453
 msgid "ldap_sudo_hostnames (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2420
+#: sssd-ldap.5.xml:2456
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2425
+#: sssd-ldap.5.xml:2461
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2430 sssd-ldap.5.xml:2453 sssd-ldap.5.xml:2471
-#: sssd-ldap.5.xml:2489
+#: sssd-ldap.5.xml:2466 sssd-ldap.5.xml:2489 sssd-ldap.5.xml:2507
+#: sssd-ldap.5.xml:2525
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2435 sssd-ldap.5.xml:2458
+#: sssd-ldap.5.xml:2471 sssd-ldap.5.xml:2494
 msgid "Default: not specified"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2477
 msgid "ldap_sudo_ip (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2444
+#: sssd-ldap.5.xml:2480
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2449
+#: sssd-ldap.5.xml:2485
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2464
+#: sssd-ldap.5.xml:2500
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2467
+#: sssd-ldap.5.xml:2503
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2482
+#: sssd-ldap.5.xml:2518
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2485
+#: sssd-ldap.5.xml:2521
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2501
+#: sssd-ldap.5.xml:2537
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -6236,111 +6473,111 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2547
 msgid "AUTOFS OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2513
+#: sssd-ldap.5.xml:2549
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2555
 msgid "ldap_autofs_map_master_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2522
+#: sssd-ldap.5.xml:2558
 msgid "The name of the automount master map in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2525
+#: sssd-ldap.5.xml:2561
 msgid "Default: auto.master"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2532
+#: sssd-ldap.5.xml:2568
 msgid "ldap_autofs_map_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2535
+#: sssd-ldap.5.xml:2571
 msgid "The object class of an automount map entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2538
+#: sssd-ldap.5.xml:2574
 msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2546
+#: sssd-ldap.5.xml:2582
 msgid "ldap_autofs_map_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2549
+#: sssd-ldap.5.xml:2585
 msgid "The name of an automount map entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2552
+#: sssd-ldap.5.xml:2588
 msgid ""
 "Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2596
 msgid "ldap_autofs_entry_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2563
+#: sssd-ldap.5.xml:2599
 msgid ""
 "The object class of an automount entry in LDAP. The entry usually "
 "corresponds to a mount point."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2568
+#: sssd-ldap.5.xml:2604
 msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2576
+#: sssd-ldap.5.xml:2612
 msgid "ldap_autofs_entry_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2579 sssd-ldap.5.xml:2594
+#: sssd-ldap.5.xml:2615 sssd-ldap.5.xml:2630
 msgid ""
 "The key of an automount entry in LDAP. The entry usually corresponds to a "
 "mount point."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2583
+#: sssd-ldap.5.xml:2619
 msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2627
 msgid "ldap_autofs_entry_value (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2598
+#: sssd-ldap.5.xml:2634
 msgid ""
 "Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
 "automountInformation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2517
+#: sssd-ldap.5.xml:2553
 msgid ""
 "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
 "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -6349,56 +6586,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2609
+#: sssd-ldap.5.xml:2645
 msgid "ADVANCED OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2616
+#: sssd-ldap.5.xml:2652
 msgid "ldap_netgroup_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2621
+#: sssd-ldap.5.xml:2657
 msgid "ldap_user_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2626
+#: sssd-ldap.5.xml:2662
 msgid "ldap_group_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2631
+#: sssd-ldap.5.xml:2667
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2633
+#: sssd-ldap.5.xml:2669
 msgid ""
-"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
+"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
 "memberships, even with no GID mapping. It is recommended to disable this "
 "feature, if group names are not being displayed correctly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2640
+#: sssd-ldap.5.xml:2676
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2642
+#: sssd-ldap.5.xml:2678
 msgid "ldap_sudo_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2647
+#: sssd-ldap.5.xml:2683
 msgid "ldap_autofs_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2611
+#: sssd-ldap.5.xml:2647
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -6406,8 +6643,15 @@ msgid ""
 "\"variablelist\" id=\"1\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2698 sssd-simple.5.xml:131 sssd-ipa.5.xml:717
+#: sssd-ad.5.xml:1018 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+msgid "EXAMPLE"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2664
+#: sssd-ldap.5.xml:2700
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -6415,7 +6659,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2670
+#: sssd-ldap.5.xml:2706
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -6428,26 +6672,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2669 sssd-ldap.5.xml:2687 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:681 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 include/ldap_id_mapping.xml:105
+#: sssd-ldap.5.xml:2705 sssd-ldap.5.xml:2723 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2681
+#: sssd-ldap.5.xml:2717
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2683
+#: sssd-ldap.5.xml:2719
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2688
+#: sssd-ldap.5.xml:2724
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -6463,13 +6708,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2703 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2739 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1041 sssd.8.xml:195 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2705
+#: sssd-ldap.5.xml:2741
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -6970,9 +7215,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:45
 msgid ""
-"The rules are process by priority while the number '0' (zero)  indicates the "
-"highest priority. The higher the number the lower is the priority. A missing "
-"value indicates the lowest priority."
+"The rules are processed by priority while the number '0' (zero)  indicates "
+"the highest priority. The higher the number the lower is the priority. A "
+"missing value indicates the lowest priority."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
@@ -7056,7 +7301,7 @@ msgstr ""
 #: sss-certmap.5.xml:112
 msgid ""
 "This option can be used to specify which key usage values the certificate "
-"should have. The following value can be used in a comma separate list:"
+"should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
@@ -7409,11 +7654,9 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:66
-#, fuzzy
-#| msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
 "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sss-certmap.5.xml:336
@@ -7435,7 +7678,7 @@ msgid ""
 "exception is the proxy provider which is not of relevance here). Because of "
 "this the mapping rule is based on LDAP search filter syntax with templates "
 "to add certificate content to the filter. It is expected that the filter "
-"will only contain the specific data needed for the mapping an that the "
+"will only contain the specific data needed for the mapping and that the "
 "caller will embed it in another filter to do the actual search. Because of "
 "this the filter string should start and stop with '(' and ')' respectively."
 msgstr ""
@@ -7455,8 +7698,8 @@ msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
 "is that the user specific data in LDAP might change for various reasons "
-"would would break the mapping. On the other hand it would be hard to break "
-"the mapping on purpose for a specific user."
+"would break the mapping. On the other hand it would be hard to break the "
+"mapping on purpose for a specific user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -7550,7 +7793,7 @@ msgstr ""
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
-"represent the first part of the principal before the '@' sign."
+"represents the first part of the principal before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7568,8 +7811,8 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:459
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by pkinit. The 'short_name' component represent the first part of the "
+"This template will add the Kerberos principal which is given by the SAN used "
+"by pkinit. The 'short_name' component represents the first part of the "
 "principal before the '@' sign."
 msgstr ""
 
@@ -7588,9 +7831,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:473
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by AD. The 'short_name' component represent the first part of the "
-"principal before the '@' sign."
+"This template will add the Kerberos principal which is given by the SAN used "
+"by AD. The 'short_name' component represent the first part of the principal "
+"before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -7603,7 +7846,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
-"represent the first part of the address before the '@' sign."
+"represents the first part of the address before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7623,7 +7866,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
-"component represent the first part of the name before the first '.' sign."
+"component represents the first part of the name before the first '.' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7739,7 +7982,7 @@ msgstr ""
 #: sss-certmap.5.xml:367
 msgid ""
 "The templates to add certificate data to the search filter are based on "
-"Python-style formatting strings. They consists of a keyword in curly braces "
+"Python-style formatting strings. They consist of a keyword in curly braces "
 "with an optional sub-component specifier separated by a '.' or an optional "
 "conversion/formatting option separated by a '!'.  Allowed values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -7859,16 +8102,17 @@ msgstr ""
 #: sssd-ipa.5.xml:113
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
+"fully qualified name used in the IPA domain to identify this host.  The "
+"hostname must be fully qualified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121 sssd-ad.5.xml:843
+#: sssd-ipa.5.xml:122 sssd-ad.5.xml:843
 msgid "dyndns_update (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:125
 msgid ""
 "Optional. This option tells SSSD to automatically update the DNS server "
 "built into FreeIPA with the IP address of this client. The update is secured "
@@ -7878,14 +8122,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:133 sssd-ad.5.xml:857
+#: sssd-ipa.5.xml:134 sssd-ad.5.xml:857
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:139
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_update</"
@@ -7893,12 +8137,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:150 sssd-ad.5.xml:868
+#: sssd-ipa.5.xml:151 sssd-ad.5.xml:868
 msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:153 sssd-ad.5.xml:871
+#: sssd-ipa.5.xml:154 sssd-ad.5.xml:871
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -7906,7 +8150,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:159
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
@@ -7914,17 +8158,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:164
+#: sssd-ipa.5.xml:165
 msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:170 sssd-ad.5.xml:882
+#: sssd-ipa.5.xml:171 sssd-ad.5.xml:882
 msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173 sssd-ad.5.xml:885
+#: sssd-ipa.5.xml:174 sssd-ad.5.xml:885
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -7933,7 +8177,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180
+#: sssd-ipa.5.xml:181
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -7941,24 +8185,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:186
+#: sssd-ipa.5.xml:187
 msgid ""
 "Default: Use the IP addresses of the interface which is used for IPA LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:190 sssd-ad.5.xml:896
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:896
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196 sssd-ad.5.xml:947
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:947
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199 sssd-ad.5.xml:950
+#: sssd-ipa.5.xml:200 sssd-ad.5.xml:950
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -7966,24 +8210,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:205 sssd-ad.5.xml:956
-#, fuzzy
-#| msgid "Default: true"
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:956
 msgid "Default: GSS-TSIG"
-msgstr "Oletus:tosi"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:212
 msgid "ipa_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:197
+#: sssd-ipa.5.xml:215 sssd-ad.5.xml:197
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:218
+#: sssd-ipa.5.xml:219
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, then the SSSD will first attempt location "
@@ -7995,12 +8237,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:237 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:238 sssd-ad.5.xml:902
 msgid "dyndns_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:240
+#: sssd-ipa.5.xml:241
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -8008,234 +8250,278 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:920
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:920
 msgid "dyndns_update_ptr (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:923
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:923
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:261
+#: sssd-ipa.5.xml:262
 msgid ""
 "This option should be False in most IPA deployments as the IPA server "
 "generates the PTR records automatically when forward records are changed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:268
 msgid "Default: False (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273 sssd-ad.5.xml:934
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:934
 msgid "dyndns_force_tcp (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276 sssd-ad.5.xml:937
+#: sssd-ipa.5.xml:277 sssd-ad.5.xml:937
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:941
+#: sssd-ipa.5.xml:281 sssd-ad.5.xml:941
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:286 sssd-ad.5.xml:962
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:962
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:289 sssd-ad.5.xml:965
+#: sssd-ipa.5.xml:290 sssd-ad.5.xml:965
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:294 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:295 sssd-ad.5.xml:970
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:299 sssd-ad.5.xml:975
+#: sssd-ipa.5.xml:300 sssd-ad.5.xml:975
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:304 sssd-ad.5.xml:980
+#: sssd-ipa.5.xml:305 sssd-ad.5.xml:980
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:310
-msgid "ipa_hbac_search_base (string)"
+#: sssd-ipa.5.xml:311
+msgid "ipa_deskprofile_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Optional. Use the given string as search base for HBAC related objects."
+#: sssd-ipa.5.xml:314
+msgid ""
+"Optional. Use the given string as search base for Desktop Profile related "
+"objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:317
+#: sssd-ipa.5.xml:318 sssd-ipa.5.xml:331
 msgid "Default: Use base DN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:324
+msgid "ipa_hbac_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:327
+msgid "Optional. Use the given string as search base for HBAC related objects."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:337
 msgid "ipa_host_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:326
+#: sssd-ipa.5.xml:340
 msgid "Optional. Use the given string as search base for host objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:330 sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 sssd-ipa.5.xml:387
-#: sssd-ipa.5.xml:406
+#: sssd-ipa.5.xml:344 sssd-ipa.5.xml:363 sssd-ipa.5.xml:382 sssd-ipa.5.xml:401
+#: sssd-ipa.5.xml:420
 msgid ""
 "See <quote>ldap_search_base</quote> for information about configuring "
 "multiple search bases."
 msgstr ""
 
 #. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:335 sssd-ipa.5.xml:354 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 include/ldap_search_bases.xml:27
 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:356
 msgid "ipa_selinux_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:345
+#: sssd-ipa.5.xml:359
 msgid "Optional. Use the given string as search base for SELinux user maps."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:375
 msgid "ipa_subdomains_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364
+#: sssd-ipa.5.xml:378
 msgid "Optional. Use the given string as search base for trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:373
+#: sssd-ipa.5.xml:387
 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:380
+#: sssd-ipa.5.xml:394
 msgid "ipa_master_domain_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:383
+#: sssd-ipa.5.xml:397
 msgid "Optional. Use the given string as search base for master domain object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:406
 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:399
+#: sssd-ipa.5.xml:413
 msgid "ipa_views_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:402
+#: sssd-ipa.5.xml:416
 msgid "Optional. Use the given string as search base for views containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:411
+#: sssd-ipa.5.xml:425
 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:435
 msgid ""
 "The name of the Kerberos realm. This is optional and defaults to the value "
 "of <quote>ipa_domain</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:425
+#: sssd-ipa.5.xml:439
 msgid ""
 "The name of the Kerberos realm has a special meaning in IPA - it is "
 "converted into the base DN to use for performing LDAP operations."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:433 sssd-ad.5.xml:989
+#: sssd-ipa.5.xml:447 sssd-ad.5.xml:989
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:436 sssd-ad.5.xml:992
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:992
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:440 sssd-ad.5.xml:996
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:996
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:444 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1000
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:465
+msgid "ipa_deskprofile_refresh (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:468
 msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server. This will reduce the latency and load on the IPA server if there "
+"are many desktop profiles requests made in a short period."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ipa.5.xml:477 sssd-ad.5.xml:408
+#: sssd-ipa.5.xml:475 sssd-ipa.5.xml:505 sssd-ipa.5.xml:521 sssd-ad.5.xml:408
 msgid "Default: 5 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:481
+msgid "ipa_deskprofile_request_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:484
+msgid ""
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server in case the last request did not return any rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:489
+#, fuzzy
+#| msgid "Default: not set"
+msgid "Default: 60 (minutes)"
+msgstr "Oletus: ei asetettu"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:495
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:498
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:511
 msgid "ipa_hbac_selinux (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:470
+#: sssd-ipa.5.xml:514
 msgid ""
 "The amount of time between lookups of the SELinux maps against the IPA "
 "server. This will reduce the latency and load on the IPA server if there are "
@@ -8243,192 +8529,192 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:527
 msgid "ipa_server_mode (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:486
+#: sssd-ipa.5.xml:530
 msgid ""
 "This option will be set by the IPA installer (ipa-server-install) "
 "automatically and denotes if SSSD is running on an IPA server or not."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:535
 msgid ""
 "On an IPA server SSSD will lookup users and groups from trusted domains "
 "directly while on a client it will ask an IPA server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:502
+#: sssd-ipa.5.xml:546
 msgid "ipa_automount_location (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:505
+#: sssd-ipa.5.xml:549
 msgid "The automounter location this IPA client will be using"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508
+#: sssd-ipa.5.xml:552
 msgid "Default: The location named \"default\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:516
+#: sssd-ipa.5.xml:560
 msgid "VIEWS AND OVERRIDES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:525
+#: sssd-ipa.5.xml:569
 msgid "ipa_view_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:572
 msgid "Objectclass of the view container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:575
 msgid "Default: nsContainer"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:537
+#: sssd-ipa.5.xml:581
 msgid "ipa_view_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:540
+#: sssd-ipa.5.xml:584
 msgid "Name of the attribute holding the name of the view."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:550
+#: sssd-ipa.5.xml:594
 msgid "ipa_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:597
 msgid "Objectclass of the override objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:556
+#: sssd-ipa.5.xml:600
 msgid "Default: ipaOverrideAnchor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:606
 msgid "ipa_anchor_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:565
+#: sssd-ipa.5.xml:609
 msgid ""
 "Name of the attribute containing the reference to the original object in a "
 "remote domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:613
 msgid "Default: ipaAnchorUUID"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:619
 msgid "ipa_user_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:578
+#: sssd-ipa.5.xml:622
 msgid ""
 "Name of the objectclass for user overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:583
+#: sssd-ipa.5.xml:627
 msgid "User overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:586
+#: sssd-ipa.5.xml:630
 msgid "ldap_user_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:589
+#: sssd-ipa.5.xml:633
 msgid "ldap_user_uid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:592
+#: sssd-ipa.5.xml:636
 msgid "ldap_user_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:595
+#: sssd-ipa.5.xml:639
 msgid "ldap_user_gecos"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:598
+#: sssd-ipa.5.xml:642
 msgid "ldap_user_home_directory"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:601
+#: sssd-ipa.5.xml:645
 msgid "ldap_user_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:604
+#: sssd-ipa.5.xml:648
 msgid "ldap_user_ssh_public_key"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:653
 msgid "Default: ipaUserOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:615
+#: sssd-ipa.5.xml:659
 msgid "ipa_group_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:618
+#: sssd-ipa.5.xml:662
 msgid ""
 "Name of the objectclass for group overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:623
+#: sssd-ipa.5.xml:667
 msgid "Group overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:626
+#: sssd-ipa.5.xml:670
 msgid "ldap_group_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:629
+#: sssd-ipa.5.xml:673
 msgid "ldap_group_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
+#: sssd-ipa.5.xml:678
 msgid "Default: ipaGroupOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:518
+#: sssd-ipa.5.xml:562
 msgid ""
 "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
 "later version. Since all paths and objectclasses are fixed on the server "
@@ -8438,19 +8724,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:646
+#: sssd-ipa.5.xml:690
 msgid "SUBDOMAINS PROVIDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:692
 msgid ""
 "The IPA subdomains provider behaves slightly differently if it is configured "
 "explicitly or implicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:652
+#: sssd-ipa.5.xml:696
 msgid ""
 "If the option 'subdomains_provider = ipa' is found in the domain section of "
 "sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -8458,7 +8744,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:658
+#: sssd-ipa.5.xml:702
 msgid ""
 "If the option 'subdomains_provider' is not set in the domain section of sssd."
 "conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -8470,7 +8756,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:675
+#: sssd-ipa.5.xml:719
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -8478,7 +8764,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:682
+#: sssd-ipa.5.xml:726
 #, no-wrap
 msgid ""
 "[domain/example.com]\n"
@@ -8632,16 +8918,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
 #: sssd-ad.5.xml:140
-#, fuzzy, no-wrap
-#| msgid ""
-#| "subdomain_inherit = ldap_purge_cache_timeout\n"
-#| "                            "
+#, no-wrap
 msgid ""
 "ad_enabled_domains = sales.example.com, eng.example.com\n"
 "                            "
 msgstr ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-"                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:136
@@ -9359,10 +9640,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:819
-#, fuzzy
-#| msgid "Default: false"
 msgid "Default: 30 days"
-msgstr "Oletus:epätosi"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:825
@@ -9373,10 +9652,10 @@ msgstr ""
 #: sssd-ad.5.xml:828
 msgid ""
 "This option should only be used to test the machine account renewal task. "
-"The option expect 2 integers seperated by a colon (':'). The first integer "
+"The option expects 2 integers separated by a colon (':'). The first integer "
 "defines the interval in seconds how often the task is run. The second "
-"specifies the inital timeout in seconds before the task is run for the first "
-"time after startup."
+"specifies the initial timeout in seconds before the task is run for the "
+"first time after startup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -9480,8 +9759,8 @@ msgid ""
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
+#. type: Content of: <reference><refentry><refmeta><refentrytitle>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
 msgid "sssd-sudo"
 msgstr ""
 
@@ -9804,12 +10083,12 @@ msgid "Run in the foreground, don't become a daemon."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117 sss_debuglevel.8.xml:42
+#: sssd.8.xml:117
 msgid "<option>-c</option>,<option>--config</option>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121 sss_debuglevel.8.xml:46
+#: sssd.8.xml:121
 msgid ""
 "Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
 "conf</filename>. For reference on the config file syntax and options, "
@@ -10235,10 +10514,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sss_override.8.xml:261 sssctl.8.xml:50
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "COMMON OPTIONS"
-msgstr "VALINNAT"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:263 sssctl.8.xml:52
@@ -11481,7 +11758,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_debuglevel.8.xml:16
-msgid "change debug level while SSSD is running"
+msgid "[DEPRECATED] change debug level while SSSD is running"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
@@ -11495,14 +11772,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_debuglevel.8.xml:32
 msgid ""
-"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
-"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
-"running."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_debuglevel.8.xml:59
-msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl "
+"debug-level command. Please refer to the <command>sssctl</command> man page "
+"for more information on sssctl usage."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
@@ -11899,7 +12171,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><title>
-#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:182 include/seealso.xml:2
+#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:180 include/seealso.xml:2
 msgid "SEE ALSO"
 msgstr ""
 
@@ -12072,7 +12344,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: idmap_sss.8.xml:16
-msgid "SSSSD's idmap_sss Backend for Winbind"
+msgid "SSSD's idmap_sss Backend for Winbind"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
@@ -12084,10 +12356,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: idmap_sss.8.xml:29
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "IDMAP OPTIONS"
-msgstr "VALINNAT"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: idmap_sss.8.xml:33
@@ -12101,11 +12371,6 @@ msgid ""
 "authoritative."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><title>
-#: idmap_sss.8.xml:43
-msgid "EXAMPLES"
-msgstr ""
-
 #. type: Content of: <reference><refentry><refsect1><para>
 #: idmap_sss.8.xml:45
 msgid ""
@@ -12271,20 +12536,53 @@ msgid ""
 "nested."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:69
+msgid "secrets"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:70
+msgid "secrets for general usage"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:73
+msgid "kcm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:75
+msgid ""
+"used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:61
+msgid ""
+"Since the secrets responder can be used both externally to store general "
+"secrets, as described in the rest of this man page, but also internally by "
+"other SSSD components to store their secret material, some configuration "
+"options, like quotas can be configured per <quote>hive</quote> in a "
+"configuration subsection named after the hive. The currently supported hives "
+"are: <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:63
+#: sssd-secrets.5.xml:89
 msgid "USING THE SECRETS RESPONDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:65
+#: sssd-secrets.5.xml:91
 msgid ""
 "The UNIX socket the SSSD responder listens on is located at <filename>/var/"
 "run/secrets.socket</filename>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:84 sssd-kcm.8.xml:132
+#: sssd-secrets.5.xml:110
 #, no-wrap
 msgid ""
 "systemctl start sssd-secrets.socket\n"
@@ -12294,7 +12592,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:69
+#: sssd-secrets.5.xml:95
 msgid ""
 "The secrets responder is socket-activated by <citerefentry> "
 "<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </"
@@ -12309,7 +12607,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:96
+#: sssd-secrets.5.xml:122
 msgid ""
 "The generic SSSD responder options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the secrets responder.  Please refer "
@@ -12318,18 +12616,27 @@ msgid ""
 "there are some secrets-specific options as well."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:132
+msgid ""
+"The secrets responder is configured with a global <quote>[secrets]</quote> "
+"section and an optional per-user <quote>[secrets/users/$uid]</quote> section "
+"in <filename>sssd.conf</filename>. Please note that some options, notably as "
+"the provider type, can only be specified in the per-user subsections."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:107
+#: sssd-secrets.5.xml:141
 msgid "provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:120
+#: sssd-secrets.5.xml:157
 msgid "local"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:123
+#: sssd-secrets.5.xml:160
 msgid ""
 "The secrets are stored in a local database, encrypted at rest with a master "
 "key. The local provider does not have any additional config options at the "
@@ -12337,153 +12644,192 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:131
+#: sssd-secrets.5.xml:168
 msgid "proxy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:134
+#: sssd-secrets.5.xml:171
 msgid ""
 "The secrets responder forwards the requests to a Custodia server. The proxy "
 "provider supports several additional options (see below)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:110
+#: sssd-secrets.5.xml:144
 msgid ""
 "This option specifies where should the secrets be stored. The secrets "
-"responder can configure a per-user subsections that define which provider "
-"store the secrets for this particular user. The per-user subsections should "
-"contain all options for that user's provider. If a per-user section does not "
-"exist, the global settings from the secret responder's section are used.  "
-"The following providers are supported: <placeholder type=\"variablelist\" id="
-"\"0\"/>"
+"responder can configure a per-user subsections (e.g. <quote>[secrets/"
+"users/123]</quote> - see bottom of this manual page for a full example using "
+"Custodia for a particular user) that define which provider store the secrets "
+"for this particular user. The per-user subsections should contain all "
+"options for that user's provider. Please note that currently the global "
+"provider is always local, the proxy provider can only be specified in a per-"
+"user section. The following providers are supported: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:143
-#, fuzzy
-#| msgid "Default: false"
+#: sssd-secrets.5.xml:180
 msgid "Default: local"
-msgstr "Oletus:epätosi"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:186
+msgid ""
+"The following options affect only the secrets <quote>hive</quote> and "
+"therefore should be set in a per-hive subsection. Setting the option to 0 "
+"means \"unlimited\"."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:148
-#, fuzzy
-#| msgid "debug_level (integer)"
+#: sssd-secrets.5.xml:192
 msgid "containers_nest_level (integer)"
-msgstr "debug_level (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:151
+#: sssd-secrets.5.xml:195
 msgid "This option specifies the maximum allowed number of nested containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:155
-#, fuzzy
-#| msgid "Default: true"
+#: sssd-secrets.5.xml:199
 msgid "Default: 4"
-msgstr "Oletus:tosi"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:160
+#: sssd-secrets.5.xml:204
+msgid "max_secrets (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:207
+msgid ""
+"This option specifies the maximum number of secrets that can be stored in "
+"the hive."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:211
+msgid "Default: 1024 (secrets hive), 256 (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:216
 #, fuzzy
 #| msgid "debug_level (integer)"
-msgid "max_secrets (integer)"
+msgid "max_uid_secrets (integer)"
 msgstr "debug_level (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:163
-msgid "This option specifies the maximum number of secrets that can be stored."
+#: sssd-secrets.5.xml:219
+msgid ""
+"This option specifies the maximum number of secrets that can be stored per-"
+"UID in the hive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:167
-#, fuzzy
-#| msgid "Default: true"
-msgid "Default: 1024"
-msgstr "Oletus:tosi"
+#: sssd-secrets.5.xml:223
+msgid "Default: 256 (secrets hive), 64 (kcm hive)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:172
+#: sssd-secrets.5.xml:228
 msgid "max_payload_size (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:175
+#: sssd-secrets.5.xml:231
 msgid ""
 "This option specifies the maximum payload size allowed for a secret payload "
 "in kilobytes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:179
-#, fuzzy
-#| msgid "Default: true"
-msgid "Default: 16"
-msgstr "Oletus:tosi"
+#: sssd-secrets.5.xml:235
+msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-secrets.5.xml:244
+#, no-wrap
+msgid ""
+"[secrets/secrets]\n"
+"max_payload_size = 128\n"
+"\n"
+"[secrets/kcm]\n"
+"max_payload_size = 256\n"
+"            "
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:185
+#: sssd-secrets.5.xml:241
+msgid ""
+"For example, to adjust quotas differently for both the <quote>secrets</"
+"quote> and the <quote>kcm</quote> hives, configure the following: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:252
 msgid ""
 "The following options are only applicable for configurations that use the "
 "<quote>proxy</quote> provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:190
+#: sssd-secrets.5.xml:257
 msgid "proxy_url (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:193
+#: sssd-secrets.5.xml:260
 msgid ""
 "The URL the Custodia server is listening on. At the moment, http and https "
 "protocols are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:200
+#: sssd-secrets.5.xml:267
 msgid "http[s]://&lt;host&gt;[:port]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:203
+#: sssd-secrets.5.xml:270
 msgid "Example: http://localhost:8080"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:208
+#: sssd-secrets.5.xml:275
 msgid "auth_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:211
+#: sssd-secrets.5.xml:278
 msgid ""
 "The method to use when authenticating to a Custodia server. The following "
 "authentication methods are supported:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:216
+#: sssd-secrets.5.xml:283
 msgid "basic_auth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:219
+#: sssd-secrets.5.xml:286
 msgid ""
 "Authenticate with a username and a password as set in the <quote>username</"
 "quote> and <quote>password</quote> options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:226
+#: sssd-secrets.5.xml:293
 msgid "header"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:229
+#: sssd-secrets.5.xml:296
 msgid ""
 "Authenticate with HTTP header value as defined in the "
 "<quote>auth_header_name</quote> and <quote>auth_header_value</quote> "
@@ -12491,12 +12837,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:240
+#: sssd-secrets.5.xml:307
 msgid "auth_header_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:243
+#: sssd-secrets.5.xml:310
 msgid ""
 "If set, the secrets responder would put a header with this name into the "
 "HTTP request with the value defined in the <quote>auth_header_value</quote> "
@@ -12504,81 +12850,81 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:248
+#: sssd-secrets.5.xml:315
 msgid "Example: MYSECRETNAME"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:253
+#: sssd-secrets.5.xml:320
 msgid "auth_header_value (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:256
+#: sssd-secrets.5.xml:323
 msgid ""
 "The value sssd-secrets would use for the <quote>auth_header_name</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:260
+#: sssd-secrets.5.xml:327
 msgid "Example: mysecret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:265
+#: sssd-secrets.5.xml:332
 msgid "forward_headers (list of strings)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:268
+#: sssd-secrets.5.xml:335
 msgid ""
 "The list of HTTP headers to forward to the Custodia server together with the "
 "request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:277
+#: sssd-secrets.5.xml:344
 msgid "verify_peer (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:280
+#: sssd-secrets.5.xml:347
 msgid ""
 "Whether peer's certificate should be verified and valid if HTTPS protocol is "
 "used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:289
+#: sssd-secrets.5.xml:356
 msgid "verify_host (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:292
+#: sssd-secrets.5.xml:359
 msgid ""
 "Whether peer's hostname must match with hostname in its certificate if HTTPS "
 "protocol is used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:302
+#: sssd-secrets.5.xml:369
 msgid "capath (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:305
+#: sssd-secrets.5.xml:372
 msgid ""
 "Path to directory containing stored certificate authority certificates. "
 "System default path is used if this option is not set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:315
+#: sssd-secrets.5.xml:382
 msgid "cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:318
+#: sssd-secrets.5.xml:385
 msgid ""
 "Path to file containing server's certificate authority certificate. If this "
 "option is not set then the CA's certificate is looked up in <quote>capath</"
@@ -12586,12 +12932,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:328
+#: sssd-secrets.5.xml:395
 msgid "cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:331
+#: sssd-secrets.5.xml:398
 msgid ""
 "Path to file containing client's certificate if required by the server. This "
 "file may also contain private key or the private key may be in separate file "
@@ -12599,22 +12945,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:342
+#: sssd-secrets.5.xml:409
 msgid "key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:345
+#: sssd-secrets.5.xml:412
 msgid "Path to file containing client's private key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:355
+#: sssd-secrets.5.xml:422
 msgid "USING THE REST API"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:357
+#: sssd-secrets.5.xml:424
 msgid ""
 "This section lists the available commands and includes examples using the "
 "<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> "
@@ -12629,19 +12975,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:374
+#: sssd-secrets.5.xml:441
 msgid "Listing secrets"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:377
+#: sssd-secrets.5.xml:444
 msgid ""
 "To list the available secrets, send a HTTP GET request with a trailing slash "
 "appended to the container path."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:383
+#: sssd-secrets.5.xml:450
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12651,19 +12997,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:391
+#: sssd-secrets.5.xml:458
 msgid "Retrieving a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:394
+#: sssd-secrets.5.xml:461
 msgid ""
 "To read a value of a single secret, send a HTTP GET request without a "
 "trailing slash. The last portion of the URI is the name of the secret."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:401
+#: sssd-secrets.5.xml:468
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12673,7 +13019,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:406
+#: sssd-secrets.5.xml:473
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -12683,21 +13029,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:399
-#, fuzzy
-#| msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+#: sssd-secrets.5.xml:466
 msgid ""
 "Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
 "\"programlisting\" id=\"1\"/>"
-msgstr "Esimerkki: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:414
+#: sssd-secrets.5.xml:481
 msgid "Setting a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:417
+#: sssd-secrets.5.xml:484
 msgid ""
 "To set a secret using the <quote>application/json</quote> type, send a HTTP "
 "PUT request with a JSON payload that includes type and value. The type "
@@ -12706,14 +13050,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:425
+#: sssd-secrets.5.xml:492
 msgid ""
 "The <quote>application/json</quote> type just sends the secret as the "
 "message payload."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:434
+#: sssd-secrets.5.xml:501
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12724,7 +13068,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:440
+#: sssd-secrets.5.xml:507
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -12735,7 +13079,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:429
+#: sssd-secrets.5.xml:496
 msgid ""
 "The following example sets a secret named 'foo' to a value of 'foosecret' "
 "and a secret named 'bar' to a value of 'barsecret' using a different Content "
@@ -12744,12 +13088,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:449
+#: sssd-secrets.5.xml:516
 msgid "Creating a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:452
+#: sssd-secrets.5.xml:519
 msgid ""
 "Containers provide an additional namespace for this user's secrets. To "
 "create a container, send a HTTP POST request, whose URI ends with the "
@@ -12757,7 +13101,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:462
+#: sssd-secrets.5.xml:529
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12767,16 +13111,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:459
-#, fuzzy
-#| msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+#: sssd-secrets.5.xml:526
 msgid ""
 "The following example creates a container named 'mycontainer': <placeholder "
 "type=\"programlisting\" id=\"0\"/>"
-msgstr "Esimerkki: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:471
+#: sssd-secrets.5.xml:538
 #, no-wrap
 msgid ""
 "http://localhost/secrets/mycontainer/mysecret\n"
@@ -12784,26 +13126,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:468
+#: sssd-secrets.5.xml:535
 msgid ""
 "To manipulate secrets under this container, just nest the secrets underneath "
 "the container path: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:477
+#: sssd-secrets.5.xml:544
 msgid "Deleting a secret or a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:480
+#: sssd-secrets.5.xml:547
 msgid ""
 "To delete a secret or a container, send a HTTP DELETE request with a path to "
 "the secret or the container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:486
+#: sssd-secrets.5.xml:553
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12813,21 +13155,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:484
-#, fuzzy
-#| msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+#: sssd-secrets.5.xml:551
 msgid ""
 "The following example deletes a secret named 'foo'.  <placeholder type="
 "\"programlisting\" id=\"0\"/>"
-msgstr "Esimerkki: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:496
+#: sssd-secrets.5.xml:563
 msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:498
+#: sssd-secrets.5.xml:565
 msgid ""
 "For testing the proxy provider, you need to set up a Custodia server to "
 "proxy requests to. Please always consult the Custodia documentation, the "
@@ -12835,7 +13175,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:509
+#: sssd-secrets.5.xml:576
 #, no-wrap
 msgid ""
 "[global]\n"
@@ -12865,7 +13205,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:503
+#: sssd-secrets.5.xml:570
 msgid ""
 "This configuration will set up a Custodia server listening on http://"
 "localhost:8080, allowing anyone with header named MYSECRETNAME set to "
@@ -12875,14 +13215,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:535
+#: sssd-secrets.5.xml:602
 msgid ""
 "Then run the <replaceable>custodia</replaceable> command, pointing it at the "
 "config file as a command line argument."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:539
+#: sssd-secrets.5.xml:606
 msgid ""
 "Please note that currently it's not possible to proxy all requests globally "
 "to a Custodia instance. Instead, per-user subsections for user IDs that "
@@ -12893,7 +13233,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><programlisting>
-#: sssd-secrets.5.xml:547
+#: sssd-secrets.5.xml:614
 #, no-wrap
 msgid ""
 "[secrets]\n"
@@ -12908,6 +13248,71 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-session-recording.5.xml:16
+msgid "sssd-session-recording"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-session-recording.5.xml:17
+msgid "Configuring session recording with SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:23
+msgid ""
+"This manual page describes how to configure <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to "
+"implement user session recording on text terminals.  For a detailed "
+"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> "
+"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:41
+msgid ""
+"SSSD can be set up to enable recording of everything specific users see or "
+"type during their sessions on text terminals. E.g.  when users log in on the "
+"console, or via SSH. SSSD itself doesn't record anything, but makes sure "
+"tlog-rec-session is started upon user login, so it can record according to "
+"its configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:48
+msgid ""
+"For users with session recording enabled, SSSD replaces the user shell with "
+"tlog-rec-session in NSS responses, and adds a variable specifying the "
+"original shell to the user environment, upon PAM session setup. This way "
+"tlog-rec-session can be started in place of the user shell, and know which "
+"actual shell to start, once it set up the recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:60
+msgid "These options can be used to configure the session recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:146
+msgid ""
+"The following snippet of sssd.conf enables session recording for users "
+"\"contractor1\" and \"contractor2\", and group \"students\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-session-recording.5.xml:151
+#, no-wrap
+msgid ""
+"[session_recording]\n"
+"scope = some\n"
+"users = contractor1, contractor2\n"
+"groups = students\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
 msgid "sssd-kcm"
 msgstr ""
@@ -13024,7 +13429,6 @@ msgstr ""
 msgid ""
 "systemctl start sssd-kcm.socket\n"
 "systemctl enable sssd-kcm.socket\n"
-"systemctl enable sssd-kcm.service\n"
 "            "
 msgstr ""
 
@@ -13041,12 +13445,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-kcm.8.xml:123
+#: sssd-kcm.8.xml:122
 msgid "THE CREDENTIAL CACHE STORAGE"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:131
+#, no-wrap
+msgid ""
+"systemctl start sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.socket\n"
+"            "
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:125
+#: sssd-kcm.8.xml:124
 msgid ""
 "The credential caches are stored in the SSSD secrets service (see "
 "<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
@@ -13057,7 +13470,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:143
+#: sssd-kcm.8.xml:141
 msgid ""
 "The KCM service is configured in the <quote>kcm</quote> section of the sssd."
 "conf file. Please note that currently, is it not sufficient to restart the "
@@ -13070,7 +13483,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:157
+#: sssd-kcm.8.xml:155
 msgid ""
 "The generic SSSD service options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the kcm service.  Please refer to "
@@ -13080,28 +13493,410 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-kcm.8.xml:168
+#: sssd-kcm.8.xml:166
 msgid "socket_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:171
+#: sssd-kcm.8.xml:169
 msgid "The socket the KCM service will listen on."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:174
+#: sssd-kcm.8.xml:172
 msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:184
+#: sssd-kcm.8.xml:182
 msgid ""
 "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>,"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
+msgid "sssd-systemtap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-systemtap.5.xml:17
+msgid "SSSD systemtap information"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:23
+msgid ""
+"This manual page provides information about the systemtap functionality in "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:32
+msgid ""
+"SystemTap Probe points have been added into various locations in SSSD code "
+"to assist in troubleshooting and analyzing performance related issues."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:40
+msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:46
+msgid ""
+"Probes and miscellaneous functions are defined in /usr/share/systemtap/"
+"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp "
+"respectively."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-systemtap.5.xml:57
+msgid "PROBE POINTS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:341
+msgid ""
+"The information below lists the probe points and arguments available in the "
+"following format:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:64
+#, fuzzy
+#| msgid "user name"
+msgid "probe $name"
+msgstr "käyttäjänimi"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:67
+msgid "Description of probe point"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:70
+#, no-wrap
+msgid ""
+"variable1:datatype\n"
+"variable2:datatype\n"
+"variable3:datatype\n"
+"...\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:80
+msgid "Database Transaction Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:84
+msgid "probe sssd_transaction_start"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:87
+msgid ""
+"Start of a sysdb transaction, probes the sysdb_transaction_start() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118
+#: sssd-systemtap.5.xml:131
+#, no-wrap
+msgid ""
+"nesting:integer\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:97
+msgid "probe sssd_transaction_cancel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:100
+msgid ""
+"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel()  "
+"function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:111
+msgid "probe sssd_transaction_commit_before"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:114
+msgid "Probes the sysdb_transaction_commit_before()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:124
+msgid "probe sssd_transaction_commit_after"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:127
+msgid "Probes the sysdb_transaction_commit_after()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:141
+msgid "LDAP Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:145
+msgid "probe sdap_search_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:148
+msgid "Probes the sdap_get_generic_ext_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:152 sssd-systemtap.5.xml:167 sssd-systemtap.5.xml:196
+#, no-wrap
+msgid ""
+"base:string\n"
+"scope:integer\n"
+"filter:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:160
+msgid "probe sdap_search_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:163
+msgid "Probes the sdap_get_generic_ext_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:175
+msgid "probe sdap_deref_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:178
+msgid "Probes the sdap_deref_search_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:182
+#, no-wrap
+msgid ""
+"base_dn:string\n"
+"deref_attr:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:189
+msgid "probe sdap_deref_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:192
+msgid "Probes the sdap_deref_search_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:208
+msgid "LDAP Account Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:212
+msgid "probe sdap_acct_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:215
+msgid "Probes the sdap_acct_req_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:219 sssd-systemtap.5.xml:234
+#, no-wrap
+msgid ""
+"entry_type:int\n"
+"filter_type:int\n"
+"filter_value:string\n"
+"extra_value:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:227
+msgid "probe sdap_acct_req_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:230
+msgid "Probes the sdap_acct_req_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:246
+msgid "LDAP User Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:250
+msgid "probe sdap_search_user_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:253
+msgid "Probes the sdap_search_user_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
+#: sssd-systemtap.5.xml:293
+#, no-wrap
+msgid ""
+"filter:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:262
+msgid "probe sdap_search_user_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:265
+msgid "Probes the sdap_search_user_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:274
+msgid "probe sdap_search_user_save_begin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:277
+msgid "Probes the sdap_search_user_save_begin()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:286
+msgid "probe sdap_search_user_save_end"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:289
+msgid "Probes the sdap_search_user_save_end()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:302
+msgid "Data Provider Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:306
+msgid "probe dp_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:309
+msgid "A Data Provider request is submitted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:312
+#, no-wrap
+msgid ""
+"dp_req_domain:string\n"
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:320
+msgid "probe dp_req_done"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:323
+msgid "A Data Provider request is completed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:326
+#, no-wrap
+msgid ""
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"dp_ret:int\n"
+"dp_errorstr:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:339
+msgid "MISCELLANEOUS FUNCTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:346
+msgid "function acct_req_desc(entry_type)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:349
+msgid "Convert entry_type to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:354
+msgid ""
+"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
+"filter_value, extra_value)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:358
+msgid "Create probe string based on filter type"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:363
+msgid "function dp_target_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:366
+msgid "Convert target to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:371
+msgid "function dp_method_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:374
+msgid "Convert method to string and return string"
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
 msgid "SERVICE DISCOVERY"
@@ -13251,6 +14046,69 @@ msgid ""
 "offline mode, and then attempts to reconnect every 30 seconds."
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:53
+msgid "Failover time outs and tuning"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:55
+msgid ""
+"Resolving a server to connect to can be as simple as running a single DNS "
+"query or can involve several steps, such as finding the correct site or "
+"trying out multiple host names in case some of the configured servers are "
+"not reachable. The more complex scenarios can take some time and SSSD needs "
+"to balance between providing enough time to finish the resolution process "
+"but on the other hand, not trying for too long before falling back to "
+"offline mode. If the SSSD debug logs show that the server resolution is "
+"timing out before a live server is contacted, you can consider changing the "
+"time outs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:76
+msgid "dns_resolver_op_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:80
+msgid "How long would SSSD talk to a single DNS server."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:86
+#, fuzzy
+#| msgid "client_idle_timeout"
+msgid "dns_resolver_timeout"
+msgstr "client_idle_timeout"
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:90
+msgid ""
+"How long would SSSD try to resolve a failover service. This service "
+"resolution internally might include several steps, such as resolving DNS SRV "
+"queries or locating the site."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:67
+msgid ""
+"This section lists the available tunables. Please refer to their description "
+"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, manual page.  <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:100
+msgid ""
+"For LDAP-based providers, the resolve operation is performed as part of an "
+"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"quote> timeout should be set to a larger value than "
+"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
+"value than <quote>dns_resolver_op_timeout</quote>."
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/ldap_id_mapping.xml:2
 msgid "ID MAPPING"
@@ -13830,34 +14688,37 @@ msgid ""
 "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> "
 "<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
+"citerefentry>, </phrase> <citerefentry> <refentrytitle>sssd-session-"
+"recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, "
+"<citerefentry> <refentrytitle>sss_cache</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
-"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
+"\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
 "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>.  <citerefentry> "
 "<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
+"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
+"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> </phrase>"
 msgstr ""
 
 #. type: Content of: <listitem><para>
@@ -14077,10 +14938,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58
-#, fuzzy
-#| msgid "ldap_use_tokengroups"
 msgid "ldap_use_tokengroups = true"
-msgstr "ldap_use_tokengroups"
+msgstr ""
 
 #. type: Content of: <refsect1><para>
 #: include/ipa_modified_defaults.xml:4
@@ -14150,42 +15009,37 @@ msgstr ""
 msgid "ldap_user_auth_type = ipaUserAuthType"
 msgstr ""
 
-#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:88
-msgid "ldap_user_certificate = userCertificate;binary"
-msgstr ""
-
 #. type: Content of: <refsect1><refsect2><title>
-#: include/ipa_modified_defaults.xml:94
+#: include/ipa_modified_defaults.xml:89
 msgid "LDAP Provider - Group options"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:98
+#: include/ipa_modified_defaults.xml:93
 msgid "ldap_group_object_class = ipaUserGroup"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:103
+#: include/ipa_modified_defaults.xml:98
 msgid "ldap_group_object_class_alt = posixGroup"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:108
+#: include/ipa_modified_defaults.xml:103
 msgid "ldap_group_member = member"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:113
+#: include/ipa_modified_defaults.xml:108
 msgid "ldap_group_uuid = ipaUniqueID"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:118
+#: include/ipa_modified_defaults.xml:113
 msgid "ldap_group_objectsid = ipaNTSecurityIdentifier"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:123
+#: include/ipa_modified_defaults.xml:118
 msgid "ldap_group_external_member = ipaExternalMember"
 msgstr ""
diff --git a/src/man/po/fr.po b/src/man/po/fr.po
index ab18dd13e..f7309b1d1 100644
--- a/src/man/po/fr.po
+++ b/src/man/po/fr.po
@@ -14,9 +14,9 @@
 # Jérôme Fenal <jfenal@gmail.com>, 2016. #zanata
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.12.90\n"
+"Project-Id-Version: sssd-docs 1.15.3\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2017-07-25 11:51+0200\n"
+"POT-Creation-Date: 2017-10-20 16:15+0200\n"
 "PO-Revision-Date: 2016-03-19 03:04-0400\n"
 "Last-Translator: Jean-Baptiste Holcroft <jean-baptiste@holcroft.fr>\n"
 "Language-Team: French (http://www.transifex.com/projects/p/sssd/language/"
@@ -38,7 +38,8 @@ msgstr ""
 #: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
 #: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
 #: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5
-#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-kcm.8.xml:5
+#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-session-recording.5.xml:5
+#: sssd-kcm.8.xml:5 sssd-systemtap.5.xml:5
 msgid "SSSD Manual pages"
 msgstr "Pages de manuel de SSSD"
 
@@ -83,7 +84,8 @@ msgstr ""
 #: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31
 #: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
 #: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30
-#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-kcm.8.xml:21
+#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-session-recording.5.xml:21
+#: sssd-kcm.8.xml:21 sssd-systemtap.5.xml:21
 msgid "DESCRIPTION"
 msgstr "DESCRIPTION"
 
@@ -100,8 +102,8 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "OPTIONS"
 
@@ -152,7 +154,8 @@ msgstr "sssd.conf"
 #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
 #: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11
 #: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
-#: sssd-files.5.xml:11 sssd-secrets.5.xml:11
+#: sssd-files.5.xml:11 sssd-secrets.5.xml:11 sssd-session-recording.5.xml:11
+#: sssd-systemtap.5.xml:11
 msgid "5"
 msgstr "5"
 
@@ -160,7 +163,8 @@ msgstr "5"
 #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
 #: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12
 #: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
-#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-kcm.8.xml:12
+#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-session-recording.5.xml:12
+#: sssd-kcm.8.xml:12 sssd-systemtap.5.xml:12
 msgid "File Formats and Conventions"
 msgstr "Formats de fichier et conventions"
 
@@ -308,10 +312,8 @@ msgstr "debug_level (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:112
-#, fuzzy
-#| msgid "debug_level (integer)"
 msgid "debug (integer)"
-msgstr "debug_level (entier)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:115
@@ -337,11 +339,11 @@ msgstr ""
 "la journalisation de débogage de SSSD, cette option sera ignorée."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:813
-#: sssd.conf.5.xml:1422 sssd-ldap.5.xml:1695 sssd-ldap.5.xml:1792
-#: sssd-ldap.5.xml:1854 sssd-ldap.5.xml:2411 sssd-ldap.5.xml:2476
-#: sssd-ldap.5.xml:2494 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:284 sssd-secrets.5.xml:297
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
+#: sssd.conf.5.xml:1467 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1881 sssd-ldap.5.xml:2447 sssd-ldap.5.xml:2512
+#: sssd-ldap.5.xml:2530 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
+#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr "Par défaut : true"
 
@@ -361,17 +363,19 @@ msgstr ""
 "sera ignorée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:697
-#: sssd.conf.5.xml:1376 sssd.conf.5.xml:2691 sssd-ldap.5.xml:708
-#: sssd-ldap.5.xml:1569 sssd-ldap.5.xml:1588 sssd-ldap.5.xml:1764
-#: sssd-ldap.5.xml:2181 sssd-ipa.5.xml:144 sssd-ipa.5.xml:231
-#: sssd-ipa.5.xml:496 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
+#: sssd.conf.5.xml:1400 sssd.conf.5.xml:2865 sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:1596 sssd-ldap.5.xml:1615 sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:2217 sssd-ipa.5.xml:145 sssd-ipa.5.xml:232
+#: sssd-ipa.5.xml:540 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
 #: sssd-krb5.5.xml:471
 msgid "Default: false"
 msgstr "Par défaut : false"
 
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2219
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2255
+#: sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:210
+#: sssd-systemtap.5.xml:248 sssd-systemtap.5.xml:304
 msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
 
@@ -387,21 +391,15 @@ msgstr "timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:162
-#, fuzzy
-#| msgid ""
-#| "Timeout in seconds between heartbeats for this service. This is used to "
-#| "ensure that the process is alive and capable of answering requests."
 msgid ""
 "Timeout in seconds between heartbeats for this service. This is used to "
 "ensure that the process is alive and capable of answering requests. Note "
 "that after three missed heartbeats the process will terminate itself."
 msgstr ""
-"Délai d'attente entre deux requêtes pour ce domaine. Ceci est utilisé pour "
-"s'assurer que le processus est toujours actif et capable de répondre."
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1328 sssd.conf.5.xml:2707
-#: sssd-ldap.5.xml:1440 include/ldap_id_mapping.xml:264
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1352 sssd.conf.5.xml:2881
+#: sssd-ldap.5.xml:1467 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr "Par défaut : 10"
 
@@ -416,7 +414,7 @@ msgid "The [sssd] section"
 msgstr "La section [sssd]"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:2796
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:2970
 msgid "Section parameters"
 msgstr "Paramètres de sections"
 
@@ -470,12 +468,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:589
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
 msgid "reconnection_retries (integer)"
 msgstr "reconnection_retries (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:592
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
@@ -485,7 +483,7 @@ msgstr ""
 "d'abandonner"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:597
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
 msgid "Default: 3"
 msgstr "Par défaut : 3"
 
@@ -496,13 +494,6 @@ msgstr "domaines"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:247
-#, fuzzy
-#| msgid ""
-#| "A domain is a database containing user information. SSSD can use more "
-#| "domains at the same time, but at least one must be configured or SSSD "
-#| "won't start.  This parameter described the list of domains in the order "
-#| "you want them to be queried.  A domain name should only consist of "
-#| "alphanumeric ASCII characters, dashes, dots and underscores."
 msgid ""
 "A domain is a database containing user information. SSSD can use more "
 "domains at the same time, but at least one must be configured or SSSD won't "
@@ -510,15 +501,9 @@ msgid ""
 "them to be queried.  A domain name should only consist of alphanumeric ASCII "
 "characters, dashes, dots and underscores."
 msgstr ""
-"Un domaine est une base de données contenant les informations utilisateurs. "
-"SSSD peut utiliser plusieurs domaines en même temps, au moins un doit être "
-"configuré ou SSSD ne démarrera pas. Ce paramètre décrit la liste des "
-"domaines dans l'ordre où ils doivent être requêtés. Un nom de domaine ne "
-"doit comprendre que des caractères ASCII alphanumériques, des tirets, des "
-"points et caractères soulignés."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2508
 msgid "re_expression (string)"
 msgstr "re_expression (chaîne)"
 
@@ -533,28 +518,19 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:267
-#, fuzzy
-#| msgid ""
-#| "Each domain can have an individual regular expression configured. For "
-#| "some ID providers there are also default regular expressions.  See DOMAIN "
-#| "SECTIONS for more info on these regular expressions."
 msgid ""
 "Each domain can have an individual regular expression configured. For some "
 "ID providers there are also default regular expressions. See DOMAIN SECTIONS "
 "for more info on these regular expressions."
 msgstr ""
-"Chaque domaine peut avoir une expression régulière individuelle configurée. "
-"Pour certains fournisseurs ID, il y a aussi des expressions régulières par "
-"défaut. Voir les SECTIONS DOMAINE pour plus d'informations sur ces "
-"expressions régulières."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2391
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2559
 msgid "full_name_format (string)"
 msgstr "full_name_format (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2394
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2562
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -566,33 +542,33 @@ msgstr ""
 "domaine."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2405
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2573
 msgid "%1$s"
 msgstr "%1$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2574
 msgid "user name"
 msgstr "nom d'utilisateur"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2577
 msgid "%2$s"
 msgstr "%2$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2412
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2580
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 "nom de domaine tel qu'indiqué dans le fichier de configuration de SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2418
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2586
 msgid "%3$s"
 msgstr "%3$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2421
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2589
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
@@ -602,7 +578,7 @@ msgstr ""
 "d'approbation IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2402
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2570
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -760,11 +736,11 @@ msgstr ""
 "use_fully_qualified_names à False."
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1132 sssd-ldap.5.xml:679
-#: sssd-ldap.5.xml:1528 sssd-ldap.5.xml:1540 sssd-ldap.5.xml:1622
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1156 sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:1555 sssd-ldap.5.xml:1567 sssd-ldap.5.xml:1649
 #: sssd-ad.5.xml:667 sssd-ad.5.xml:742 sssd-krb5.5.xml:410 sssd-krb5.5.xml:556
-#: sssd-secrets.5.xml:272 sssd-secrets.5.xml:310 sssd-secrets.5.xml:323
-#: sssd-secrets.5.xml:337 sssd-secrets.5.xml:348
+#: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
+#: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415
 #: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
 msgid "Default: not set"
 msgstr "Par défaut : non défini"
@@ -806,10 +782,8 @@ msgstr "Par défaut : non défini (les espaces ne seront pas remplacées)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:448
-#, fuzzy
-#| msgid "ldap_user_certificate (string)"
 msgid "certificate_verification (string)"
-msgstr "ldap_user_certificate (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:456
@@ -870,12 +844,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:497
-#, fuzzy
-#| msgid "These options can be used to configure the PAC responder."
 msgid "This option must be used together with ocsp_default_responder."
 msgstr ""
-"Les options suivantes peuvent être utilisées pour configurer le répondeur "
-"PAC."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:451
@@ -892,19 +862,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:507
-#, fuzzy
-#| msgid "Default: not set, i.e. service discovery is disabled"
 msgid "Default: not set, i.e. do not restrict certificate verification"
 msgstr ""
-"Par défaut : non défini, c'est-à-dire que le service de découverte est "
-"désactivé."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:513
-#, fuzzy
-#| msgid "ldap_disable_paging (boolean)"
 msgid "disable_netlink (boolean)"
-msgstr "ldap_disable_paging (boolean)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:516
@@ -922,17 +886,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:526
-#, fuzzy
-#| msgid "Default: False (disabled)"
 msgid "Default: false (netlink changes are detected)"
-msgstr "Par défaut : False (désactivé)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:531
-#, fuzzy
-#| msgid "ad_enable_dns_sites (boolean)"
 msgid "enable_files_domain (boolean)"
-msgstr "ad_enable_dns_sites (booléen)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:534
@@ -957,8 +917,24 @@ msgid ""
 "be looked up in a random order for each parent domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:563
+msgid ""
+"Please, note that when this option is set the output format of all commands "
+"is always fully-qualified even when using short names for input.  In case "
+"the administrator wants the output not fully-qualified, the full_name_format "
+"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
+"However, keep in mind that during login, login applications often "
+"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
+"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
+"shortname is returned for a qualified input (while trying to reach a user "
+"which exists in multiple domains) might re-route the login attempt into the "
+"domain which users shortnames, making this workaround totally not "
+"recommended in cases where usernames may overlap between domains."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563 sssd.conf.5.xml:1340 sssd.conf.5.xml:2757
+#: sssd.conf.5.xml:587 sssd.conf.5.xml:1364 sssd.conf.5.xml:2931
 #: sssd-ad.5.xml:148 sssd-ad.5.xml:286 sssd-ad.5.xml:300
 msgid "Default: Not set"
 msgstr "Par défaut : non défini"
@@ -981,12 +957,12 @@ msgstr ""
 "l'identité des domaines. <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:574
+#: sssd.conf.5.xml:598
 msgid "SERVICES SECTIONS"
 msgstr "SECTIONS DE SERVICES"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:600
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -999,22 +975,22 @@ msgstr ""
 "section doit être <quote>[nss]</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:607
 msgid "General service configuration options"
 msgstr "Options générales de configuration de service"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:609
 msgid "These options can be used to configure any service."
 msgstr "Ces options peuvent être utilisées pour configurer les services."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:626
 msgid "fd_limit"
 msgstr "fd_limit"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:605
+#: sssd.conf.5.xml:629
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -1029,22 +1005,17 @@ msgstr ""
 "valeur inférieure  ou la limite « hard » de limits.conf."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:614
+#: sssd.conf.5.xml:638
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr "Par défault : 8192 (ou la limite « hard » de limits.conf)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:643
 msgid "client_idle_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
-#, fuzzy
-#| msgid ""
-#| "This option specifies the number of seconds that a client of an SSSD "
-#| "process can hold onto a file descriptor without communicating on it. This "
-#| "value is limited in order to avoid resource exhaustion on the system."
+#: sssd.conf.5.xml:646
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -1052,24 +1023,20 @@ msgid ""
 "can't be shorter than 10 seconds. If a lower value is configured, it will be "
 "adjusted to 10 seconds."
 msgstr ""
-"Cette option spécifie la durée en secondes pendant laquelle un client d'un "
-"processus SSSD peut maintenir un descripteur de fichier ouvert sans "
-"communiquer avec. Cette valeur est limitée afin d'éviter l'épuisement des "
-"ressources sur le système."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:631 sssd.conf.5.xml:663 sssd.conf.5.xml:944
-#: sssd.conf.5.xml:1198 sssd-ldap.5.xml:1267
+#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
+#: sssd.conf.5.xml:1222 sssd-ldap.5.xml:1294
 msgid "Default: 60"
 msgstr "Par défaut : 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:660
 msgid "offline_timeout (integer)"
 msgstr "offline_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:663
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -1077,24 +1044,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:670
 msgid "offline_timeout + random_offset"
 msgstr "offline_timeout + random_offset"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:673
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:678
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr "new_interval = old_interval*2 + random_offset"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:681
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -1102,14 +1069,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:668
-#, fuzzy
-#| msgid "client_idle_timeout"
+#: sssd.conf.5.xml:692
 msgid "responder_idle_timeout"
-msgstr "client_idle_timeout"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:695
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1121,30 +1086,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685 sssd.conf.5.xml:956 sssd.conf.5.xml:1514
+#: sssd.conf.5.xml:709 sssd.conf.5.xml:980 sssd.conf.5.xml:1559
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr "Par défaut : 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:690
+#: sssd.conf.5.xml:714
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:717
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:729
 msgid "NSS configuration options"
 msgstr "Options de configuration NSS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:731
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
@@ -1152,12 +1117,12 @@ msgstr ""
 "Switch (NSS)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:712
+#: sssd.conf.5.xml:736
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715
+#: sssd.conf.5.xml:739
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
@@ -1166,17 +1131,17 @@ msgstr ""
 "énumérations (requêtes sur les informations de tous les utilisateurs)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:719
+#: sssd.conf.5.xml:743
 msgid "Default: 120"
 msgstr "Par défaut : 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:748
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr "entry_cache_nowait_percentage (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
+#: sssd.conf.5.xml:751
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1187,7 +1152,7 @@ msgstr ""
 "valeur de entry_cache_timeout pour le domaine."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:733
+#: sssd.conf.5.xml:757
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1203,7 +1168,7 @@ msgstr ""
 "cache."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:767
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1216,17 +1181,17 @@ msgstr ""
 "de non réponse à moins de 10 secondes (0 pour désactiver l'option)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:775 sssd.conf.5.xml:1421
 msgid "Default: 50"
 msgstr "Par défaut : 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:780
 msgid "entry_negative_timeout (integer)"
 msgstr "entry_negative_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:783
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1238,65 +1203,43 @@ msgstr ""
 "appel au moteur."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:765 sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:789 sssd.conf.5.xml:1445
 msgid "Default: 15"
 msgstr "Par défaut : 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:770
-#, fuzzy
-#| msgid "autofs_negative_timeout (integer)"
+#: sssd.conf.5.xml:794
 msgid "local_negative_timeout (integer)"
-msgstr "autofs_negative_timeout (entier)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:773
-#, fuzzy
-#| msgid ""
-#| "Specifies for how many seconds nss_sss should cache negative cache hits "
-#| "(that is, queries for invalid database entries, like nonexistent ones)  "
-#| "before asking the back end again."
+#: sssd.conf.5.xml:797
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again."
 msgstr ""
-"Spécifie le temps, en secondes, pendant lequel nss_sss doit mettre en cache "
-"les résultats négatifs du cache (c'est-à-dire les requêtes pour les bases de "
-"données invalides, comme celles qui n'existent pas) avant de faire à nouveau "
-"appel au moteur."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778 sssd.conf.5.xml:1186 sssd.conf.5.xml:2641 sssd.8.xml:79
+#: sssd.conf.5.xml:802 sssd.conf.5.xml:1210 sssd.conf.5.xml:2815 sssd.8.xml:79
 msgid "Default: 0"
 msgstr "Par défaut : 0"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:807
 msgid "filter_users, filter_groups (string)"
 msgstr "filter_users, filter_groups (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:786
-#, fuzzy
-#| msgid ""
-#| "Exclude certain users from being fetched from the sss NSS database. This "
-#| "is particularly useful for system accounts. This option can also be set "
-#| "per-domain or include fully-qualified names to filter only users from the "
-#| "particular domain."
+#: sssd.conf.5.xml:810
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
 "also be set per-domain or include fully-qualified names to filter only users "
 "from the particular domain."
 msgstr ""
-"Exclue certains utilisateurs de la recherche à partir de la base de données "
-"sss NSS. Ceci est particulièrement utile pour les comptes système. Cette "
-"option peut aussi être définie pour chaque domaine ou inclure des noms de "
-"domaines pleinement qualifiés pour filtrer seulement les utilisateurs d'un "
-"certain domaine."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:817
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1305,17 +1248,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:801
+#: sssd.conf.5.xml:825
 msgid "Default: root"
 msgstr "Par défaut : root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:830
 msgid "filter_users_in_groups (bool)"
 msgstr "filter_users_in_groups (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:833
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
@@ -1323,12 +1266,12 @@ msgstr ""
 "membres de groupes."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:820
+#: sssd.conf.5.xml:844
 msgid "fallback_homedir (string)"
 msgstr "fallback_homedir (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:847
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
@@ -1337,7 +1280,7 @@ msgstr ""
 "explicitement spécifié par le fournisseur de données du domaine."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:852
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
@@ -1345,7 +1288,7 @@ msgstr ""
 "override_homedir."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:834
+#: sssd.conf.5.xml:858
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1355,25 +1298,25 @@ msgstr ""
 "                            "
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1265 sssd.conf.5.xml:1284
+#: sssd.conf.5.xml:856 sssd.conf.5.xml:1289 sssd.conf.5.xml:1308
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "exemple : <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:862
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 "Par défaut : non défini (aucune substitution pour les répertoires d'accueil "
 "non définis)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:868
 msgid "override_shell (string)"
 msgstr "override_shell (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:871
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1385,17 +1328,17 @@ msgstr ""
 "section [nss], soit par domaine."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:877
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr "Par défaut : indéfini (SSSD utilisera la valeur récupérée de LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:883
 msgid "allowed_shells (string)"
 msgstr "allowed_shells (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:886
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
@@ -1403,14 +1346,14 @@ msgstr ""
 "indiquées. L'ordre d'évaluation est :"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:889
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 "1. Si l'interpréteur de commandes est présent dans <quote>/etc/shells</"
 "quote>, il est utilisé."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:869
+#: sssd.conf.5.xml:893
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
@@ -1420,7 +1363,7 @@ msgstr ""
 "shell_fallback » sera utilisée."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:898
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
@@ -1429,12 +1372,12 @@ msgstr ""
 "ni dans <quote>/etc/shells</quote>, une connexion sans shell est utilisée."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:879
+#: sssd.conf.5.xml:903
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:906
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1442,14 +1385,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:913
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 "Une chaîne vide pour l'interpréteur de commandes est passée telle quelle est "
 "à la libc."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:892
+#: sssd.conf.5.xml:916
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
@@ -1459,31 +1402,31 @@ msgstr ""
 "est installé."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:920
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 "Par défaut : non défini. L'interpréteur de commandes de l'utilisateur est "
 "utilisé automatiquement."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:925
 msgid "vetoed_shells (string)"
 msgstr "vetoed_shells (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:904
+#: sssd.conf.5.xml:928
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 "Remplace toutes les occurences de ces interpréteurs de commandes par "
 "l'interpréteur de commandes par défaut"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:909
+#: sssd.conf.5.xml:933
 msgid "shell_fallback (string)"
 msgstr "shell_fallback (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:936
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
@@ -1491,17 +1434,17 @@ msgstr ""
 "commandes autorisé n'est pas installé sur la machine."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:940
 msgid "Default: /bin/sh"
 msgstr "Par défaut : /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:945
 msgid "default_shell"
 msgstr "default_shell"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:948
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
@@ -1511,7 +1454,7 @@ msgstr ""
 "choix soit dans la section [nss], soit par domaine."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:954
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
@@ -1521,12 +1464,12 @@ msgstr ""
 "nécessaire, habituellement /bin/sh)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:937 sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:961 sssd.conf.5.xml:1215
 msgid "get_domains_timeout (int)"
 msgstr "get_domains_timeout (int)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1218
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
@@ -1535,37 +1478,31 @@ msgstr ""
 "jugée valide."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:973
 msgid "memcache_timeout (int)"
 msgstr "memcache_timeout (int)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:952
-#, fuzzy
-#| msgid ""
-#| "Specifies time in seconds for which records in the in-memory cache will "
-#| "be valid"
+#: sssd.conf.5.xml:976
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid."
 msgstr ""
-"Spécifie la durée en secondes, pour laquelle les enregistrements du cache en "
-"mémoire seront valides"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:983
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:967 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:991 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr "user_attributes (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:994
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1576,50 +1513,48 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1007
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1012
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr "Par défaut : non défini, repli sur l'option InfoPipe"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:993
-#, fuzzy
-#| msgid "skel_dir (string)"
+#: sssd.conf.5.xml:1017
 msgid "pwfield (string)"
-msgstr "skel_dir (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:996
+#: sssd.conf.5.xml:1020
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1025 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr "Cette option peut aussi être définie pour chaque domaine."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1004
+#: sssd.conf.5.xml:1028
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1012
+#: sssd.conf.5.xml:1036
 msgid "PAM configuration options"
 msgstr "Options de configuration de PAM"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1038
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
@@ -1628,12 +1563,12 @@ msgstr ""
 "Module (PAM)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1043
 msgid "offline_credentials_expiration (integer)"
 msgstr "offline_credentials_expiration (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1022
+#: sssd.conf.5.xml:1046
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
@@ -1643,17 +1578,17 @@ msgstr ""
 "connexion réussie)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027 sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1051 sssd.conf.5.xml:1064
 msgid "Default: 0 (No limit)"
 msgstr "Par défaut : 0 (pas de limite)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1057
 msgid "offline_failed_login_attempts (integer)"
 msgstr "offline_failed_login_attempts (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1060
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
@@ -1662,12 +1597,12 @@ msgstr ""
 "échouées sont autorisées."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1070
 msgid "offline_failed_login_delay (integer)"
 msgstr "offline_failed_login_delay (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1073
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
@@ -1677,7 +1612,7 @@ msgstr ""
 "soit possible."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1078
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1688,17 +1623,17 @@ msgstr ""
 "connexion réussie en ligne peut réactiver l'authentification."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1084 sssd.conf.5.xml:1182
 msgid "Default: 5"
 msgstr "Par défaut : 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1090
 msgid "pam_verbosity (integer)"
 msgstr "pam_verbosity (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1093
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
@@ -1708,115 +1643,107 @@ msgstr ""
 "affichés sera important."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1098
 msgid "Currently sssd supports the following values:"
 msgstr "Actuellement sssd supporte les valeurs suivantes :"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1101
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr "<emphasis>0</emphasis> : ne pas afficher de message"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1104
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr "<emphasis>1</emphasis> : afficher seulement les messages importants"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1108
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr "<emphasis>2</emphasis> : afficher les messages d'information"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1111
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 "<emphasis>3</emphasis> : afficher tous les messages et informations de "
 "débogage"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.8.xml:63
+#: sssd.conf.5.xml:1115 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Par défaut : 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
-#, fuzzy
-#| msgid "pam_verbosity (integer)"
+#: sssd.conf.5.xml:1121
 msgid "pam_response_filter (integer)"
-msgstr "pam_verbosity (entier)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1124
 msgid ""
-"A comma separated list of strings which allows to remove (filter) data send "
+"A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
-"responses send to pam_sss e.g. messages displayed to the user or environment "
+"responses sent to pam_sss e.g. messages displayed to the user or environment "
 "variables which should be set by pam_sss."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1132
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1139
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1116
-msgid "Do not sent any environment variables to any service."
+#: sssd.conf.5.xml:1140
+msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1143
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
-msgid "Do not sent environment variable var_name to any service."
+#: sssd.conf.5.xml:1144
+msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1148
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1125
-msgid "Do not sent environment variable var_name to service."
+#: sssd.conf.5.xml:1149
+msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
-#, fuzzy
-#| msgid ""
-#| "The following expansions are supported: <placeholder type=\"variablelist"
-#| "\" id=\"0\"/>"
+#: sssd.conf.5.xml:1137
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
-"Les expansions suivantes sont prises en charge : <placeholder type="
-"\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1159
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1165
 msgid "pam_id_timeout (integer)"
 msgstr "pam_id_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1168
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1828,7 +1755,7 @@ msgstr ""
 "les dernières informations."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1174
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1842,17 +1769,17 @@ msgstr ""
 "fournisseur d'identité."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1188
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr "pam_pwd_expiration_warning (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1167 sssd.conf.5.xml:1866
+#: sssd.conf.5.xml:1191 sssd.conf.5.xml:2010
 msgid "Display a warning N days before the password expires."
 msgstr "Afficher une alerte N jours avant l'expiration du mot de passe."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1194
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1863,7 +1790,7 @@ msgstr ""
 "ne peut afficher de message d'alerte."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1869
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2013
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
@@ -1873,7 +1800,7 @@ msgstr ""
 "sera automatiquement affiché."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1205
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
@@ -1882,17 +1809,12 @@ msgstr ""
 "<emphasis>pwd_expiration_warning</emphasis> pour un domaine particulier."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1227
 msgid "pam_trusted_users (string)"
 msgstr "pam_trusted_users (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1206
-#, fuzzy
-#| msgid ""
-#| "Specifies the comma-separated list of UID values or user names that are "
-#| "allowed to access the PAC responder. User names are resolved to UIDs at "
-#| "startup."
+#: sssd.conf.5.xml:1230
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1900,45 +1822,39 @@ msgid ""
 "<quote>pam_public_domains</quote>.  User names are resolved to UIDs at "
 "startup."
 msgstr ""
-"Spécifie la liste séparée par des virgules des UID ou noms d'utilisateurs "
-"qui sont autorisés à accéder au répondeur PAC. Les noms d'utilisateurs "
-"seront résolus en UID au démarrage."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
-#, fuzzy
-#| msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1240
 msgid "Default: All users are considered trusted by default"
 msgstr ""
-"Par défaut : all (tous les utilisateurs peuvent accéder au répondeur PAM)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1220
+#: sssd.conf.5.xml:1244
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1251
 msgid "pam_public_domains (string)"
 msgstr "pam_public_domains (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1254
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1258
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 "Deux valeurs spéciales pour l'option pam_public_domains sont définies :"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1238
+#: sssd.conf.5.xml:1262
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
@@ -1946,7 +1862,7 @@ msgstr ""
 "à tous les domaines PAM dans le répondeur.)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1242
+#: sssd.conf.5.xml:1266
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
@@ -1955,79 +1871,65 @@ msgstr ""
 "autorisés à accéder à un des domaines PAM dans le répondeur.)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1246 sssd.conf.5.xml:1271 sssd.conf.5.xml:1290
-#: sssd.conf.5.xml:1663 sssd.conf.5.xml:2577 sssd-ldap.5.xml:1823
+#: sssd.conf.5.xml:1270 sssd.conf.5.xml:1295 sssd.conf.5.xml:1314
+#: sssd.conf.5.xml:1807 sssd.conf.5.xml:2751 sssd-ldap.5.xml:1850
 msgid "Default: none"
 msgstr "Par défaut : aucun"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1275
 msgid "pam_account_expired_message (string)"
 msgstr "pam_account_expired_message (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1254
+#: sssd.conf.5.xml:1278
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1283
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1267
-#, fuzzy, no-wrap
-#| msgid ""
-#| "pam_account_expired_message = Account expired, please call help desk.\n"
-#| "                            "
+#: sssd.conf.5.xml:1291
+#, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
 "                            "
 msgstr ""
-"pam_account_expired_message = Account a expiré, merci de contacter votre assistance.\n"
-"                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1276
-#, fuzzy
-#| msgid "pam_account_expired_message (string)"
+#: sssd.conf.5.xml:1300
 msgid "pam_account_locked_message (string)"
-msgstr "pam_account_expired_message (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1303
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1286
-#, fuzzy, no-wrap
-#| msgid ""
-#| "pam_account_expired_message = Account expired, please call help desk.\n"
-#| "                            "
+#: sssd.conf.5.xml:1310
+#, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
 "                            "
 msgstr ""
-"pam_account_expired_message = Account a expiré, merci de contacter votre assistance.\n"
-"                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
-#, fuzzy
-#| msgid "enumerate (bool)"
+#: sssd.conf.5.xml:1319
 msgid "pam_cert_auth (bool)"
-msgstr "enumerate (booléen)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1322
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -2035,64 +1937,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1304 sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1078
-#: sssd-ldap.5.xml:1369 sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1896
+#: sssd.conf.5.xml:1328 sssd-ldap.5.xml:1078 sssd-ldap.5.xml:1105
+#: sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1417 sssd-ldap.5.xml:1923
 #: include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr "Par défaut : False"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1309
-#, fuzzy
-#| msgid "krb5_confd_path (string)"
+#: sssd.conf.5.xml:1333
 msgid "pam_cert_db_path (string)"
-msgstr "krb5_confd_path (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1312
+#: sssd.conf.5.xml:1336
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1340
 msgid "Default: /etc/pki/nssdb (NSS version)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
-#, fuzzy
-#| msgid "pam_id_timeout (integer)"
+#: sssd.conf.5.xml:1345
 msgid "p11_child_timeout (integer)"
-msgstr "pam_id_timeout (entier)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1348
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
-#, fuzzy
-#| msgid "ad_gpo_map_service (string)"
+#: sssd.conf.5.xml:1357
 msgid "pam_app_services (string)"
-msgstr "ad_gpo_map_service (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1360
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1349
+#: sssd.conf.5.xml:1373
 msgid "SUDO configuration options"
 msgstr "Options de configuration de SUDO"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1351
+#: sssd.conf.5.xml:1375
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -2109,12 +2005,12 @@ msgstr ""
 "sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1392
 msgid "sudo_timed (bool)"
 msgstr "sudo_timed (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1371
+#: sssd.conf.5.xml:1395
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
@@ -2122,23 +2018,40 @@ msgstr ""
 "Évaluation ou non des attributs sudoNotBefore et sudoNotAfter qui utilisent  "
 "les entrées sudoers sensibles au temps."
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1407
+#, fuzzy
+#| msgid "ldap_deref_threshold (integer)"
+msgid "sudo_threshold (integer)"
+msgstr "ldap_deref_threshold (entier)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1410
+msgid ""
+"Maximum number of expired rules that can be refreshed at once. If number of "
+"expired rules is below threshold, those rules are refreshed with "
+"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
+"<quote>full refresh</quote> of sudo rules is triggered instead. This "
+"threshold number also applies to IPA sudo command and command group searches."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1429
 msgid "AUTOFS configuration options"
 msgstr "Options de configuration AUTOFS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1431
 msgid "These options can be used to configure the autofs service."
 msgstr "Ces options peuvent être utilisées pour configurer le service autofs."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1390
+#: sssd.conf.5.xml:1435
 msgid "autofs_negative_timeout (integer)"
 msgstr "autofs_negative_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1393
+#: sssd.conf.5.xml:1438
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -2150,23 +2063,23 @@ msgstr ""
 "moteur."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1409
+#: sssd.conf.5.xml:1454
 msgid "SSH configuration options"
 msgstr "Options de configuration SSH"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1411
+#: sssd.conf.5.xml:1456
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 "Les options suivantes peuvent être utilisées pour configurer le service SSH."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1415
+#: sssd.conf.5.xml:1460
 msgid "ssh_hash_known_hosts (bool)"
 msgstr "ssh_hash_known_hosts (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1463
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
@@ -2174,12 +2087,12 @@ msgstr ""
 "Condenser ou non les noms de systèmes et adresses du fichier known_hosts"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1427
+#: sssd.conf.5.xml:1472
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr "ssh_known_hosts_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430
+#: sssd.conf.5.xml:1475
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
@@ -2188,47 +2101,34 @@ msgstr ""
 "known_hosts géré après que ses clés de système ont été demandés."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1434
+#: sssd.conf.5.xml:1479
 msgid "Default: 180"
 msgstr "Par défaut : 180"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1439
-#, fuzzy
-#| msgid "mail_dir (string)"
+#: sssd.conf.5.xml:1484
 msgid "ca_db (string)"
-msgstr "mail_dir (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1487
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1447
-#, fuzzy
-#| msgid "Default: /etc/krb5.keytab"
+#: sssd.conf.5.xml:1492
 msgid "Default: /etc/pki/nssdb"
-msgstr "Par défaut : /etc/krb5.keytab"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1455
+#: sssd.conf.5.xml:1500
 msgid "PAC responder configuration options"
 msgstr "Options de configuration du répondeur PAC"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1457
-#, fuzzy
-#| msgid ""
-#| "The PAC responder works together with the authorization data plugin for "
-#| "MIT Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin "
-#| "sends the PAC data during a GSSAPI authentication to the PAC responder. "
-#| "The sub-domain provider collects domain SID and ID ranges of the domain "
-#| "the client is joined to and of remote trusted domains from the local "
-#| "domain controller.  If the PAC is decoded and evaluated some of the "
-#| "following operations are done:"
+#: sssd.conf.5.xml:1502
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2237,24 +2137,9 @@ msgid ""
 "joined to and of remote trusted domains from the local domain controller. If "
 "the PAC is decoded and evaluated some of the following operations are done:"
 msgstr ""
-"Le répondeur PAC fonctionne avec le greffon de données d'autorisation pour "
-"sssd_pac_plugin.so MIT Kerberos et un fournisseur de sous-domaine. Le "
-"greffon envoie les données PAC au cours d'une authentification GSSAPI au "
-"répondeur PAC. Le fournisseur de sous-domaine recueille le SID du domaine et "
-"les plages d'ID du domaine auquel le client est lié au et des domaines "
-"approuvés distants du contrôleur de domaine local.  Si les données PAC sont "
-"décodées et évaluées, les opérations suivantes sont effectuées :"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1466
-#, fuzzy
-#| msgid ""
-#| "If the remote user does not exist in the cache, it is created. The uid is "
-#| "determined with the help of the SID, trusted domains will have UPGs and "
-#| "the gid will have the same value as the uid. The home directory is set "
-#| "based on the subdomain_homedir parameter. The shell will be empty by "
-#| "default, i.e. the system defaults are used, but can be overwritten with "
-#| "the default_shell parameter."
+#: sssd.conf.5.xml:1511
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2263,16 +2148,9 @@ msgid ""
 "the system defaults are used, but can be overwritten with the default_shell "
 "parameter."
 msgstr ""
-"Si l'utilisateur distant n'existe pas dans le cache, il est créé. L'uid est "
-"calculé en fonction du SID, les domaines de confiance auront des groupes "
-"d'utilisateurs privés, et le gid aura la même valeur que l'uid. Le "
-"répertoire utilisateur est défini en fonction du paramètre "
-"subdomain_homedir. Le shell sera vide par défaut, permettant l'utilisation "
-"de la valeur par défaut du système, mais peut être remplacé par le paramètre "
-"default_shell."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1519
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
@@ -2281,19 +2159,19 @@ msgstr ""
 "ajouté à ces groupes."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1525
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 "Les options suivantes peuvent être utilisées pour configurer le répondeur "
 "PAC."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1484 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1529 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr "allowed_uids (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1487
+#: sssd.conf.5.xml:1532
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -2304,14 +2182,14 @@ msgstr ""
 "seront résolus en UID au démarrage."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1538
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 "Par défaut : 0 (seul l'utilisateur root est autorisé à accéder au répondeur "
 "PAC)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1497
+#: sssd.conf.5.xml:1542
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -2324,33 +2202,186 @@ msgstr ""
 "0 à la liste des UID d'utilisateurs autorisés."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
-#, fuzzy
-#| msgid "pam_id_timeout (integer)"
+#: sssd.conf.5.xml:1551
 msgid "pac_lifetime (integer)"
-msgstr "pam_id_timeout (entier)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1554
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1567
+#, fuzzy
+#| msgid "PAC responder configuration options"
+msgid "Session recording configuration options"
+msgstr "Options de configuration du répondeur PAC"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1569
+#, fuzzy
+#| msgid ""
+#| "This manual page describes the configuration of the AD provider for "
+#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
+#| "manvolnum> </citerefentry>.  For a detailed syntax reference, refer to "
+#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
+#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> manual page."
+msgid ""
+"Session recording works in conjunction with <citerefentry> "
+"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>, a part of tlog package, to log what users see and type when "
+"they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
+"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+"Cette page de manuel décrit la configuration du fournisseur AD pour "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. Pour une référence détaillée sur la syntaxe, cf. la section "
+"<quote>FORMAT DE FICHIER</quote> de la page de manuel <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1582
+#, fuzzy
+#| msgid "These options can be used to configure any service."
+msgid "These options can be used to configure session recording."
+msgstr "Ces options peuvent être utilisées pour configurer les services."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1586 sssd-session-recording.5.xml:64
+#, fuzzy
+#| msgid "user (string)"
+msgid "scope (string)"
+msgstr "user (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:71
+#, fuzzy
+#| msgid "none"
+msgid "\"none\""
+msgstr "none"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:74
+msgid "No users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1601 sssd-session-recording.5.xml:79
+msgid "\"some\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1604 sssd-session-recording.5.xml:82
+#, fuzzy
+#| msgid ""
+#| "Append this user to groups specified by the <replaceable>GROUPS</"
+#| "replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter "
+#| "is a comma separated list of group names."
+msgid ""
+"Users/groups specified by <replaceable>users</replaceable> and "
+"<replaceable>groups</replaceable> options are recorded."
+msgstr ""
+"Ajouter cet utilisateur aux groupes spécifiés par le paramètre "
+"<replaceable>GROUPS</replaceable>.  Le paramètre <replaceable>GROUPS</"
+"replaceable> est une liste séparée par des virgules de noms de groupes."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1613 sssd-session-recording.5.xml:91
+msgid "\"all\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1616 sssd-session-recording.5.xml:94
+msgid "All users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1589 sssd-session-recording.5.xml:67
+#, fuzzy
+#| msgid ""
+#| "The following expansions are supported: <placeholder type=\"variablelist"
+#| "\" id=\"0\"/>"
+msgid ""
+"One of the following strings specifying the scope of session recording: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+"Les expansions suivantes sont prises en charge : <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:101
+#, fuzzy
+#| msgid "Default: none"
+msgid "Default: \"none\""
+msgstr "Par défaut : aucun"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1628 sssd-session-recording.5.xml:106
+#, fuzzy
+#| msgid "user (string)"
+msgid "users (string)"
+msgstr "user (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1631 sssd-session-recording.5.xml:109
+msgid ""
+"A comma-separated list of users which should have session recording enabled. "
+"Matches user names as returned by NSS. I.e. after the possible space "
+"replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1637 sssd-session-recording.5.xml:115
+#, fuzzy
+#| msgid "Default: empty, i.e. ldap_uri is used."
+msgid "Default: Empty. Matches no users."
+msgstr "Par défaut : vide, ldap_uri est donc utilisé."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1642 sssd-session-recording.5.xml:120
+#, fuzzy
+#| msgid "user (string)"
+msgid "groups (string)"
+msgstr "user (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1645 sssd-session-recording.5.xml:123
+msgid ""
+"A comma-separated list of groups, members of which should have session "
+"recording enabled. Matches group names as returned by NSS. I.e. after the "
+"possible space replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1651 sssd-session-recording.5.xml:129
+msgid ""
+"NOTE: using this option (having it set to anything) has a considerable "
+"performance cost, because each uncached request for a user requires "
+"retrieving and matching the groups the user is member of."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:136
+msgid "Default: Empty. Matches no groups."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1668
 msgid "DOMAIN SECTIONS"
 msgstr "SECTIONS DOMAINES"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1531
-#, fuzzy
-#| msgid "ad_domain (string)"
+#: sssd.conf.5.xml:1675
 msgid "domain_type (string)"
-msgstr "ad_domain (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1534
+#: sssd.conf.5.xml:1678
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -2359,57 +2390,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1542
+#: sssd.conf.5.xml:1686
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546
-#, fuzzy
-#| msgid ""
-#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page for more details."
+#: sssd.conf.5.xml:1690
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
 "<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>) and the PAM responder."
 msgstr ""
-"Se reporter au paramètre <quote>dns_discovery_domain</quote> dans la page de "
-"manuel <citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> pour plus de détails."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1698
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1702
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1562
-#, fuzzy
-#| msgid "Default: posixGroup"
+#: sssd.conf.5.xml:1706
 msgid "Default: posix"
-msgstr "Par défaut : posixGroup"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1568
+#: sssd.conf.5.xml:1712
 msgid "min_id,max_id (integer)"
 msgstr "min_id,max_id (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1715
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
@@ -2418,7 +2439,7 @@ msgstr ""
 "dehors de ces limites, elle est ignorée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1720
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2431,7 +2452,7 @@ msgstr ""
 "qui sont dans la plage seront rapportés comme prévu."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1727
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
@@ -2440,17 +2461,17 @@ msgstr ""
 "pas seulement leur recherche par nom ou identifiant."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1731
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr "Default: 1 for min_id, 0 (no limit) for max_id"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1737
 msgid "enumerate (bool)"
 msgstr "enumerate (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596
+#: sssd.conf.5.xml:1740
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
@@ -2459,22 +2480,22 @@ msgstr ""
 "valeurs suivantes :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1744
 msgid "TRUE = Users and groups are enumerated"
 msgstr "TRUE = utilisateurs et groupes sont énumérés"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603
+#: sssd.conf.5.xml:1747
 msgid "FALSE = No enumerations for this domain"
 msgstr "FALSE = aucune énumération pour ce domaine"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1821 sssd.conf.5.xml:1988
+#: sssd.conf.5.xml:1750 sssd.conf.5.xml:1965 sssd.conf.5.xml:2132
 msgid "Default: FALSE"
 msgstr "Par défaut : FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1609
+#: sssd.conf.5.xml:1753
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2495,7 +2516,7 @@ msgstr ""
 "être recalculées."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1766
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
@@ -2505,7 +2526,7 @@ msgstr ""
 "l'énumération ne se termine."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1771
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2519,7 +2540,7 @@ msgstr ""
 "fournisseur d'identité spécifique utilisé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:1779
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
@@ -2528,32 +2549,32 @@ msgstr ""
 "déconseillée, surtout dans les environnements de grande taille."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1643
+#: sssd.conf.5.xml:1787
 msgid "subdomain_enumerate (string)"
 msgstr "subdomain_enumerate (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1650
+#: sssd.conf.5.xml:1794
 msgid "all"
 msgstr "all"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1651
+#: sssd.conf.5.xml:1795
 msgid "All discovered trusted domains will be enumerated"
 msgstr "Tous les domaines approuvés découverts seront énumérés"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1798
 msgid "none"
 msgstr "none"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1799
 msgid "No discovered trusted domains will be enumerated"
 msgstr "Aucun domaine approuvé découvert ne sera énuméré"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1790
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2567,12 +2588,12 @@ msgstr ""
 "activer l'énumération pour ces seuls domaines."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1813
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672
+#: sssd.conf.5.xml:1816
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
@@ -2581,7 +2602,7 @@ msgstr ""
 "comme valides avant de les redemander au moteur"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1820
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2599,17 +2620,17 @@ msgstr ""
 "rafraîchissement des entrées qui sont déjà en cache."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1689
+#: sssd.conf.5.xml:1833
 msgid "Default: 5400"
 msgstr "Par défaut : 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1695
+#: sssd.conf.5.xml:1839
 msgid "entry_cache_user_timeout (integer)"
 msgstr "entry_cache_user_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1698
+#: sssd.conf.5.xml:1842
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
@@ -2618,19 +2639,19 @@ msgstr ""
 "d'utilisateurs comme valides avant de les redemander au moteur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1702 sssd.conf.5.xml:1715 sssd.conf.5.xml:1728
-#: sssd.conf.5.xml:1741 sssd.conf.5.xml:1754 sssd.conf.5.xml:1768
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1846 sssd.conf.5.xml:1859 sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1885 sssd.conf.5.xml:1898 sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1926
 msgid "Default: entry_cache_timeout"
 msgstr "Par défaut : entry_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1708
+#: sssd.conf.5.xml:1852
 msgid "entry_cache_group_timeout (integer)"
 msgstr "entry_cache_group_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1711
+#: sssd.conf.5.xml:1855
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
@@ -2639,12 +2660,12 @@ msgstr ""
 "groupes comme valides avant de les redemander au moteur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1721
+#: sssd.conf.5.xml:1865
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr "entry_cache_netgroup_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1868
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
@@ -2653,12 +2674,12 @@ msgstr ""
 "netgroup comme valides avant de les redemander au moteur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1878
 msgid "entry_cache_service_timeout (integer)"
 msgstr "entry_cache_service_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1881
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
@@ -2667,12 +2688,12 @@ msgstr ""
 "service valides avant de les redemander au moteur"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1891
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr "entry_cache_sudo_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1750
+#: sssd.conf.5.xml:1894
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
@@ -2681,12 +2702,12 @@ msgstr ""
 "valides avant de les redemander au moteur"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1760
+#: sssd.conf.5.xml:1904
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr "entry_cache_autofs_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1763
+#: sssd.conf.5.xml:1907
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
@@ -2695,12 +2716,12 @@ msgstr ""
 "cartes d'automontage comme valides avant de les redemander au moteur"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1774
+#: sssd.conf.5.xml:1918
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr "entry_cache_ssh_host_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1921
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
@@ -2709,12 +2730,12 @@ msgstr ""
 "rafraichissement. I.e. combien de temps mettre la clé en cache."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1932
 msgid "refresh_expired_interval (integer)"
 msgstr "refresh_expired_interval (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1791
+#: sssd.conf.5.xml:1935
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
@@ -2724,48 +2745,48 @@ msgstr ""
 "enregistrements expirés ou sur le point de l'être."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1796
+#: sssd.conf.5.xml:1940
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1944
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 "Il est envisageable de configurer cette valeur à 3/4 * entry_cache_timeout."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1804 sssd-ldap.5.xml:746 sssd-ipa.5.xml:247
+#: sssd.conf.5.xml:1948 sssd-ldap.5.xml:746 sssd-ipa.5.xml:248
 msgid "Default: 0 (disabled)"
 msgstr "Par défaut : 0 (désactivé)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1810
+#: sssd.conf.5.xml:1954
 msgid "cache_credentials (bool)"
 msgstr "cache_credentials (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1957
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 "Détermine si les données d'identification de l'utilisateur sont aussi mis en "
 "cache dans le cache LDB local"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1961
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 "Les informations d'identification utilisateur sont stockées dans une table "
 "de hachage SHA512, et non en texte brut"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1827
+#: sssd.conf.5.xml:1971
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1830
+#: sssd.conf.5.xml:1974
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2773,24 +2794,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1981
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1986
 msgid "Default: 8"
 msgstr "Par défaut : 8"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1992
 msgid "account_cache_expiration (integer)"
 msgstr "account_cache_expiration (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1995
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2803,17 +2824,17 @@ msgstr ""
 "paramètre doit être supérieur ou égal à offline_credentials_expiration."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1858
+#: sssd.conf.5.xml:2002
 msgid "Default: 0 (unlimited)"
 msgstr "Par défaut : 0 (illimité)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:2007
 msgid "pwd_expiration_warning (integer)"
 msgstr "pwd_expiration_warning (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1874
+#: sssd.conf.5.xml:2018
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2826,17 +2847,17 @@ msgstr ""
 "fournisseur oauth doit être configuré pour le moteur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1881
+#: sssd.conf.5.xml:2025
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr "Par défaut : 7 (Kerberos), 0 (LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:2031
 msgid "id_provider (string)"
 msgstr "id_provider (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2034
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
@@ -2844,18 +2865,18 @@ msgstr ""
 "d'identification pris en charge sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1894
+#: sssd.conf.5.xml:2038
 msgid "<quote>proxy</quote>: Support a legacy NSS provider"
 msgstr "<quote>proxy</quote> : prise en charge de l'ancien fournisseur NSS"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897 sssd.conf.5.xml:2034
+#: sssd.conf.5.xml:2041 sssd.conf.5.xml:2178
 msgid "<quote>local</quote>: SSSD internal provider for local users"
 msgstr ""
 "<quote>local</quote> : Fournisseur interne SSSD pour les utilisateurs locaux"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:2045
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2867,8 +2888,8 @@ msgstr ""
 "LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1909 sssd.conf.5.xml:2014 sssd.conf.5.xml:2069
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2053 sssd.conf.5.xml:2158 sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2881,8 +2902,8 @@ msgstr ""
 "configuration de FreeIPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1918 sssd.conf.5.xml:2023 sssd.conf.5.xml:2078
-#: sssd.conf.5.xml:2141
+#: sssd.conf.5.xml:2062 sssd.conf.5.xml:2167 sssd.conf.5.xml:2222
+#: sssd.conf.5.xml:2285
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2894,12 +2915,12 @@ msgstr ""
 "d'Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2073
 msgid "use_fully_qualified_names (bool)"
 msgstr "use_fully_qualified_names (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:2076
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
@@ -2909,7 +2930,7 @@ msgstr ""
 "communiqué à NSS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2081
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2923,7 +2944,7 @@ msgstr ""
 "trouve."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1945
+#: sssd.conf.5.xml:2089
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2935,22 +2956,22 @@ msgstr ""
 "qualifié sera demandé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1952
+#: sssd.conf.5.xml:2096
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr "Par défaut : false (true si default_domain_suffix est utilisée)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2102
 msgid "ignore_group_members (bool)"
 msgstr "ignore_group_members (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1961
+#: sssd.conf.5.xml:2105
 msgid "Do not return group members for group lookups."
 msgstr "Ne pas envoyer les membres des groupes sur les recherches de groupes."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2108
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2962,7 +2983,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1982
+#: sssd.conf.5.xml:2126
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2970,12 +2991,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1993
+#: sssd.conf.5.xml:2137
 msgid "auth_provider (string)"
 msgstr "auth_provider (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1996
+#: sssd.conf.5.xml:2140
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
@@ -2984,7 +3005,7 @@ msgstr ""
 "pris en charge sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000 sssd.conf.5.xml:2062
+#: sssd.conf.5.xml:2144 sssd.conf.5.xml:2206
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2996,7 +3017,7 @@ msgstr ""
 "LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2007
+#: sssd.conf.5.xml:2151
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3007,7 +3028,7 @@ msgstr ""
 "citerefentry> pour plus d'informations sur la configuration de Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2175
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
@@ -3015,12 +3036,12 @@ msgstr ""
 "PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2182
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr "<quote>none</quote> désactive l'authentification explicitement."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2041
+#: sssd.conf.5.xml:2185
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
@@ -3029,12 +3050,12 @@ msgstr ""
 "gérer les requêtes d'authentification."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2191
 msgid "access_provider (string)"
 msgstr "access_provider (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2194
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -3045,7 +3066,7 @@ msgstr ""
 "installés). Les fournisseurs internes spécifiques sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
+#: sssd.conf.5.xml:2200
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
@@ -3054,12 +3075,12 @@ msgstr ""
 "d'accès autorisé pour un domaine local."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059
+#: sssd.conf.5.xml:2203
 msgid "<quote>deny</quote> always deny access."
 msgstr "<quote>deny</quote> toujours refuser les accès."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2086
+#: sssd.conf.5.xml:2230
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -3072,44 +3093,30 @@ msgstr ""
 "d'informations sur la configuration du module d'accès simple."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2093
-#, fuzzy
-#| msgid ""
-#| "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> for more information on configuring Kerberos."
+#: sssd.conf.5.xml:2237
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
 "citerefentry> for more information on configuring Kerberos."
 msgstr ""
-"<quote>krb5</quote> pour une authentification Kerberos. Cf. <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> pour plus d'informations sur la configuration de Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2100
-#, fuzzy
-#| msgid ""
-#| "<quote>proxy</quote> for relaying password changes to some other PAM "
-#| "target."
+#: sssd.conf.5.xml:2244
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
-"<quote>proxy</quote> pour relayer le changement de mot de passe vers une "
-"autre cible PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2247
 msgid "Default: <quote>permit</quote>"
 msgstr "Par défaut : <quote>permit</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2108
+#: sssd.conf.5.xml:2252
 msgid "chpass_provider (string)"
 msgstr "chpass_provider (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2111
+#: sssd.conf.5.xml:2255
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
@@ -3118,24 +3125,15 @@ msgstr ""
 "domaine. Les fournisseurs pris en charge sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2116
-#, fuzzy
-#| msgid ""
-#| "<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-#| "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> for more information on configuring LDAP."
+#: sssd.conf.5.xml:2260
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry> for more information on configuring LDAP."
 msgstr ""
-"<quote>ldap</quote> pour modifier un mot de passe stocké sur un serveur "
-"LDAP. Cf. <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> pour plus d'informations sur la "
-"configuration LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2124
+#: sssd.conf.5.xml:2268
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3147,7 +3145,7 @@ msgstr ""
 "Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2149
+#: sssd.conf.5.xml:2293
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
@@ -3155,14 +3153,14 @@ msgstr ""
 "autre cible PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2153
+#: sssd.conf.5.xml:2297
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 "<quote>none</quote> pour désactiver explicitement le changement de mot de "
 "passe."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2300
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
@@ -3171,19 +3169,19 @@ msgstr ""
 "peut gérer les changements de mot de passe."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2163
+#: sssd.conf.5.xml:2307
 msgid "sudo_provider (string)"
 msgstr "sudo_provider (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2166
+#: sssd.conf.5.xml:2310
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 "Le fournisseur SUDO, utilisé pour le domaine.  Les fournisseurs SUDO pris en "
 "charge sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2314
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3195,7 +3193,7 @@ msgstr ""
 "LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2178
+#: sssd.conf.5.xml:2322
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
@@ -3204,7 +3202,7 @@ msgstr ""
 "par défaut pour IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2326
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
@@ -3213,20 +3211,20 @@ msgstr ""
 "par défaut pour AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2186
+#: sssd.conf.5.xml:2330
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr "<quote>none</quote> désactive explicitement SUDO."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189 sssd.conf.5.xml:2267 sssd.conf.5.xml:2308
-#: sssd.conf.5.xml:2333
+#: sssd.conf.5.xml:2333 sssd.conf.5.xml:2411 sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2501
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 "Par défaut : La valeur de <quote>id_provider</quote> est utilisée si elle "
 "est définie."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2337
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -3237,12 +3235,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2210
+#: sssd.conf.5.xml:2354
 msgid "selinux_provider (string)"
 msgstr "selinux_provider (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2357
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -3253,7 +3251,7 @@ msgstr ""
 "fournisseur d'accès.  Les fournisseurs selinux pris en charge sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2219
+#: sssd.conf.5.xml:2363
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3265,14 +3263,14 @@ msgstr ""
 "IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2227
+#: sssd.conf.5.xml:2371
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 "<quote>none</quote> n'autorise pas la récupération explicite des paramètres "
 "selinux."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2230
+#: sssd.conf.5.xml:2374
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
@@ -3281,12 +3279,12 @@ msgstr ""
 "gérer le chargement selinux"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2380
 msgid "subdomains_provider (string)"
 msgstr "subdomains_provider (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2383
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
@@ -3296,7 +3294,7 @@ msgstr ""
 "fournisseurs de sous-domaine pris en charge sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2245
+#: sssd.conf.5.xml:2389
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3308,7 +3306,7 @@ msgstr ""
 "IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2254
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -3317,18 +3315,57 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2263
+#: sssd.conf.5.xml:2407
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 "<quote>none</quote> désactive la récupération explicite des sous-domaines."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2417
+#, fuzzy
+#| msgid "selinux_provider (string)"
+msgid "session_provider (string)"
+msgstr "selinux_provider (string)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2420
+msgid ""
+"The provider which configures and manages user session related tasks. The "
+"only user session task currently provided is the integration with Fleet "
+"Commander, which works only with IPA.  Supported session providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2427
+msgid "<quote>ipa</quote> to allow performing user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2431
+msgid ""
+"<quote>none</quote> does not perform any kind of user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2435
+#, fuzzy
+#| msgid ""
+#| "Default: <quote>id_provider</quote> is used if it is set and can handle "
+#| "selinux loading requests."
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can perform "
+"session related tasks."
+msgstr ""
+"Par défaut : <quote>id_provider</quote> est utilisé s'il est défini et peut "
+"gérer le chargement selinux"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2442
 msgid "autofs_provider (string)"
 msgstr "autofs_provider (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2445
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
@@ -3336,7 +3373,7 @@ msgstr ""
 "en charge sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2449
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3348,7 +3385,7 @@ msgstr ""
 "LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2288
+#: sssd.conf.5.xml:2456
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3360,34 +3397,25 @@ msgstr ""
 "IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2296
-#, fuzzy
-#| msgid ""
-#| "<quote>ipa</quote> to load maps stored in an IPA server. See "
-#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> for more information on configuring IPA."
+#: sssd.conf.5.xml:2464
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry> for more information on configuring the AD provider."
 msgstr ""
-"<quote>ipa</quote> pour charger les cartes stockées sur un serveur  IPA. Cf. "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> pour plus d'information sur la configuration de "
-"IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2305
+#: sssd.conf.5.xml:2473
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr "<quote>none</quote> désactive explicitement autofs."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2483
 msgid "hostid_provider (string)"
 msgstr "hostid_provider (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2486
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
@@ -3396,7 +3424,7 @@ msgstr ""
 "systèmes.  Les fournisseurs de hostid pris en charge sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2322
+#: sssd.conf.5.xml:2490
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3408,12 +3436,12 @@ msgstr ""
 "configuration de IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2330
+#: sssd.conf.5.xml:2498
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr "<quote>none</quote> désactive explicitement hostid."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2343
+#: sssd.conf.5.xml:2511
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -3429,7 +3457,7 @@ msgstr ""
 "domaine."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2520
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -3442,22 +3470,22 @@ msgstr ""
 "styles différents pour les noms d'utilisateurs :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2525
 msgid "username"
 msgstr "username"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2528
 msgid "username@domain.name"
 msgstr "username@domain.name"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2363
+#: sssd.conf.5.xml:2531
 msgid "domain\\username"
 msgstr "domain\\username"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2366
+#: sssd.conf.5.xml:2534
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
@@ -3467,7 +3495,7 @@ msgstr ""
 "utilisateurs de domaines Windows."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2371
+#: sssd.conf.5.xml:2539
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -3478,7 +3506,7 @@ msgstr ""
 "importe le domaine après »"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2377
+#: sssd.conf.5.xml:2545
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -3490,7 +3518,7 @@ msgstr ""
 "prendre en charge les sous-motifs nommés multiples."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2384
+#: sssd.conf.5.xml:2552
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
@@ -3499,17 +3527,17 @@ msgstr ""
 "la syntaxe Python (?P&lt;name&gt;) pour nommer les sous-motifs."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2431
+#: sssd.conf.5.xml:2599
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "Par défaut : <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2437
+#: sssd.conf.5.xml:2605
 msgid "lookup_family_order (string)"
 msgstr "lookup_family_order (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2440
+#: sssd.conf.5.xml:2608
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
@@ -3518,70 +3546,83 @@ msgstr ""
 "utiliser pour effectuer les requêtes DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2444
+#: sssd.conf.5.xml:2612
 msgid "Supported values:"
 msgstr "Valeurs prises en charge :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2447
+#: sssd.conf.5.xml:2615
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 "ipv4_first : essayer de chercher une adresse IPv4, et en cas d'échec, "
 "essayer IPv6."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2450
+#: sssd.conf.5.xml:2618
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 "ipv4_only : ne tenter de résoudre les noms de systèmes qu'en adresses IPv4."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2621
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 "ipv6_first : essayer de chercher une adresse IPv6, et en cas d'échec, tenter "
 "IPv4."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2456
+#: sssd.conf.5.xml:2624
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 "ipv6_only : ne tenter de résoudre les noms de systèmes qu'en adresses IPv6."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2459
+#: sssd.conf.5.xml:2627
 msgid "Default: ipv4_first"
 msgstr "Par défaut : ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2633
 msgid "dns_resolver_timeout (integer)"
 msgstr "dns_resolver_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2468
+#: sssd.conf.5.xml:2636
+#, fuzzy
+#| msgid ""
+#| "Defines the amount of time (in seconds) to wait for a reply from the DNS "
+#| "resolver before assuming that it is unreachable. If this timeout is "
+#| "reached, the domain will continue to operate in offline mode."
 msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
+"Defines the amount of time (in seconds) to wait for a reply from the "
+"internal fail over service before assuming that the service is unreachable. "
+"If this timeout is reached, the domain will continue to operate in offline "
+"mode."
 msgstr ""
 "Délai (en secondes) d'attente de la réponse du résolveur DNS avant de "
 "considérer qu'il est injoignable. Si ce délai maximum est atteint, le "
 "domaine continuera à opérer en mode déconnecté."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2474 sssd-ldap.5.xml:1251 sssd-ldap.5.xml:1293
-#: sssd-ldap.5.xml:1311 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2643
+msgid ""
+"Please see the section <quote>FAILOVER</quote> for more information about "
+"the service resolution."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2648 sssd-ldap.5.xml:1278 sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1338 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr "Par défaut : 6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2654
 msgid "dns_discovery_domain (string)"
 msgstr "dns_discovery_domain (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2483
+#: sssd.conf.5.xml:2657
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
@@ -3590,54 +3631,54 @@ msgstr ""
 "du domaine faisant partie de la requête DNS de découverte de services."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2661
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 "Par défaut : utiliser la partie du domaine qui est dans le nom de système de "
 "la machine."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2493
+#: sssd.conf.5.xml:2667
 msgid "override_gid (integer)"
 msgstr "override_gid (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2496
+#: sssd.conf.5.xml:2670
 msgid "Override the primary GID value with the one specified."
 msgstr "Redéfinit le GID primaire avec la valeur spécifiée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2502
+#: sssd.conf.5.xml:2676
 msgid "case_sensitive (string)"
 msgstr "case_sensitive (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2510
+#: sssd.conf.5.xml:2684
 msgid "True"
 msgstr "True"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2513
+#: sssd.conf.5.xml:2687
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2519
+#: sssd.conf.5.xml:2693
 msgid "False"
 msgstr "False"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2695
 msgid "Case insensitive."
 msgstr "Insensible à la casse."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2525
+#: sssd.conf.5.xml:2699
 msgid "Preserving"
 msgstr "Preserving"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2528
+#: sssd.conf.5.xml:2702
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -3649,7 +3690,7 @@ msgstr ""
 "sortie."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2505
+#: sssd.conf.5.xml:2679
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -3657,17 +3698,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2540
+#: sssd.conf.5.xml:2714
 msgid "Default: True (False for AD provider)"
 msgstr "Par défaut : true (false pour le fournisseur AD)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2546
+#: sssd.conf.5.xml:2720
 msgid "subdomain_inherit (string)"
 msgstr "subdomain_inherit (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2549
+#: sssd.conf.5.xml:2723
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3675,34 +3716,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2729
 msgid "ignore_group_members"
 msgstr "ignore_group_members"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2558
+#: sssd.conf.5.xml:2732
 msgid "ldap_purge_cache_timeout"
 msgstr "ldap_purge_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2561 sssd-ldap.5.xml:1084
+#: sssd.conf.5.xml:2735 sssd-ldap.5.xml:1111
 msgid "ldap_use_tokengroups"
 msgstr "ldap_use_tokengroups"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2564
+#: sssd.conf.5.xml:2738
 msgid "ldap_user_principal"
 msgstr "ldap_user_principal"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2567
+#: sssd.conf.5.xml:2741
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2573
+#: sssd.conf.5.xml:2747
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3712,34 +3753,32 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2571 sssd-secrets.5.xml:381
+#: sssd.conf.5.xml:2745 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "Exemple : <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2580
-#, fuzzy
-#| msgid "This option is not available in IPA provider."
+#: sssd.conf.5.xml:2754
 msgid "Note: This option only works with the IPA and AD provider."
-msgstr "Cette option n'est pas disponible dans le fournisseur IPA."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2587
+#: sssd.conf.5.xml:2761
 msgid "subdomain_homedir (string)"
 msgstr "subdomain_homedir (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2772
 msgid "%F"
 msgstr "%F"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2599
+#: sssd.conf.5.xml:2773
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr "nom plat (NetBIOS) d'un sous-domaine."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2764
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3755,7 +3794,7 @@ msgstr ""
 "\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:2778
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
@@ -3763,17 +3802,17 @@ msgstr ""
 "emphasis>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:2782
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr "Par défaut : <filename>/home/%d/%u</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2613
+#: sssd.conf.5.xml:2787
 msgid "realmd_tags (string)"
 msgstr "realmd_tags (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2616
+#: sssd.conf.5.xml:2790
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
@@ -3781,14 +3820,12 @@ msgstr ""
 "ce domaine."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2622
-#, fuzzy
-#| msgid "memcache_timeout (int)"
+#: sssd.conf.5.xml:2796
 msgid "cached_auth_timeout (int)"
-msgstr "memcache_timeout (int)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2625
+#: sssd.conf.5.xml:2799
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3796,12 +3833,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2805
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2635
+#: sssd.conf.5.xml:2809
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3809,7 +3846,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1670
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3821,17 +3858,17 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2653
+#: sssd.conf.5.xml:2827
 msgid "proxy_pam_target (string)"
 msgstr "proxy_pam_target (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2656
+#: sssd.conf.5.xml:2830
 msgid "The proxy target PAM proxies to."
 msgstr "Le proxy cible duquel PAM devient mandataire."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2659
+#: sssd.conf.5.xml:2833
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
@@ -3840,12 +3877,12 @@ msgstr ""
 "ou en créer une nouvelle et ajouter le nom de service ici."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2841
 msgid "proxy_lib_name (string)"
 msgstr "proxy_lib_name (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2670
+#: sssd.conf.5.xml:2844
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3856,12 +3893,12 @@ msgstr ""
 "$(libName)_$(function), par exemple _nss_files_getpwent."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2680
+#: sssd.conf.5.xml:2854
 msgid "proxy_fast_alias (boolean)"
 msgstr "proxy_fast_alias (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2683
+#: sssd.conf.5.xml:2857
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3875,14 +3912,12 @@ msgstr ""
 "afin d'améliorer les performances."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2697
-#, fuzzy
-#| msgid "min_id,max_id (integer)"
+#: sssd.conf.5.xml:2871
 msgid "proxy_max_children (integer)"
-msgstr "min_id,max_id (entier)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2700
+#: sssd.conf.5.xml:2874
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3890,7 +3925,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2823
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
@@ -3899,12 +3934,12 @@ msgstr ""
 "id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2890
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2892
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3921,7 +3956,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2738
+#: sssd.conf.5.xml:2912
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3929,21 +3964,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2744
-#, fuzzy
-#| msgid "Section parameters"
+#: sssd.conf.5.xml:2918
 msgid "Application domain parameters"
-msgstr "Paramètres de sections"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2746
-#, fuzzy
-#| msgid "subdomain_inherit (string)"
+#: sssd.conf.5.xml:2920
 msgid "inherit_from (string)"
-msgstr "subdomain_inherit (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2749
+#: sssd.conf.5.xml:2923
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3952,18 +3983,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2937
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
-"through the NSS responder. In addition, the application domains also "
-"requests the telephoneNumber attribute, stores it as the phone attribute in "
-"the cache and makes the phone attribute reachable through the D-Bus "
-"interface."
+"through the NSS responder. In addition, the application domain also requests "
+"the telephoneNumber attribute, stores it as the phone attribute in the cache "
+"and makes the phone attribute reachable through the D-Bus interface."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:2771
+#: sssd.conf.5.xml:2945
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3983,12 +4013,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2963
 msgid "The local domain section"
 msgstr "La section du domaine local"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2791
+#: sssd.conf.5.xml:2965
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3999,29 +4029,29 @@ msgstr ""
 "dire un domaine qui utilise <replaceable>id_provider=local</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2798
+#: sssd.conf.5.xml:2972
 msgid "default_shell (string)"
 msgstr "default_shell (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2975
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 "L'interpréteur de commandes par défaut pour les utilisateurs créés avec les "
 "outils en espace utilisateur SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2805
+#: sssd.conf.5.xml:2979
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr "Par défaut : <filename>/bin/bash</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2810
+#: sssd.conf.5.xml:2984
 msgid "base_directory (string)"
 msgstr "base_directory (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2987
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
@@ -4030,17 +4060,17 @@ msgstr ""
 "replaceable> et l'utilisent comme dossier personnel."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2992
 msgid "Default: <filename>/home</filename>"
 msgstr "Par défaut : <filename>/home</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2823
+#: sssd.conf.5.xml:2997
 msgid "create_homedir (bool)"
 msgstr "create_homedir (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:3000
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
@@ -4049,17 +4079,17 @@ msgstr ""
 "utilisateurs. Peut être outrepassé par la ligne de commande."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830 sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:3004 sssd.conf.5.xml:3016
 msgid "Default: TRUE"
 msgstr "Par défaut : TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2835
+#: sssd.conf.5.xml:3009
 msgid "remove_homedir (bool)"
 msgstr "remove_homedir (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2838
+#: sssd.conf.5.xml:3012
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
@@ -4068,12 +4098,12 @@ msgstr ""
 "suppression des utilisateurs. Peut être outrepassé par la ligne de commande."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2847
+#: sssd.conf.5.xml:3021
 msgid "homedir_umask (integer)"
 msgstr "homedir_umask (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2850
+#: sssd.conf.5.xml:3024
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -4084,17 +4114,17 @@ msgstr ""
 "défaut sur un répertoire personnel nouvellement créé."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2858
+#: sssd.conf.5.xml:3032
 msgid "Default: 077"
 msgstr "Par défaut : 077"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:3037
 msgid "skel_dir (string)"
 msgstr "skel_dir (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2866
+#: sssd.conf.5.xml:3040
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -4107,17 +4137,17 @@ msgstr ""
 "manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2876
+#: sssd.conf.5.xml:3050
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr "Par défaut : <filename>/etc/skel</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2881
+#: sssd.conf.5.xml:3055
 msgid "mail_dir (string)"
 msgstr "mail_dir (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2884
+#: sssd.conf.5.xml:3058
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -4128,17 +4158,17 @@ msgstr ""
 "précisé, la valeur par défaut est utilisée."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2891
+#: sssd.conf.5.xml:3065
 msgid "Default: <filename>/var/mail</filename>"
 msgstr "Par défaut : <filename>/var/mail</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:3070
 msgid "userdel_cmd (string)"
 msgstr "userdel_cmd (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2899
+#: sssd.conf.5.xml:3073
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -4149,102 +4179,85 @@ msgstr ""
 "code en retour de la commande n'est pas pris en compte."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2905
+#: sssd.conf.5.xml:3079
 msgid "Default: None, no command is run"
 msgstr "Par défaut : None, aucune commande lancée"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2915
-#, fuzzy
-#| msgid "DOMAIN SECTIONS"
+#: sssd.conf.5.xml:3089
 msgid "TRUSTED DOMAIN SECTION"
-msgstr "SECTIONS DOMAINES"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:3091
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
 "<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
-"replaceable>]</quote>.  Currently supported options in the trusted domain "
-"section are:"
+"replaceable>]</quote>.  Where DOMAIN_NAME is the actual joined-to base "
+"domain. Please refer to examples below for explanation.  Currently supported "
+"options in the trusted domain section are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2922
-#, fuzzy
-#| msgid "ldap_search_base (string)"
+#: sssd.conf.5.xml:3098
 msgid "ldap_search_base,"
-msgstr "ldap_search_base (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2923
-#, fuzzy
-#| msgid "ldap_user_search_base (string)"
+#: sssd.conf.5.xml:3099
 msgid "ldap_user_search_base,"
-msgstr "ldap_user_search_base (chaînes)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2924
-#, fuzzy
-#| msgid "ldap_group_search_base (string)"
+#: sssd.conf.5.xml:3100
 msgid "ldap_group_search_base,"
-msgstr "ldap_group_search_base (chaînes)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2925
-#, fuzzy
-#| msgid "ldap_netgroup_search_base (string)"
+#: sssd.conf.5.xml:3101
 msgid "ldap_netgroup_search_base,"
-msgstr "ldap_netgroup_search_base (chaînes)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2926
-#, fuzzy
-#| msgid "ldap_service_search_base (string)"
+#: sssd.conf.5.xml:3102
 msgid "ldap_service_search_base,"
-msgstr "ldap_service_search_base (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2927
+#: sssd.conf.5.xml:3103
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2928
-#, fuzzy
-#| msgid "ad_server, ad_backup_server (string)"
+#: sssd.conf.5.xml:3104
 msgid "ad_backup_server,"
-msgstr "ad_server, ad_backup_server (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2929
+#: sssd.conf.5.xml:3105
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2930
-#, fuzzy
-#| msgid "use_fully_qualified_names (bool)"
+#: sssd.conf.5.xml:3106
 msgid "use_fully_qualified_names"
-msgstr "use_fully_qualified_names (booléen)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2932
+#: sssd.conf.5.xml:3108
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2938 sssd-ldap.5.xml:2662 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:673 sssd-ad.5.xml:1018 sssd-krb5.5.xml:570
-#: sss_rpcidmapd.5.xml:98 sssd-files.5.xml:71
-msgid "EXAMPLE"
-msgstr "EXEMPLE"
+#: sssd.conf.5.xml:3114 idmap_sss.8.xml:43
+msgid "EXAMPLES"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2944
+#: sssd.conf.5.xml:3120
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -4298,9 +4311,15 @@ msgstr ""
 "enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2940
+#: sssd.conf.5.xml:3116
+#, fuzzy
+#| msgid ""
+#| "The following example shows a typical SSSD config. It does not describe "
+#| "configuration of the domains themselves - refer to documentation on "
+#| "configuring domains for more details.  <placeholder type=\"programlisting"
+#| "\" id=\"0\"/>"
 msgid ""
-"The following example shows a typical SSSD config. It does not describe "
+"1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 "id=\"0\"/>"
@@ -4310,6 +4329,25 @@ msgstr ""
 "configuration des domaines pour plus de détails. <placeholder type="
 "\"programlisting\" id=\"0\"/>"
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:3153
+#, no-wrap
+msgid ""
+"[domain/ipa.com/child.ad.com]\n"
+"use_fully_qualified_names = false\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3147
+msgid ""
+"2. The following example shows configuration of IPA AD trust where the AD "
+"forest consists of two domains in a parent-child structure.  Suppose IPA "
+"domain (ipa.com) has trust with AD domain(ad.com).  ad.com has child domain "
+"(child.ad.com). To enable shortnames in the child domain the following "
+"configuration should be used.  <placeholder type=\"programlisting\" id=\"0\"/"
+">"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
 msgid "sssd-ldap"
@@ -4364,7 +4402,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:75 sssd-ad.5.xml:99
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
-#: sssd-secrets.5.xml:94 sssd-kcm.8.xml:141
+#: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
 msgstr "OPTIONS DE CONFIGURATION"
 
@@ -4390,7 +4428,7 @@ msgstr ""
 "la section de <quote>DÉCOUVERTE DE SERVICE</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:197
+#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:264
 msgid "The format of the URI must match the format defined in RFC 2732:"
 msgstr ""
 "Le format de l'URI doit correspondre au format définit dans la RFC 2732 :"
@@ -4716,16 +4754,14 @@ msgstr ""
 "L'attribut LDAP correspondant à l'id du groupe primaire de l'utilisateur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:893
+#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:920
 msgid "Default: gidNumber"
 msgstr "Par défaut : gidNumber"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:303
-#, fuzzy
-#| msgid "ldap_user_principal (string)"
 msgid "ldap_user_primary_group (string)"
-msgstr "ldap_user_principal (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:306
@@ -4799,7 +4835,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:919
+#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:946
 msgid ""
 "Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
 "IPA"
@@ -4822,7 +4858,7 @@ msgstr ""
 "n'est habituellement nécessaire que pour les serveurs Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:961
 msgid "Default: objectSid for ActiveDirectory, not set for other servers."
 msgstr ""
 
@@ -4832,7 +4868,7 @@ msgid "ldap_user_modify_timestamp (string)"
 msgstr "ldap_user_modify_timestamp (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:944 sssd-ldap.5.xml:1167
+#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:971 sssd-ldap.5.xml:1194
 msgid ""
 "The LDAP attribute that contains timestamp of the last modification of the "
 "parent object."
@@ -4841,7 +4877,7 @@ msgstr ""
 "l'objet parent."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:948 sssd-ldap.5.xml:1174
+#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:975 sssd-ldap.5.xml:1201
 msgid "Default: modifyTimestamp"
 msgstr "Par défaut : modifyTimestamp"
 
@@ -5307,8 +5343,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
 msgstr "L'attribut LDAP correspondant au nom complet de l'utilisateur."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1199
-#: sssd-ldap.5.xml:2240 sssd-ipa.5.xml:544
+#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1152 sssd-ldap.5.xml:1226
+#: sssd-ldap.5.xml:2276 sssd-ipa.5.xml:588
 msgid "Default: cn"
 msgstr "Par défaut : cn"
 
@@ -5412,118 +5448,167 @@ msgstr "Par défaut : host"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:833
-msgid "ldap_user_certificate (string)"
-msgstr "ldap_user_certificate (chaîne)"
+#, fuzzy
+#| msgid "ldap_user_authorized_host (string)"
+msgid "ldap_user_authorized_rhost (string)"
+msgstr "ldap_user_authorized_host (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:836
-msgid "Name of the LDAP attribute containing the X509 certificate of the user."
+#, fuzzy
+#| msgid ""
+#| "If access_provider=ldap and ldap_access_order=host, SSSD will use the "
+#| "presence of the host attribute in the user's LDAP entry to determine "
+#| "access privilege."
+msgid ""
+"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
+"presence of the rhost attribute in the user's LDAP entry to determine access "
+"privilege. Similarly to host verification process."
 msgstr ""
+"Si access_provider=ldap et ldap_access_order=host, SSSD va utiliser la "
+"présence de l'attribut host dans l'entrée LDAP de l'utilisateur pour "
+"déterminer les autorisations d'accès."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:840
+#: sssd-ldap.5.xml:843
 #, fuzzy
 #| msgid ""
-#| "Default: not set in the general case, objectGUID for AD and ipaUniqueID "
-#| "for IPA"
-msgid "Default: no set in the general case, userCertificate;binary for IPA"
+#| "An explicit deny (!host) is resolved first. Second, SSSD searches for "
+#| "explicit allow (host) and finally for allow_all (*)."
+msgid ""
+"An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
+"explicit allow (rhost) and finally for allow_all (*)."
 msgstr ""
-"Par défaut : non défini dans le cas général, objectGUID pour AD et "
-"ipaUniqueID pour IPA"
+"Le refus explicite (!host) est résolu en premier. SSSD recherche ensuite les "
+"autorisations explicites (host) et enfin toutes les autorisations (*)."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:848
+#, fuzzy
+#| msgid ""
+#| "Please note that the ldap_access_order configuration option "
+#| "<emphasis>must</emphasis> include <quote>host</quote> in order for the "
+#| "ldap_user_authorized_host option to work."
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>rhost</quote> in order for the "
+"ldap_user_authorized_rhost option to work."
+msgstr ""
+"Noter que l'option de configuration ldap_access_order <emphasis>doit</"
+"emphasis> inclure <quote>host</quote> de façon à permettre à l'option "
+"ldap_user_authorized_host de fonctionner."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:855
+#, fuzzy
+#| msgid "Default: host"
+msgid "Default: rhost"
+msgstr "Par défaut : host"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:847
+#: sssd-ldap.5.xml:861
+msgid "ldap_user_certificate (string)"
+msgstr "ldap_user_certificate (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "Name of the LDAP attribute containing the X509 certificate of the user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:868
 #, fuzzy
-#| msgid "ldap_user_shell (string)"
+#| msgid "Default: filter"
+msgid "Default: userCertificate;binary"
+msgstr "Par défaut : filter"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:874
 msgid "ldap_user_email (string)"
-msgstr "ldap_user_shell (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:850
-#, fuzzy
-#| msgid "The LDAP attribute that contains the names of the group's members."
+#: sssd-ldap.5.xml:877
 msgid "Name of the LDAP attribute containing the email address of the user."
-msgstr "L'attribut LDAP contenant les noms des membres du groupe."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-#, fuzzy
-#| msgid "Default: false"
+#: sssd-ldap.5.xml:881
 msgid "Default: mail"
-msgstr "Par défaut : false"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:860
+#: sssd-ldap.5.xml:887
 msgid "ldap_group_object_class (string)"
 msgstr "ldap_group_object_class (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:890
 msgid "The object class of a group entry in LDAP."
 msgstr "La classe d'objet d'une entrée de groupe dans LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:893
 msgid "Default: posixGroup"
 msgstr "Par défaut : posixGroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:872
+#: sssd-ldap.5.xml:899
 msgid "ldap_group_name (string)"
 msgstr "ldap_group_name (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:875
+#: sssd-ldap.5.xml:902
 msgid "The LDAP attribute that corresponds to the group name."
 msgstr "L'attribut LDAP correspondant au nom du groupe."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:879
+#: sssd-ldap.5.xml:906
 msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:886
+#: sssd-ldap.5.xml:913
 msgid "ldap_group_gid_number (string)"
 msgstr "ldap_group_gid_number (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:916
 msgid "The LDAP attribute that corresponds to the group's id."
 msgstr "L'attribut LDAP correspondant à l'identifiant de groupe."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:926
 msgid "ldap_group_member (string)"
 msgstr "ldap_group_member (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:902
+#: sssd-ldap.5.xml:929
 msgid "The LDAP attribute that contains the names of the group's members."
 msgstr "L'attribut LDAP contenant les noms des membres du groupe."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:933
 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
 msgstr "Par défaut : memberuid (rfc2307) / member (rfc2307bis)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:939
 msgid "ldap_group_uuid (string)"
 msgstr "ldap_group_uuid (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:942
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:953
 msgid "ldap_group_objectsid (string)"
 msgstr "ldap_group_objectsid (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:929
+#: sssd-ldap.5.xml:956
 msgid ""
 "The LDAP attribute that contains the objectSID of an LDAP group object. This "
 "is usually only necessary for ActiveDirectory servers."
@@ -5532,17 +5617,17 @@ msgstr ""
 "n'est habituellement nécessaire que pour les serveurs Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:968
 msgid "ldap_group_modify_timestamp (string)"
 msgstr "ldap_group_modify_timestamp (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:981
 msgid "ldap_group_type (integer)"
 msgstr "ldap_group_type (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:957
+#: sssd-ldap.5.xml:984
 msgid ""
 "The LDAP attribute that contains an integer value indicating the type of the "
 "group and maybe other flags."
@@ -5551,7 +5636,7 @@ msgstr ""
 "voire d'autres indicateurs."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:962
+#: sssd-ldap.5.xml:989
 msgid ""
 "This attribute is currently only used by the AD provider to determine if a "
 "group is a domain local groups and has to be filtered out for trusted "
@@ -5562,42 +5647,34 @@ msgstr ""
 "hors des domaines approuvés."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:968
-#, fuzzy
-#| msgid "Default: groupType in the AD provider, othewise not set"
+#: sssd-ldap.5.xml:995
 msgid "Default: groupType in the AD provider, otherwise not set"
 msgstr ""
-"Par défaut : groupType dans le fournisseur AD, non configuré pour les autres"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:975
-#, fuzzy
-#| msgid "ldap_group_member (string)"
+#: sssd-ldap.5.xml:1002
 msgid "ldap_group_external_member (string)"
-msgstr "ldap_group_member (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:978
+#: sssd-ldap.5.xml:1005
 msgid ""
 "The LDAP attribute that references group members that are defined in an "
 "external domain. At the moment, only IPA's external members are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
-#, fuzzy
-#| msgid "Default: groupType in the AD provider, othewise not set"
+#: sssd-ldap.5.xml:1011
 msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
 msgstr ""
-"Par défaut : groupType dans le fournisseur AD, non configuré pour les autres"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1018
 msgid "ldap_group_nesting_level (integer)"
 msgstr "ldap_group_nesting_level (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1021
 msgid ""
 "If ldap_schema is set to a schema format that supports nested groups (e.g. "
 "RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -5609,7 +5686,7 @@ msgstr ""
 "schéma RFC2307."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
+#: sssd-ldap.5.xml:1028
 msgid ""
 "Note: This option specifies the guaranteed level of nested groups to be "
 "processed for any lookup. However, nested groups beyond this limit "
@@ -5619,7 +5696,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1037
 msgid ""
 "If ldap_group_nesting_level is set to 0 then no nested groups are processed "
 "at all. However, when connected to Active-Directory Server 2008 and later "
@@ -5629,17 +5706,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1046
 msgid "Default: 2"
 msgstr "Par défaut : 2"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1025
+#: sssd-ldap.5.xml:1052
 msgid "ldap_groups_use_matching_rule_in_chain"
 msgstr "ldap_groups_use_matching_rule_in_chain"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1028
+#: sssd-ldap.5.xml:1055
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which may speed up group lookup operations on deployments with "
@@ -5651,7 +5728,7 @@ msgstr ""
 "complexes."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1034
+#: sssd-ldap.5.xml:1061
 msgid ""
 "In most common cases, it is best to leave this option disabled. It generally "
 "only provides a performance increase on very complex nestings."
@@ -5661,7 +5738,7 @@ msgstr ""
 "imbrications très complexes."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039 sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1093
 msgid ""
 "If this option is enabled, SSSD will use it if it detects that the server "
 "supports it during initial connection. So \"True\" here essentially means "
@@ -5672,7 +5749,7 @@ msgstr ""
 "essentiellement « auto-detect »."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1072
+#: sssd-ldap.5.xml:1072 sssd-ldap.5.xml:1099
 msgid ""
 "Note: This feature is currently known to work only with Active Directory "
 "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -5685,12 +5762,12 @@ msgstr ""
 "documentation de MSDN(TM)</ulink> pour plus de détails."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1057
+#: sssd-ldap.5.xml:1084
 msgid "ldap_initgroups_use_matching_rule_in_chain"
 msgstr "ldap_initgroups_use_matching_rule_in_chain"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1087
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which might speed up initgroups operations (most notably when "
@@ -5702,7 +5779,7 @@ msgstr ""
 "complexes)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1114
 msgid ""
 "This options enables or disables use of Token-Groups attribute when "
 "performing initgroup for users from Active Directory Server 2008 and later."
@@ -5712,76 +5789,76 @@ msgstr ""
 "2008 et versions ultérieures."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1092
+#: sssd-ldap.5.xml:1119
 msgid "Default: True for AD and IPA otherwise False."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1125
 msgid "ldap_netgroup_object_class (string)"
 msgstr "ldap_netgroup_object_class (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1101
+#: sssd-ldap.5.xml:1128
 msgid "The object class of a netgroup entry in LDAP."
 msgstr "La classe d'objet d'une entrée de netgroup dans LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1104
+#: sssd-ldap.5.xml:1131
 msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
 msgstr ""
 "Pour un fournisseur IPA, ipa_netgroup_object_class doit être utilisé à la "
 "place."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1108
+#: sssd-ldap.5.xml:1135
 msgid "Default: nisNetgroup"
 msgstr "Par défaut : nisNetgroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1114
+#: sssd-ldap.5.xml:1141
 msgid "ldap_netgroup_name (string)"
 msgstr "ldap_netgroup_name (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1117
+#: sssd-ldap.5.xml:1144
 msgid "The LDAP attribute that corresponds to the netgroup name."
 msgstr "L'attribut LDAP correspondant au nom du netgroup."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1121
+#: sssd-ldap.5.xml:1148
 msgid "In IPA provider, ipa_netgroup_name should be used instead."
 msgstr ""
 "Dans le fournisseur IPA, ipa_netgroup_name doit être utilisé à la place."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1131
+#: sssd-ldap.5.xml:1158
 msgid "ldap_netgroup_member (string)"
 msgstr "ldap_netgroup_member (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1134
+#: sssd-ldap.5.xml:1161
 msgid "The LDAP attribute that contains the names of the netgroup's members."
 msgstr "L'attribut LDAP contenant les noms des membres du netgroup."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1165
 msgid "In IPA provider, ipa_netgroup_member should be used instead."
 msgstr ""
 "Dans le fournisseur IPA, ipa_netgroup_member doit être utilisé à la place."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1142
+#: sssd-ldap.5.xml:1169
 msgid "Default: memberNisNetgroup"
 msgstr "Par défaut : memberNisNetgroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1175
 msgid "ldap_netgroup_triple (string)"
 msgstr "ldap_netgroup_triple (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1178
 msgid ""
 "The LDAP attribute that contains the (host, user, domain) netgroup triples."
 msgstr ""
@@ -5789,42 +5866,42 @@ msgstr ""
 "netgroup."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1155 sssd-ldap.5.xml:1171
+#: sssd-ldap.5.xml:1182 sssd-ldap.5.xml:1198
 msgid "This option is not available in IPA provider."
 msgstr "Cette option n'est pas disponible dans le fournisseur IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1158
+#: sssd-ldap.5.xml:1185
 msgid "Default: nisNetgroupTriple"
 msgstr "Par défaut : nisNetgroupTriple"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1191
 msgid "ldap_netgroup_modify_timestamp (string)"
 msgstr "ldap_netgroup_modify_timestamp (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1207
 msgid "ldap_service_object_class (string)"
 msgstr "ldap_service_object_class (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1210
 msgid "The object class of a service entry in LDAP."
 msgstr "La classe d'objet d'une entrée de service LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1186
+#: sssd-ldap.5.xml:1213
 msgid "Default: ipService"
 msgstr "Par défaut : ipService"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1192
+#: sssd-ldap.5.xml:1219
 msgid "ldap_service_name (string)"
 msgstr "ldap_service_name (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1195
+#: sssd-ldap.5.xml:1222
 msgid ""
 "The LDAP attribute that contains the name of service attributes and their "
 "aliases."
@@ -5833,48 +5910,48 @@ msgstr ""
 "alias."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1205
+#: sssd-ldap.5.xml:1232
 msgid "ldap_service_port (string)"
 msgstr "ldap_service_port (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1235
 msgid "The LDAP attribute that contains the port managed by this service."
 msgstr "L'attribut LDAP qui contient le port géré par ce service."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1239
 msgid "Default: ipServicePort"
 msgstr "Par défaut : ipServicePort"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1245
 msgid "ldap_service_proto (string)"
 msgstr "ldap_service_proto (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1248
 msgid ""
 "The LDAP attribute that contains the protocols understood by this service."
 msgstr "L'attribut LDAP qui contient les protocoles compris par ce service."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1252
 msgid "Default: ipServiceProtocol"
 msgstr "Par défaut : ipServiceProtocol"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1231
+#: sssd-ldap.5.xml:1258
 msgid "ldap_service_search_base (string)"
 msgstr "ldap_service_search_base (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1236
+#: sssd-ldap.5.xml:1263
 msgid "ldap_search_timeout (integer)"
 msgstr "ldap_search_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1266
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches are allowed to run "
 "before they are cancelled and cached results are returned (and offline mode "
@@ -5885,7 +5962,7 @@ msgstr ""
 "activation du mode hors ligne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1245
+#: sssd-ldap.5.xml:1272
 msgid ""
 "Note: this option is subject to change in future versions of the SSSD. It "
 "will likely be replaced at some point by a series of timeouts for specific "
@@ -5896,12 +5973,12 @@ msgstr ""
 "différents types de recherches."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1257
+#: sssd-ldap.5.xml:1284
 msgid "ldap_enumeration_search_timeout (integer)"
 msgstr "ldap_enumeration_search_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1260
+#: sssd-ldap.5.xml:1287
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches for user and group "
 "enumerations are allowed to run before they are cancelled and cached results "
@@ -5912,12 +5989,12 @@ msgstr ""
 "résultats mis en cache (et activation du mode hors ligne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1273
+#: sssd-ldap.5.xml:1300
 msgid "ldap_network_timeout (integer)"
 msgstr "ldap_network_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1303
 msgid ""
 "Specifies the timeout (in seconds) after which the <citerefentry> "
 "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -5934,12 +6011,12 @@ msgstr ""
 "citerefentry> rendent la main en cas d'inactivité."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1326
 msgid "ldap_opt_timeout (integer)"
 msgstr "ldap_opt_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1329
 msgid ""
 "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
 "will abort if no response is received. Also controls the timeout when "
@@ -5948,12 +6025,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1344
 msgid "ldap_connection_expire_timeout (integer)"
 msgstr "ldap_connection_expire_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1347
 msgid ""
 "Specifies a timeout (in seconds) that a connection to an LDAP server will be "
 "maintained. After this time, the connection will be re-established. If used "
@@ -5966,17 +6043,17 @@ msgstr ""
 "courte des deux valeurs entre celle-ci et la durée de vie TGT sera utilisée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1328 sssd-ldap.5.xml:2397
+#: sssd-ldap.5.xml:1355 sssd-ldap.5.xml:2433
 msgid "Default: 900 (15 minutes)"
 msgstr "Par défaut : 900 (15 minutes)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1361
 msgid "ldap_page_size (integer)"
 msgstr "ldap_page_size (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1364
 msgid ""
 "Specify the number of records to retrieve from LDAP in a single request. "
 "Some LDAP servers enforce a maximum limit per-request."
@@ -5985,17 +6062,17 @@ msgstr ""
 "Certains serveurs LDAP imposent une limite maximale par requête."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1342
+#: sssd-ldap.5.xml:1369
 msgid "Default: 1000"
 msgstr "Par défaut : 1000"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1375
 msgid "ldap_disable_paging (boolean)"
 msgstr "ldap_disable_paging (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1378
 msgid ""
 "Disable the LDAP paging control. This option should be used if the LDAP "
 "server reports that it supports the LDAP paging control in its RootDSE but "
@@ -6007,7 +6084,7 @@ msgstr ""
 "correctement."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1384
 msgid ""
 "Example: OpenLDAP servers with the paging control module installed on the "
 "server but not enabled will report it in the RootDSE but be unable to use it."
@@ -6017,7 +6094,7 @@ msgstr ""
 "sera impossible de l'utiliser."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1363
+#: sssd-ldap.5.xml:1390
 msgid ""
 "Example: 389 DS has a bug where it can only support a one paging control at "
 "a time on a single connection. On busy clients, this can result in some "
@@ -6028,17 +6105,17 @@ msgstr ""
 "cela peut entraîner l'échec de certaines demandes."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1375
+#: sssd-ldap.5.xml:1402
 msgid "ldap_disable_range_retrieval (boolean)"
 msgstr "ldap_disable_range_retrieval (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1378
+#: sssd-ldap.5.xml:1405
 msgid "Disable Active Directory range retrieval."
 msgstr "Désactiver la récupération de plage Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1381
+#: sssd-ldap.5.xml:1408
 msgid ""
 "Active Directory limits the number of members to be retrieved in a single "
 "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -6054,12 +6131,12 @@ msgstr ""
 "apparaissant ainsi sans aucun membre."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1396
+#: sssd-ldap.5.xml:1423
 msgid "ldap_sasl_minssf (integer)"
 msgstr "ldap_sasl_minssf (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1426
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -6070,19 +6147,19 @@ msgstr ""
 "de cette option sont définies par OpenLDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1432
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 "Par défaut : Utiliser la valeur par défaut du système (généralement spécifié "
 "par ldap.conf)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1439
 msgid "ldap_deref_threshold (integer)"
 msgstr "ldap_deref_threshold (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1415
+#: sssd-ldap.5.xml:1442
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -6093,7 +6170,7 @@ msgstr ""
 "membres manquants est inférieur, ils sont recherchés individuellement."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1448
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0."
 msgstr ""
@@ -6101,7 +6178,7 @@ msgstr ""
 "affectant la valeur 0."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1452
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -6114,7 +6191,7 @@ msgstr ""
 "acceptés sont 389/RHDS, OpenLDAP et Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1433
+#: sssd-ldap.5.xml:1460
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -6125,12 +6202,12 @@ msgstr ""
 "déréférencement est désactivée indépendamment de ce paramètre."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1473
 msgid "ldap_tls_reqcert (string)"
 msgstr "ldap_tls_reqcert (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1449
+#: sssd-ldap.5.xml:1476
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
@@ -6139,7 +6216,7 @@ msgstr ""
 "session TLS, si elle existe. Une des valeurs suivantes est utilisable :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1482
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
@@ -6148,7 +6225,7 @@ msgstr ""
 "quelconque certificat du serveur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1486
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6159,7 +6236,7 @@ msgstr ""
 "certificat est fourni, il est ignoré et la session continue normalement."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466
+#: sssd-ldap.5.xml:1493
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6170,7 +6247,7 @@ msgstr ""
 "certificat est fourni, la session se termine immédiatement."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1472
+#: sssd-ldap.5.xml:1499
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -6181,22 +6258,22 @@ msgstr ""
 "immédiatement."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1478
+#: sssd-ldap.5.xml:1505
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr "<emphasis>hard</emphasis> : identique à <quote>demand</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1509
 msgid "Default: hard"
 msgstr "Par défaut : hard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1515
 msgid "ldap_tls_cacert (string)"
 msgstr "ldap_tls_cacert (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1518
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
@@ -6205,7 +6282,7 @@ msgstr ""
 "certification que <command>sssd</command> reconnaîtra."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1496 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1523 sssd-ldap.5.xml:1541 sssd-ldap.5.xml:1582
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
@@ -6214,12 +6291,12 @@ msgstr ""
 "<filename>/etc/openldap/ldap.conf</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1530
 msgid "ldap_tls_cacertdir (string)"
 msgstr "ldap_tls_cacertdir (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1533
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -6233,32 +6310,32 @@ msgstr ""
 "corrects."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1548
 msgid "ldap_tls_cert (string)"
 msgstr "ldap_tls_cert (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1524
+#: sssd-ldap.5.xml:1551
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr "Définit le fichier qui contient le certificat pour la clef du client."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1534
+#: sssd-ldap.5.xml:1561
 msgid "ldap_tls_key (string)"
 msgstr "ldap_tls_key (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1564
 msgid "Specifies the file that contains the client's key."
 msgstr "Définit le fichier qui contient la clef du client."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1573
 msgid "ldap_tls_cipher_suite (string)"
 msgstr "ldap_tls_cipher_suite (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1576
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -6266,12 +6343,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1589
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr "ldap_id_use_start_tls (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1565
+#: sssd-ldap.5.xml:1592
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem class="
 "\"protocol\">tls</systemitem> to protect the channel."
@@ -6281,12 +6358,12 @@ msgstr ""
 "canal."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1602
 msgid "ldap_id_mapping (boolean)"
 msgstr "ldap_id_mapping (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1605
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -6298,21 +6375,19 @@ msgstr ""
 "ldap_group_gid_number."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1584
+#: sssd-ldap.5.xml:1611
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 "Cette fonctionnalité ne prend actuellement en charge que la correspondance "
 "par objectSID avec Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1594
-#, fuzzy
-#| msgid "ldap_min_id, ldap_max_id (interger)"
+#: sssd-ldap.5.xml:1621
 msgid "ldap_min_id, ldap_max_id (integer)"
-msgstr "ldap_min_id, ldap_max_id (entiers)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1624
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -6332,17 +6407,17 @@ msgstr ""
 "identifiants."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1636
 msgid "Default: not set (both options are set to 0)"
 msgstr "Par défaut : non indiqué (les deux options sont à 0)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1642
 msgid "ldap_sasl_mech (string)"
 msgstr "ldap_sasl_mech (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1645
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
 "supported."
@@ -6351,12 +6426,12 @@ msgstr ""
 "pris en charge."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1655
 msgid "ldap_sasl_authid (string)"
 msgstr "ldap_sasl_authid (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1658
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI is used, this "
 "represents the Kerberos principal used for authentication to the directory.  "
@@ -6370,17 +6445,17 @@ msgstr ""
 "exemple host/myhost)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1666
 msgid "Default: host/hostname@REALM"
 msgstr "Par défaut : host/hostname@REALM"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1672
 msgid "ldap_sasl_realm (string)"
 msgstr "ldap_sasl_realm (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1648
+#: sssd-ldap.5.xml:1675
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -6391,17 +6466,17 @@ msgstr ""
 "domaine, cette option est ignorée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1681
 msgid "Default: the value of krb5_realm."
 msgstr "Par défaut : la valeur de krb5_realm."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1687
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr "ldap_sasl_canonicalize (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1663
+#: sssd-ldap.5.xml:1690
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
@@ -6410,34 +6485,34 @@ msgstr ""
 "le nom de l'hôte au cours d'une liaison SASL."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1668
+#: sssd-ldap.5.xml:1695
 msgid "Default: false;"
 msgstr "Défaut : false;"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1701
 msgid "ldap_krb5_keytab (string)"
 msgstr "ldap_krb5_keytab (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1677
+#: sssd-ldap.5.xml:1704
 msgid "Specify the keytab to use when using SASL/GSSAPI."
 msgstr "Définit le fichier keytab à utiliser pour utiliser SASL/GSSAPI."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1680
+#: sssd-ldap.5.xml:1707
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 "Par défaut : le fichier keytab du système, normalement <filename>/etc/krb5."
 "keytab</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1686
+#: sssd-ldap.5.xml:1713
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr "ldap_krb5_init_creds (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1689
+#: sssd-ldap.5.xml:1716
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -6448,27 +6523,27 @@ msgstr ""
 "SASL est utilisé et que le mécanisme choisi est GSSAPI."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1728
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr "ldap_krb5_ticket_lifetime (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1704
+#: sssd-ldap.5.xml:1731
 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr "Définit la durée de vie, en secondes, des TGT si GSSAPI est utilisé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1708 sssd-ad.5.xml:914
+#: sssd-ldap.5.xml:1735 sssd-ad.5.xml:914
 msgid "Default: 86400 (24 hours)"
 msgstr "Par défaut : 86400 (24 heures)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1714 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1741 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr "krb5_server, krb5_backup_server (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1717
+#: sssd-ldap.5.xml:1744
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -6488,7 +6563,7 @@ msgstr ""
 "<quote>DÉCOUVERTE DE  SERVICES</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1756 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -6499,7 +6574,7 @@ msgstr ""
 "comme protocole, et passe sur _tcp si aucune entrée n'est trouvée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1761 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -6511,29 +6586,29 @@ msgstr ""
 "l'utilisation de <quote>krb5_server</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1743 sssd-ipa.5.xml:418 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1770 sssd-ipa.5.xml:432 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr "krb5_realm (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1746
+#: sssd-ldap.5.xml:1773
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
 msgstr "Définit le DOMAINE de Kerberos (pour l'authentification SASL/GSSAPI)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1749
+#: sssd-ldap.5.xml:1776
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 "Par défaut : valeur par défaut du système, voir <filename>/etc/krb5.conf</"
 "filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1755 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1782 sssd-krb5.5.xml:462
 msgid "krb5_canonicalize (boolean)"
 msgstr "krb5_canonicalize (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1785
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -6543,12 +6618,12 @@ msgstr ""
 "Kerberos > = 1.7"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1770 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1797 sssd-krb5.5.xml:477
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr "krb5_use_kdcinfo (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1773 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1800 sssd-krb5.5.xml:480
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -6563,7 +6638,7 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1811 sssd-krb5.5.xml:491
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -6575,12 +6650,12 @@ msgstr ""
 "localisation."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1825
 msgid "ldap_pwd_policy (string)"
 msgstr "ldap_pwd_policy (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1828
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
@@ -6589,7 +6664,7 @@ msgstr ""
 "valeurs suivantes sont acceptées :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1806
+#: sssd-ldap.5.xml:1833
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
@@ -6598,7 +6673,7 @@ msgstr ""
 "peut pas désactiver la politique sur les mots de passe du côté serveur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1811
+#: sssd-ldap.5.xml:1838
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -6609,7 +6684,7 @@ msgstr ""
 "manvolnum></citerefentry> pour évaluer si le mot de passe a expiré."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1817
+#: sssd-ldap.5.xml:1844
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -6621,7 +6696,7 @@ msgstr ""
 "est changé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1826
+#: sssd-ldap.5.xml:1853
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
@@ -6630,17 +6705,17 @@ msgstr ""
 "côté serveur, elle prend le pas sur la politique indiquée avec cette option."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1861
 msgid "ldap_referrals (boolean)"
 msgstr "ldap_referrals (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1864
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr "Définit si le déréférencement automatique doit être activé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1868
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
@@ -6649,7 +6724,7 @@ msgstr ""
 "compilé avec OpenLDAP version 2.4.13 ou supérieur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1873
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -6663,29 +6738,29 @@ msgstr ""
 "permettre d'améliorer de façon notable les performances."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1887
 msgid "ldap_dns_service_name (string)"
 msgstr "ldap_dns_service_name (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1890
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 "Définit le nom de service à utiliser quand la découverte de services est "
 "activée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1894
 msgid "Default: ldap"
 msgstr "Par défaut : ldap"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1900
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr "ldap_chpass_dns_service_name (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1876
+#: sssd-ldap.5.xml:1903
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
@@ -6694,19 +6769,19 @@ msgstr ""
 "un changement de mot de passe quand la découverte de services est activée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1881
+#: sssd-ldap.5.xml:1908
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 "Par défaut : non défini, c'est-à-dire que le service de découverte est "
 "désactivé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1887
+#: sssd-ldap.5.xml:1914
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr "ldap_chpass_update_last_change (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1890
+#: sssd-ldap.5.xml:1917
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
@@ -6716,12 +6791,12 @@ msgstr ""
 "de passe."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1902
+#: sssd-ldap.5.xml:1929
 msgid "ldap_access_filter (string)"
 msgstr "ldap_access_filter (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1932
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -6737,12 +6812,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1952
 msgid "Example:"
 msgstr "Exemple :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1928
+#: sssd-ldap.5.xml:1955
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -6754,7 +6829,7 @@ msgstr ""
 "                        "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1959
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
@@ -6763,35 +6838,26 @@ msgstr ""
 "dont l'attribut employeeType est « admin »."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1937
-#, fuzzy
-#| msgid ""
-#| "Offline caching for this feature is limited to determining whether the "
-#| "user's last online login was granted access permission. If they were "
-#| "granted access during their last login, they will continue to be granted "
-#| "access while offline and vice-versa."
+#: sssd-ldap.5.xml:1964
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
 "access during their last login, they will continue to be granted access "
 "while offline and vice versa."
 msgstr ""
-"Le cache hors-ligne pour cette fonctionnalité est limité à la détermination "
-"du fait que la dernière connexion en ligne de l'utilisateur a été autorisée. "
-"Si tel était le cas, l'accès sera conservé en mode hors-ligne et vice-versa."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1945 sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:1972 sssd-ldap.5.xml:2029
 msgid "Default: Empty"
 msgstr "Par défaut : vide"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1951
+#: sssd-ldap.5.xml:1978
 msgid "ldap_account_expire_policy (string)"
 msgstr "ldap_account_expire_policy (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1981
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
@@ -6800,7 +6866,7 @@ msgstr ""
 "être activée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1958
+#: sssd-ldap.5.xml:1985
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -6812,12 +6878,12 @@ msgstr ""
 "correct."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1965
+#: sssd-ldap.5.xml:1992
 msgid "The following values are allowed:"
 msgstr "Les valeurs suivantes sont autorisées :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1995
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
@@ -6826,7 +6892,7 @@ msgstr ""
 "pour déterminer si le compte a expiré."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1973
+#: sssd-ldap.5.xml:2000
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -6839,7 +6905,7 @@ msgstr ""
 "d'expiration du compte est aussi vérifiée."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:2007
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -6850,7 +6916,7 @@ msgstr ""
 "l'accès est autorisé ou non."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1986
+#: sssd-ldap.5.xml:2013
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -6863,7 +6929,7 @@ msgstr ""
 "est autorisé. Si les deux attributs sont manquants, l'accès est autorisé."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2022
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -6874,24 +6940,24 @@ msgstr ""
 "ldap_account_expire_policy de fonctionner."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2035
 msgid "ldap_access_order (string)"
 msgstr "ldap_access_order (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2011
+#: sssd-ldap.5.xml:2038
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 "Liste séparées par des virgules des options de contrôles d'accès. Les "
 "valeurs autorisées sont :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2042
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr "<emphasis>filter</emphasis> : utiliser ldap_access_filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2045
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6901,14 +6967,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2028
+#: sssd-ldap.5.xml:2055
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2062
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6921,12 +6987,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2052
+#: sssd-ldap.5.xml:2079
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr "<emphasis>expire</emphasis>: utiliser ldap_account_expire_policy"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2056
+#: sssd-ldap.5.xml:2083
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -6936,7 +7002,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2093
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -6946,20 +7012,20 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2101
 msgid ""
 "Note If user password is expired no explicit message is prompted by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2105
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2083
+#: sssd-ldap.5.xml:2110
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
@@ -6968,18 +7034,36 @@ msgstr ""
 "authorizedService pour déterminer l'accès"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2115
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 "<emphasis>host</emphasis> : utilise l'attribut host pour déterminer l'accès"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2092
+#: sssd-ldap.5.xml:2119
+#, fuzzy
+#| msgid ""
+#| "<emphasis>host</emphasis>: use the host attribute to determine access"
+msgid ""
+"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
+"remote host can access"
+msgstr ""
+"<emphasis>host</emphasis> : utilise l'attribut host pour déterminer l'accès"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2123
+msgid ""
+"Please note, rhost field in pam is set by application, it is better to check "
+"what the application sends to pam, before enabling this access control option"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2128
 msgid "Default: filter"
 msgstr "Par défaut : filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2095
+#: sssd-ldap.5.xml:2131
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
@@ -6988,12 +7072,12 @@ msgstr ""
 "de configuration."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2102
+#: sssd-ldap.5.xml:2138
 msgid "ldap_pwdlockout_dn (string)"
 msgstr "ldap_pwdlockout_dn (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2105
+#: sssd-ldap.5.xml:2141
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -7002,22 +7086,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2113
+#: sssd-ldap.5.xml:2149
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr "Exemple : cn=ppolicy,ou=policies,dc=example,dc=com"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2152
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2122
+#: sssd-ldap.5.xml:2158
 msgid "ldap_deref (string)"
 msgstr "ldap_deref (chaînes)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2125
+#: sssd-ldap.5.xml:2161
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
@@ -7026,12 +7110,12 @@ msgstr ""
 "recherche. Les options suivantes sont autorisées :"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2130
+#: sssd-ldap.5.xml:2166
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr "<emphasis>never</emphasis> : les alias ne sont jamais déréférencés."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2134
+#: sssd-ldap.5.xml:2170
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
@@ -7041,7 +7125,7 @@ msgstr ""
 "recherche."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2139
+#: sssd-ldap.5.xml:2175
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
@@ -7050,7 +7134,7 @@ msgstr ""
 "la localisation de l'objet de base de la recherche."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2144
+#: sssd-ldap.5.xml:2180
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
@@ -7059,7 +7143,7 @@ msgstr ""
 "recherche et et la localisation de l'objet de base de la recherche."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2149
+#: sssd-ldap.5.xml:2185
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
@@ -7068,12 +7152,12 @@ msgstr ""
 "bibliothèques clientes LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2157
+#: sssd-ldap.5.xml:2193
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr "ldap_rfc2307_fallback_to_local_users (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2196
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
@@ -7082,7 +7166,7 @@ msgstr ""
 "LDAP pour les serveurs qui utilisent le schéma RFC2307."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2200
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -7100,7 +7184,7 @@ msgstr ""
 "initgoups()."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2175
+#: sssd-ldap.5.xml:2211
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -7111,26 +7195,26 @@ msgstr ""
 "ajoutent les utilisateurs locaux aux groupes LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2223 sssd-ifp.5.xml:136
 #, fuzzy
 #| msgid "ldap_opt_timeout (integer)"
-msgid "wildcart_limit (integer)"
+msgid "wildcard_limit (integer)"
 msgstr "ldap_opt_timeout (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2226
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2194
+#: sssd-ldap.5.xml:2230
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2234
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
@@ -7150,12 +7234,12 @@ msgstr ""
 "détails. <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2244
 msgid "SUDO OPTIONS"
 msgstr "OPTIONS DE SUDO"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2210
+#: sssd-ldap.5.xml:2246
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -7163,52 +7247,52 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2221
+#: sssd-ldap.5.xml:2257
 msgid "ldap_sudorule_object_class (string)"
 msgstr "ldap_sudorule_object_class (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2260
 msgid "The object class of a sudo rule entry in LDAP."
 msgstr "La classe d'objet d'une entrée de règle de sudo dans LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2227
+#: sssd-ldap.5.xml:2263
 msgid "Default: sudoRole"
 msgstr "Par défaut : sudoRole"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2233
+#: sssd-ldap.5.xml:2269
 msgid "ldap_sudorule_name (string)"
 msgstr "ldap_sudorule_name (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2272
 msgid "The LDAP attribute that corresponds to the sudo rule name."
 msgstr "L'attribut LDAP qui correspond au nom de la règle de sudo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2246
+#: sssd-ldap.5.xml:2282
 msgid "ldap_sudorule_command (string)"
 msgstr "ldap_sudorule_command (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2249
+#: sssd-ldap.5.xml:2285
 msgid "The LDAP attribute that corresponds to the command name."
 msgstr "L'attribut LDAP qui correspond au nom de la commande."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2253
+#: sssd-ldap.5.xml:2289
 msgid "Default: sudoCommand"
 msgstr "Par défaut : sudoCommand"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2259
+#: sssd-ldap.5.xml:2295
 msgid "ldap_sudorule_host (string)"
 msgstr "ldap_sudorule_host (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2262
+#: sssd-ldap.5.xml:2298
 msgid ""
 "The LDAP attribute that corresponds to the host name (or host IP address, "
 "host IP network, or host netgroup)"
@@ -7217,17 +7301,17 @@ msgstr ""
 "réseau IP de l'hôte ou netgroup de l'hôte)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2303
 msgid "Default: sudoHost"
 msgstr "Par défaut : sudoHost"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2273
+#: sssd-ldap.5.xml:2309
 msgid "ldap_sudorule_user (string)"
 msgstr "ldap_sudorule_user (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2276
+#: sssd-ldap.5.xml:2312
 msgid ""
 "The LDAP attribute that corresponds to the user name (or UID, group name or "
 "user's netgroup)"
@@ -7236,32 +7320,32 @@ msgstr ""
 "groupe ou netgroup de l'utilisateur)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2316
 msgid "Default: sudoUser"
 msgstr "Par défaut : sudoUser"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2286
+#: sssd-ldap.5.xml:2322
 msgid "ldap_sudorule_option (string)"
 msgstr "ldap_sudorule_option (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2289
+#: sssd-ldap.5.xml:2325
 msgid "The LDAP attribute that corresponds to the sudo options."
 msgstr "L'attribut LDAP qui correspond aux options sudo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2329
 msgid "Default: sudoOption"
 msgstr "Par défaut : sudoOption"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2335
 msgid "ldap_sudorule_runasuser (string)"
 msgstr "ldap_sudorule_runasuser (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2302
+#: sssd-ldap.5.xml:2338
 msgid ""
 "The LDAP attribute that corresponds to the user name that commands may be "
 "run as."
@@ -7270,17 +7354,17 @@ msgstr ""
 "nom d'utilisateur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2306
+#: sssd-ldap.5.xml:2342
 msgid "Default: sudoRunAsUser"
 msgstr "Par défaut : sudoRunAsUser"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2312
+#: sssd-ldap.5.xml:2348
 msgid "ldap_sudorule_runasgroup (string)"
 msgstr "ldap_sudorule_runasgroup (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2351
 msgid ""
 "The LDAP attribute that corresponds to the group name or group GID that "
 "commands may be run as."
@@ -7289,17 +7373,17 @@ msgstr ""
 "les commandes seront être exécutées."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2319
+#: sssd-ldap.5.xml:2355
 msgid "Default: sudoRunAsGroup"
 msgstr "Par défaut : sudoRunAsGroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2361
 msgid "ldap_sudorule_notbefore (string)"
 msgstr "ldap_sudorule_notbefore (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2328
+#: sssd-ldap.5.xml:2364
 msgid ""
 "The LDAP attribute that corresponds to the start date/time for when the sudo "
 "rule is valid."
@@ -7308,17 +7392,17 @@ msgstr ""
 "règle sudo est valide."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2332
+#: sssd-ldap.5.xml:2368
 msgid "Default: sudoNotBefore"
 msgstr "Par défaut : sudoNotBefore"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2338
+#: sssd-ldap.5.xml:2374
 msgid "ldap_sudorule_notafter (string)"
 msgstr "ldap_sudorule_notafter (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2341
+#: sssd-ldap.5.xml:2377
 msgid ""
 "The LDAP attribute that corresponds to the expiration date/time, after which "
 "the sudo rule will no longer be valid."
@@ -7327,32 +7411,32 @@ msgstr ""
 "règle sudo ne sera plus valide."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2346
+#: sssd-ldap.5.xml:2382
 msgid "Default: sudoNotAfter"
 msgstr "Par défaut : sudoNotAfter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2352
+#: sssd-ldap.5.xml:2388
 msgid "ldap_sudorule_order (string)"
 msgstr "ldap_sudorule_order (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2391
 msgid "The LDAP attribute that corresponds to the ordering index of the rule."
 msgstr "L'attribut LDAP qui correspond à l'index de tri de la règle."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2359
+#: sssd-ldap.5.xml:2395
 msgid "Default: sudoOrder"
 msgstr "Par défaut : sudoOrder"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2365
+#: sssd-ldap.5.xml:2401
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr "ldap_sudo_full_refresh_interval (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2368
+#: sssd-ldap.5.xml:2404
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
@@ -7362,7 +7446,7 @@ msgstr ""
 "règles qui sont stockées sur le serveur)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2373
+#: sssd-ldap.5.xml:2409
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
@@ -7371,17 +7455,17 @@ msgstr ""
 "emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2378
+#: sssd-ldap.5.xml:2414
 msgid "Default: 21600 (6 hours)"
 msgstr "Par défaut : 21600 (6 heures)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2420
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr "ldap_sudo_smart_refresh_interval (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387
+#: sssd-ldap.5.xml:2423
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest USN "
@@ -7393,7 +7477,7 @@ msgstr ""
 "cache)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2429
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
@@ -7402,12 +7486,12 @@ msgstr ""
 "modifyTimestamp est utilisé à la place."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2403
+#: sssd-ldap.5.xml:2439
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr "ldap_sudo_use_host_filter (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2406
+#: sssd-ldap.5.xml:2442
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
@@ -7417,12 +7501,12 @@ msgstr ""
 "noms de systèmes)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2417
+#: sssd-ldap.5.xml:2453
 msgid "ldap_sudo_hostnames (string)"
 msgstr "ldap_sudo_hostnames (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2420
+#: sssd-ldap.5.xml:2456
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
@@ -7431,7 +7515,7 @@ msgstr ""
 "doivent être utilisés pour filtrer les règles."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2425
+#: sssd-ldap.5.xml:2461
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
@@ -7440,8 +7524,8 @@ msgstr ""
 "nom de système et le nom de domaine pleinement qualifié."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2430 sssd-ldap.5.xml:2453 sssd-ldap.5.xml:2471
-#: sssd-ldap.5.xml:2489
+#: sssd-ldap.5.xml:2466 sssd-ldap.5.xml:2489 sssd-ldap.5.xml:2507
+#: sssd-ldap.5.xml:2525
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
@@ -7450,17 +7534,17 @@ msgstr ""
 "emphasis>, alors cette option n'a aucun effet."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2435 sssd-ldap.5.xml:2458
+#: sssd-ldap.5.xml:2471 sssd-ldap.5.xml:2494
 msgid "Default: not specified"
 msgstr "Par défaut : non spécifié"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2477
 msgid "ldap_sudo_ip (string)"
 msgstr "ldap_sudo_ip (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2444
+#: sssd-ldap.5.xml:2480
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
@@ -7469,7 +7553,7 @@ msgstr ""
 "IPv6 qui doivent être utilisés pour filtrer les règles."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2449
+#: sssd-ldap.5.xml:2485
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
@@ -7478,12 +7562,12 @@ msgstr ""
 "automatiquement."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2464
+#: sssd-ldap.5.xml:2500
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr "ldap_sudo_include_netgroups (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2467
+#: sssd-ldap.5.xml:2503
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
@@ -7492,12 +7576,12 @@ msgstr ""
 "netgroup dans l'attribut sudoHost."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2482
+#: sssd-ldap.5.xml:2518
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr "ldap_sudo_include_regexp (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2485
+#: sssd-ldap.5.xml:2521
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
@@ -7506,7 +7590,7 @@ msgstr ""
 "un joker dans l'attribut sudoHost."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2501
+#: sssd-ldap.5.xml:2537
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -7519,94 +7603,88 @@ msgstr ""
 "manvolnum></citerefentry>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2547
 msgid "AUTOFS OPTIONS"
 msgstr "OPTIONS AUTOFS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2513
+#: sssd-ldap.5.xml:2549
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2555
 msgid "ldap_autofs_map_master_name (string)"
 msgstr "ldap_autofs_map_master_name (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2522
+#: sssd-ldap.5.xml:2558
 msgid "The name of the automount master map in LDAP."
 msgstr "Le nom de la table de montage automatique maîtresse dans LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2525
+#: sssd-ldap.5.xml:2561
 msgid "Default: auto.master"
 msgstr "Par défaut : auto.master"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2532
+#: sssd-ldap.5.xml:2568
 msgid "ldap_autofs_map_object_class (string)"
 msgstr "ldap_autofs_map_object_class (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2535
+#: sssd-ldap.5.xml:2571
 msgid "The object class of an automount map entry in LDAP."
 msgstr ""
 "La classe d'objet d'une entrée de table de montage automatique dans LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2538
+#: sssd-ldap.5.xml:2574
 msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2546
+#: sssd-ldap.5.xml:2582
 msgid "ldap_autofs_map_name (string)"
 msgstr "ldap_autofs_map_name (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2549
+#: sssd-ldap.5.xml:2585
 msgid "The name of an automount map entry in LDAP."
 msgstr "Le nom d'une entrée de table de montage automatique dans LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2552
+#: sssd-ldap.5.xml:2588
 msgid ""
 "Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2596
 msgid "ldap_autofs_entry_object_class (string)"
 msgstr "ldap_autofs_entry_object_class (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2563
-#, fuzzy
-#| msgid ""
-#| "The key of an automount entry in LDAP. The entry usually corresponds to a "
-#| "mount point."
+#: sssd-ldap.5.xml:2599
 msgid ""
 "The object class of an automount entry in LDAP. The entry usually "
 "corresponds to a mount point."
 msgstr ""
-"La clé d'une entrée de montage automatique dans LDAP. L'entrée correspond "
-"généralement à un point de montage."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2568
+#: sssd-ldap.5.xml:2604
 msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2576
+#: sssd-ldap.5.xml:2612
 msgid "ldap_autofs_entry_key (string)"
 msgstr "ldap_autofs_entry_key (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2579 sssd-ldap.5.xml:2594
+#: sssd-ldap.5.xml:2615 sssd-ldap.5.xml:2630
 msgid ""
 "The key of an automount entry in LDAP. The entry usually corresponds to a "
 "mount point."
@@ -7615,24 +7693,24 @@ msgstr ""
 "généralement à un point de montage."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2583
+#: sssd-ldap.5.xml:2619
 msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2627
 msgid "ldap_autofs_entry_value (string)"
 msgstr "ldap_autofs_entry_value (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2598
+#: sssd-ldap.5.xml:2634
 msgid ""
 "Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
 "automountInformation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2517
+#: sssd-ldap.5.xml:2553
 msgid ""
 "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
 "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -7645,56 +7723,56 @@ msgstr ""
 "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2609
+#: sssd-ldap.5.xml:2645
 msgid "ADVANCED OPTIONS"
 msgstr "OPTIONS AVANCÉES"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2616
+#: sssd-ldap.5.xml:2652
 msgid "ldap_netgroup_search_base (string)"
 msgstr "ldap_netgroup_search_base (chaînes)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2621
+#: sssd-ldap.5.xml:2657
 msgid "ldap_user_search_base (string)"
 msgstr "ldap_user_search_base (chaînes)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2626
+#: sssd-ldap.5.xml:2662
 msgid "ldap_group_search_base (string)"
 msgstr "ldap_group_search_base (chaînes)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2631
+#: sssd-ldap.5.xml:2667
 msgid "<note>"
 msgstr "<note>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2633
+#: sssd-ldap.5.xml:2669
 msgid ""
-"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
+"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
 "memberships, even with no GID mapping. It is recommended to disable this "
 "feature, if group names are not being displayed correctly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2640
+#: sssd-ldap.5.xml:2676
 msgid "</note>"
 msgstr "</note>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2642
+#: sssd-ldap.5.xml:2678
 msgid "ldap_sudo_search_base (string)"
 msgstr "ldap_sudo_search_base (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2647
+#: sssd-ldap.5.xml:2683
 msgid "ldap_autofs_search_base (string)"
 msgstr "ldap_autofs_search_base (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2611
+#: sssd-ldap.5.xml:2647
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -7702,8 +7780,15 @@ msgid ""
 "\"variablelist\" id=\"1\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2698 sssd-simple.5.xml:131 sssd-ipa.5.xml:717
+#: sssd-ad.5.xml:1018 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+msgid "EXAMPLE"
+msgstr "EXEMPLE"
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2664
+#: sssd-ldap.5.xml:2700
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -7714,7 +7799,7 @@ msgstr ""
 "replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2670
+#: sssd-ldap.5.xml:2706
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7734,26 +7819,27 @@ msgstr ""
 "cache_credentials = true\n"
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2669 sssd-ldap.5.xml:2687 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:681 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 include/ldap_id_mapping.xml:105
+#: sssd-ldap.5.xml:2705 sssd-ldap.5.xml:2723 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2681
+#: sssd-ldap.5.xml:2717
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2683
+#: sssd-ldap.5.xml:2719
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2688
+#: sssd-ldap.5.xml:2724
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7779,13 +7865,13 @@ msgstr ""
 "cache_credentials = true\n"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2703 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2739 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1041 sssd.8.xml:195 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "NOTES"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2705
+#: sssd-ldap.5.xml:2741
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -7963,10 +8049,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:166
-#, fuzzy
-#| msgid "<option>forward_pass</option>"
 msgid "<option>allow_missing_name</option>"
-msgstr "<option>forward_pass</option>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:170
@@ -7996,10 +8080,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:190
-#, fuzzy
-#| msgid "<option>retry=N</option>"
 msgid "<option>prompt_always</option>"
-msgstr "<option>retry=N</option>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:194
@@ -8152,18 +8234,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd_krb5_locator_plugin.8.xml:73
-#, fuzzy
-#| msgid ""
-#| "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-#| "debug messages will be sent to stderr."
 msgid ""
 "If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value "
 "the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the "
 "caller."
 msgstr ""
-"Si la variable d'environnement SSSD_KRB5_LOCATOR_DEBUG a une valeur "
-"quelconque, des messages de débogage seront envoyés sur la sortie standard "
-"d'erreur."
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-simple.5.xml:10 sssd-simple.5.xml:16
@@ -8399,9 +8474,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:45
 msgid ""
-"The rules are process by priority while the number '0' (zero)  indicates the "
-"highest priority. The higher the number the lower is the priority. A missing "
-"value indicates the lowest priority."
+"The rules are processed by priority while the number '0' (zero)  indicates "
+"the highest priority. The higher the number the lower is the priority. A "
+"missing value indicates the lowest priority."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
@@ -8485,7 +8560,7 @@ msgstr ""
 #: sss-certmap.5.xml:112
 msgid ""
 "This option can be used to specify which key usage values the certificate "
-"should have. The following value can be used in a comma separate list:"
+"should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
@@ -8838,22 +8913,14 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:66
-#, fuzzy
-#| msgid ""
-#| "The following expansions are supported: <placeholder type=\"variablelist"
-#| "\" id=\"0\"/>"
 msgid ""
 "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
-"Les expansions suivantes sont prises en charge : <placeholder type="
-"\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sss-certmap.5.xml:336
-#, fuzzy
-#| msgid "ID MAPPING"
 msgid "MAPPING RULE"
-msgstr "CORRESPONDANCE D'IDENTIFIANTS"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:338
@@ -8870,7 +8937,7 @@ msgid ""
 "exception is the proxy provider which is not of relevance here). Because of "
 "this the mapping rule is based on LDAP search filter syntax with templates "
 "to add certificate content to the filter. It is expected that the filter "
-"will only contain the specific data needed for the mapping an that the "
+"will only contain the specific data needed for the mapping and that the "
 "caller will embed it in another filter to do the actual search. Because of "
 "this the filter string should start and stop with '(' and ')' respectively."
 msgstr ""
@@ -8890,8 +8957,8 @@ msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
 "is that the user specific data in LDAP might change for various reasons "
-"would would break the mapping. On the other hand it would be hard to break "
-"the mapping on purpose for a specific user."
+"would break the mapping. On the other hand it would be hard to break the "
+"mapping on purpose for a specific user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -8985,7 +9052,7 @@ msgstr ""
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
-"represent the first part of the principal before the '@' sign."
+"represents the first part of the principal before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -9003,8 +9070,8 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:459
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by pkinit. The 'short_name' component represent the first part of the "
+"This template will add the Kerberos principal which is given by the SAN used "
+"by pkinit. The 'short_name' component represents the first part of the "
 "principal before the '@' sign."
 msgstr ""
 
@@ -9023,9 +9090,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:473
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by AD. The 'short_name' component represent the first part of the "
-"principal before the '@' sign."
+"This template will add the Kerberos principal which is given by the SAN used "
+"by AD. The 'short_name' component represent the first part of the principal "
+"before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -9038,7 +9105,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
-"represent the first part of the address before the '@' sign."
+"represents the first part of the address before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -9058,7 +9125,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
-"component represent the first part of the name before the first '.' sign."
+"component represents the first part of the name before the first '.' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -9174,7 +9241,7 @@ msgstr ""
 #: sss-certmap.5.xml:367
 msgid ""
 "The templates to add certificate data to the search filter are based on "
-"Python-style formatting strings. They consists of a keyword in curly braces "
+"Python-style formatting strings. They consist of a keyword in curly braces "
 "with an optional sub-component specifier separated by a '.' or an optional "
 "conversion/formatting option separated by a '!'.  Allowed values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -9182,10 +9249,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sss-certmap.5.xml:590
-#, fuzzy
-#| msgid "DOMAIN SECTIONS"
 msgid "DOMAIN LIST"
-msgstr "SECTIONS DOMAINES"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:592
@@ -9237,14 +9302,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:43
-#, fuzzy
-#| msgid ""
-#| "The IPA provider accepts the same options used by the <citerefentry> "
-#| "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> identity provider and the <citerefentry> "
-#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> authentication provider with some exceptions described "
-#| "below."
 msgid ""
 "The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity "
@@ -9254,11 +9311,6 @@ msgid ""
 "options used by the sssd-ldap and sssd-krb5 providers with some exceptions. "
 "However, it is neither necessary nor recommended to set these options."
 msgstr ""
-"Le fournisseur IPA accepte les mêmes options utilisées par le fournisseur "
-"d'identité <citerefentry><refentrytitle>sssd-ldap</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> et le fournisseur d'authentification "
-"<citerefentry><refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> avec les quelques exceptions décrites ci-dessous."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:57
@@ -9270,23 +9322,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:62
-#, fuzzy
-#| msgid ""
-#| "However, it is neither necessary nor recommended to set these options.  "
-#| "IPA provider can also be used as an access and chpass provider. As an "
-#| "access provider it uses HBAC (host-based access control) rules. Please "
-#| "refer to freeipa.org for more information about HBAC. No configuration of "
-#| "access provider is required on the client side."
 msgid ""
 "As an access provider, the IPA provider uses HBAC (host-based access "
 "control)  rules. Please refer to freeipa.org for more information about "
 "HBAC. No configuration of access provider is required on the client side."
 msgstr ""
-"Toutefois, il n'est ni nécessaire ni recommandé de définir ces options.  Le "
-"fournisseur IPA peut également servir comme fournisseur d'accès et chpass. "
-"En tant que fournisseur d'accès, il utilise des règles HBAC (host-based "
-"access control). Veuillez consulter freeipa.org pour plus d'informations sur "
-"HBAC. Aucune configuration de fournisseur d'accès n'est requise côté client."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:67
@@ -9342,28 +9382,26 @@ msgstr "ipa_hostname (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:113
+#, fuzzy
+#| msgid ""
+#| "Optional. May be set on machines where the hostname(5) does not reflect "
+#| "the fully qualified name used in the IPA domain to identify this host."
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
+"fully qualified name used in the IPA domain to identify this host.  The "
+"hostname must be fully qualified."
 msgstr ""
 "Facultatif. Peut être défini pour des machines dont le hostname(5) ne "
 "reflète pas le nom de domaine pleinement qualifié du domaine IPA pour "
 "identifier l'hôte."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121 sssd-ad.5.xml:843
+#: sssd-ipa.5.xml:122 sssd-ad.5.xml:843
 msgid "dyndns_update (boolean)"
 msgstr "dyndns_update (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
-#, fuzzy
-#| msgid ""
-#| "Optional. This option tells SSSD to automatically update the DNS server "
-#| "built into FreeIPA v2 with the IP address of this client. The update is "
-#| "secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-#| "for the updates, if it is not otherwise specified by using the "
-#| "<quote>dyndns_iface</quote> option."
+#: sssd-ipa.5.xml:125
 msgid ""
 "Optional. This option tells SSSD to automatically update the DNS server "
 "built into FreeIPA with the IP address of this client. The update is secured "
@@ -9371,14 +9409,9 @@ msgid ""
 "updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
 "quote> option."
 msgstr ""
-"Facultatif. Cette option indique à SSSD de mettre à jour automatiquement le "
-"serveur DNS intégré à IPA v2 avec l'adresse IP de ce client. La mise à jour "
-"est sécurisée avec GSS-TSIG. L'adresse IP de la connexion LDAP IPA est "
-"utilisée pour les mises à jour, à moins qu'elle ne soit spécifiée par "
-"l'utilisation de l'option <quote>dyndns_iface</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:133 sssd-ad.5.xml:857
+#: sssd-ipa.5.xml:134 sssd-ad.5.xml:857
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -9388,7 +9421,7 @@ msgstr ""
 "être défini correctement dans /etc/krb5.conf"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:139
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_update</"
@@ -9400,12 +9433,12 @@ msgstr ""
 "configuration."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:150 sssd-ad.5.xml:868
+#: sssd-ipa.5.xml:151 sssd-ad.5.xml:868
 msgid "dyndns_ttl (integer)"
 msgstr "dyndns_ttl (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:153 sssd-ad.5.xml:871
+#: sssd-ipa.5.xml:154 sssd-ad.5.xml:871
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -9416,7 +9449,7 @@ msgstr ""
 "TTL côté serveur s'il est défini par un administrateur."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:159
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
@@ -9427,33 +9460,26 @@ msgstr ""
 "utiliser <emphasis>dyndns_ttl</emphasis> dans leur fichier de configuration."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:164
+#: sssd-ipa.5.xml:165
 msgid "Default: 1200 (seconds)"
 msgstr "Par défaut : 1200 (secondes)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:170 sssd-ad.5.xml:882
+#: sssd-ipa.5.xml:171 sssd-ad.5.xml:882
 msgid "dyndns_iface (string)"
 msgstr "dyndns_iface (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173 sssd-ad.5.xml:885
-#, fuzzy
-#| msgid ""
-#| "Optional. Applicable only when dyndns_update is true. Choose the "
-#| "interface whose IP address should be used for dynamic DNS updates."
+#: sssd-ipa.5.xml:174 sssd-ad.5.xml:885
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
 "updates. Special value <quote>*</quote> implies that IPs from all interfaces "
 "should be used."
 msgstr ""
-"Facultatif. Applicable seulement quand dyndns_update est vrai. Choisit "
-"l'interface dont l'adresse IP sera utilisée pour les mises à jour dynamiques "
-"du DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180
+#: sssd-ipa.5.xml:181
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -9465,28 +9491,24 @@ msgstr ""
 "configuration."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:186
-#, fuzzy
-#| msgid "Default: Use the IP address of the IPA LDAP connection"
+#: sssd-ipa.5.xml:187
 msgid ""
 "Default: Use the IP addresses of the interface which is used for IPA LDAP "
 "connection"
-msgstr "Par défaut : utilise l'adresse IP de la connexion IPA LDAP"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:190 sssd-ad.5.xml:896
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:896
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196 sssd-ad.5.xml:947
-#, fuzzy
-#| msgid "dyndns_iface (string)"
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:947
 msgid "dyndns_auth (string)"
-msgstr "dyndns_iface (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199 sssd-ad.5.xml:950
+#: sssd-ipa.5.xml:200 sssd-ad.5.xml:950
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -9494,24 +9516,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:205 sssd-ad.5.xml:956
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:956
 msgid "Default: GSS-TSIG"
-msgstr "Par défaut : 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:212
 msgid "ipa_enable_dns_sites (boolean)"
 msgstr "ipa_enable_dns_sites (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:197
+#: sssd-ipa.5.xml:215 sssd-ad.5.xml:197
 msgid "Enables DNS sites - location based service discovery."
 msgstr "Active les sites DNS - découverte de service basée sur l'emplacement"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:218
+#: sssd-ipa.5.xml:219
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, then the SSSD will first attempt location "
@@ -9531,12 +9551,12 @@ msgstr ""
 "seront utilisés comme serveurs de repli"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:237 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:238 sssd-ad.5.xml:902
 msgid "dyndns_refresh_interval (integer)"
 msgstr "dyndns_refresh_interval (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:240
+#: sssd-ipa.5.xml:241
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -9548,12 +9568,12 @@ msgstr ""
 "configurée à true."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:920
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:920
 msgid "dyndns_update_ptr (bool)"
 msgstr "dyndns_update_ptr (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:923
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:923
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
@@ -9563,7 +9583,7 @@ msgstr ""
 "l'option dyndns_update est configurée à true."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:261
+#: sssd-ipa.5.xml:262
 msgid ""
 "This option should be False in most IPA deployments as the IPA server "
 "generates the PTR records automatically when forward records are changed."
@@ -9573,17 +9593,17 @@ msgstr ""
 "quand les enregistrements directs sont modifiés."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:268
 msgid "Default: False (disabled)"
 msgstr "Par défaut : False (désactivé)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273 sssd-ad.5.xml:934
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:934
 msgid "dyndns_force_tcp (bool)"
 msgstr "dyndns_force_tcp (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276 sssd-ad.5.xml:937
+#: sssd-ipa.5.xml:277 sssd-ad.5.xml:937
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
@@ -9592,77 +9612,92 @@ msgstr ""
 "communication avec le serveur DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:941
+#: sssd-ipa.5.xml:281 sssd-ad.5.xml:941
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr "Par défaut : False (laisser nsupdate choisir le protocole)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:286 sssd-ad.5.xml:962
-#, fuzzy
-#| msgid "dyndns_iface (string)"
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:962
 msgid "dyndns_server (string)"
-msgstr "dyndns_iface (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:289 sssd-ad.5.xml:965
+#: sssd-ipa.5.xml:290 sssd-ad.5.xml:965
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:294 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:295 sssd-ad.5.xml:970
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:299 sssd-ad.5.xml:975
+#: sssd-ipa.5.xml:300 sssd-ad.5.xml:975
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:304 sssd-ad.5.xml:980
-#, fuzzy
-#| msgid "Default: False (let nsupdate choose the protocol)"
+#: sssd-ipa.5.xml:305 sssd-ad.5.xml:980
 msgid "Default: None (let nsupdate choose the server)"
-msgstr "Par défaut : False (laisser nsupdate choisir le protocole)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:310
-msgid "ipa_hbac_search_base (string)"
-msgstr "ipa_hbac_search_base (chaîne)"
+#: sssd-ipa.5.xml:311
+#, fuzzy
+#| msgid "ipa_views_search_base (string)"
+msgid "ipa_deskprofile_search_base (string)"
+msgstr "ipa_views_search_base (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Optional. Use the given string as search base for HBAC related objects."
+#: sssd-ipa.5.xml:314
+#, fuzzy
+#| msgid ""
+#| "Optional. Use the given string as search base for HBAC related objects."
+msgid ""
+"Optional. Use the given string as search base for Desktop Profile related "
+"objects."
 msgstr ""
 "Facultatif. Utilise la chaîne donnée comme base de recherche pour les objets "
 "HBAC associés."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:317
+#: sssd-ipa.5.xml:318 sssd-ipa.5.xml:331
 msgid "Default: Use base DN"
 msgstr "Par défaut : utilise le DN de base"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:324
+msgid "ipa_hbac_search_base (string)"
+msgstr "ipa_hbac_search_base (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:327
+msgid "Optional. Use the given string as search base for HBAC related objects."
+msgstr ""
+"Facultatif. Utilise la chaîne donnée comme base de recherche pour les objets "
+"HBAC associés."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:337
 msgid "ipa_host_search_base (string)"
 msgstr "ipa_host_search_base (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:326
+#: sssd-ipa.5.xml:340
 msgid "Optional. Use the given string as search base for host objects."
 msgstr ""
 "Facultatif. Utiliser la chaîne donnée comme base de recherche pour héberger "
 "des objets."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:330 sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 sssd-ipa.5.xml:387
-#: sssd-ipa.5.xml:406
+#: sssd-ipa.5.xml:344 sssd-ipa.5.xml:363 sssd-ipa.5.xml:382 sssd-ipa.5.xml:401
+#: sssd-ipa.5.xml:420
 msgid ""
 "See <quote>ldap_search_base</quote> for information about configuring "
 "multiple search bases."
@@ -9671,73 +9706,73 @@ msgstr ""
 "configuration des bases de recherche multiples."
 
 #. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:335 sssd-ipa.5.xml:354 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 include/ldap_search_bases.xml:27
 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 msgstr "Par défaut : la valeur de <emphasis>ldap_search_base</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:356
 msgid "ipa_selinux_search_base (string)"
 msgstr "ipa_selinux_search_base (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:345
+#: sssd-ipa.5.xml:359
 msgid "Optional. Use the given string as search base for SELinux user maps."
 msgstr ""
 "Facultatif. Utiliser la chaîne donnée comme base de recherche pour les "
 "mappages utilisateur SELinux."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:375
 msgid "ipa_subdomains_search_base (string)"
 msgstr "ipa_subdomains_search_base (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364
+#: sssd-ipa.5.xml:378
 msgid "Optional. Use the given string as search base for trusted domains."
 msgstr ""
 "Facultatif. Utiliser la chaîne donnée comme base de recherche pour les "
 "domaines approuvés."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:373
+#: sssd-ipa.5.xml:387
 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
 msgstr "Par défaut : la valeur de <emphasis>cn=trusts,%basedn</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:380
+#: sssd-ipa.5.xml:394
 msgid "ipa_master_domain_search_base (string)"
 msgstr "ipa_master_domain_search_base (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:383
+#: sssd-ipa.5.xml:397
 msgid "Optional. Use the given string as search base for master domain object."
 msgstr ""
 "Facultatif. Utiliser la chaîne donnée comme base de recherche objet de "
 "domaine maître."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:406
 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
 msgstr "Par défaut : la valeur de <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:399
+#: sssd-ipa.5.xml:413
 msgid "ipa_views_search_base (string)"
 msgstr "ipa_views_search_base (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:402
+#: sssd-ipa.5.xml:416
 msgid "Optional. Use the given string as search base for views containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:411
+#: sssd-ipa.5.xml:425
 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:435
 msgid ""
 "The name of the Kerberos realm. This is optional and defaults to the value "
 "of <quote>ipa_domain</quote>."
@@ -9746,7 +9781,7 @@ msgstr ""
 "valeur de <quote>ipa_domain</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:425
+#: sssd-ipa.5.xml:439
 msgid ""
 "The name of the Kerberos realm has a special meaning in IPA - it is "
 "converted into the base DN to use for performing LDAP operations."
@@ -9755,58 +9790,110 @@ msgstr ""
 "convertit en DN de base pour effectuer les opérations LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:433 sssd-ad.5.xml:989
+#: sssd-ipa.5.xml:447 sssd-ad.5.xml:989
 msgid "krb5_confd_path (string)"
 msgstr "krb5_confd_path (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:436 sssd-ad.5.xml:992
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:992
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:440 sssd-ad.5.xml:996
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:996
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:444 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1000
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:465
+#, fuzzy
+#| msgid "ipa_hbac_refresh (integer)"
+msgid "ipa_deskprofile_refresh (integer)"
 msgstr "ipa_hbac_refresh (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:468
+#, fuzzy
+#| msgid ""
+#| "The amount of time between lookups of the HBAC rules against the IPA "
+#| "server. This will reduce the latency and load on the IPA server if there "
+#| "are many access-control requests made in a short period."
 msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server. This will reduce the latency and load on the IPA server if there "
+"are many desktop profiles requests made in a short period."
 msgstr ""
 "Le temps entre deux recherches de règles HBAC sur un serveur IPA. Cela "
 "permet de réduire le temps de latence et la charge du serveur IPA si il y a "
 "beaucoup de requêtes de contrôle d'accès sur une courte période."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ipa.5.xml:477 sssd-ad.5.xml:408
+#: sssd-ipa.5.xml:475 sssd-ipa.5.xml:505 sssd-ipa.5.xml:521 sssd-ad.5.xml:408
 msgid "Default: 5 (seconds)"
 msgstr "Par défaut : 5 (secondes)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:481
+#, fuzzy
+#| msgid "ldap_sudo_full_refresh_interval (integer)"
+msgid "ipa_deskprofile_request_interval (integer)"
+msgstr "ldap_sudo_full_refresh_interval (integer)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:484
+#, fuzzy
+#| msgid ""
+#| "The amount of time between lookups of the HBAC rules against the IPA "
+#| "server. This will reduce the latency and load on the IPA server if there "
+#| "are many access-control requests made in a short period."
+msgid ""
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server in case the last request did not return any rule."
+msgstr ""
+"Le temps entre deux recherches de règles HBAC sur un serveur IPA. Cela "
+"permet de réduire le temps de latence et la charge du serveur IPA si il y a "
+"beaucoup de requêtes de contrôle d'accès sur une courte période."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:489
+#, fuzzy
+#| msgid "Default: 900 (15 minutes)"
+msgid "Default: 60 (minutes)"
+msgstr "Par défaut : 900 (15 minutes)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:495
+msgid "ipa_hbac_refresh (integer)"
+msgstr "ipa_hbac_refresh (entier)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:498
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+"Le temps entre deux recherches de règles HBAC sur un serveur IPA. Cela "
+"permet de réduire le temps de latence et la charge du serveur IPA si il y a "
+"beaucoup de requêtes de contrôle d'accès sur une courte période."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:511
 msgid "ipa_hbac_selinux (integer)"
 msgstr "ipa_hbac_selinux (entier)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:470
+#: sssd-ipa.5.xml:514
 msgid ""
 "The amount of time between lookups of the SELinux maps against the IPA "
 "server. This will reduce the latency and load on the IPA server if there are "
@@ -9817,194 +9904,192 @@ msgstr ""
 "requêtes de connexions utilisateurs sur une courte période."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:527
 msgid "ipa_server_mode (boolean)"
 msgstr "ipa_server_mode (booléen)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:486
+#: sssd-ipa.5.xml:530
 msgid ""
 "This option will be set by the IPA installer (ipa-server-install) "
 "automatically and denotes if SSSD is running on an IPA server or not."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:535
 msgid ""
 "On an IPA server SSSD will lookup users and groups from trusted domains "
 "directly while on a client it will ask an IPA server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:502
+#: sssd-ipa.5.xml:546
 msgid "ipa_automount_location (string)"
 msgstr "ipa_automount_location (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:505
+#: sssd-ipa.5.xml:549
 msgid "The automounter location this IPA client will be using"
 msgstr "L'emplacement à automonter qu'utilisera ce client IPA"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508
+#: sssd-ipa.5.xml:552
 msgid "Default: The location named \"default\""
 msgstr "Par défaut : Le lieu nommé « default »"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:516
+#: sssd-ipa.5.xml:560
 msgid "VIEWS AND OVERRIDES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:525
+#: sssd-ipa.5.xml:569
 msgid "ipa_view_class (string)"
 msgstr "ipa_view_class (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:572
 msgid "Objectclass of the view container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:575
 msgid "Default: nsContainer"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:537
+#: sssd-ipa.5.xml:581
 msgid "ipa_view_name (string)"
 msgstr "ipa_view_name (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:540
+#: sssd-ipa.5.xml:584
 msgid "Name of the attribute holding the name of the view."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:550
-#, fuzzy
-#| msgid "ipa_overide_object_class (string)"
+#: sssd-ipa.5.xml:594
 msgid "ipa_override_object_class (string)"
-msgstr "ipa_overide_object_class (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:597
 msgid "Objectclass of the override objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:556
+#: sssd-ipa.5.xml:600
 msgid "Default: ipaOverrideAnchor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:606
 msgid "ipa_anchor_uuid (string)"
 msgstr "ipa_anchor_uuid (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:565
+#: sssd-ipa.5.xml:609
 msgid ""
 "Name of the attribute containing the reference to the original object in a "
 "remote domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:613
 msgid "Default: ipaAnchorUUID"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:619
 msgid "ipa_user_override_object_class (string)"
 msgstr "ipa_user_override_object_class (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:578
+#: sssd-ipa.5.xml:622
 msgid ""
 "Name of the objectclass for user overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:583
+#: sssd-ipa.5.xml:627
 msgid "User overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:586
+#: sssd-ipa.5.xml:630
 msgid "ldap_user_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:589
+#: sssd-ipa.5.xml:633
 msgid "ldap_user_uid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:592
+#: sssd-ipa.5.xml:636
 msgid "ldap_user_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:595
+#: sssd-ipa.5.xml:639
 msgid "ldap_user_gecos"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:598
+#: sssd-ipa.5.xml:642
 msgid "ldap_user_home_directory"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:601
+#: sssd-ipa.5.xml:645
 msgid "ldap_user_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:604
+#: sssd-ipa.5.xml:648
 msgid "ldap_user_ssh_public_key"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:653
 msgid "Default: ipaUserOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:615
+#: sssd-ipa.5.xml:659
 msgid "ipa_group_override_object_class (string)"
 msgstr "ipa_group_override_object_class (chaîne)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:618
+#: sssd-ipa.5.xml:662
 msgid ""
 "Name of the objectclass for group overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:623
+#: sssd-ipa.5.xml:667
 msgid "Group overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:626
+#: sssd-ipa.5.xml:670
 msgid "ldap_group_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:629
+#: sssd-ipa.5.xml:673
 msgid "ldap_group_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
+#: sssd-ipa.5.xml:678
 msgid "Default: ipaGroupOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:518
+#: sssd-ipa.5.xml:562
 msgid ""
 "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
 "later version. Since all paths and objectclasses are fixed on the server "
@@ -10014,12 +10099,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:646
+#: sssd-ipa.5.xml:690
 msgid "SUBDOMAINS PROVIDER"
 msgstr "FOURNISSEURS DE SOUS-DOMAINES"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:692
 msgid ""
 "The IPA subdomains provider behaves slightly differently if it is configured "
 "explicitly or implicitly."
@@ -10028,7 +10113,7 @@ msgstr ""
 "configuré explicitement ou implicitement."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:652
+#: sssd-ipa.5.xml:696
 msgid ""
 "If the option 'subdomains_provider = ipa' is found in the domain section of "
 "sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -10040,7 +10125,7 @@ msgstr ""
 "serveur IPA si nécessaire."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:658
+#: sssd-ipa.5.xml:702
 msgid ""
 "If the option 'subdomains_provider' is not set in the domain section of sssd."
 "conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -10060,7 +10145,7 @@ msgstr ""
 "fournisseur de sous-domaines est à nouveau activé."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:675
+#: sssd-ipa.5.xml:719
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -10071,7 +10156,7 @@ msgstr ""
 "exemples montrent seulement les options spécifiques au fournisseur IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:682
+#: sssd-ipa.5.xml:726
 #, no-wrap
 msgid ""
 "[domain/example.com]\n"
@@ -10108,11 +10193,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ad.5.xml:36
-#, fuzzy
-#| msgid ""
-#| "The AD provider is a back end used to connect to an Active Directory "
-#| "server. This provider requires that the machine be joined to the AD "
-#| "domain and a keytab is available."
 msgid ""
 "The AD provider is a back end used to connect to an Active Directory server. "
 "This provider requires that the machine be joined to the AD domain and a "
@@ -10120,9 +10200,6 @@ msgid ""
 "channel, SSL/TLS options should not be used with the AD provider and will be "
 "superceded by Kerberos usage."
 msgstr ""
-"Le fournisseur AD est un moteur utilisé pour se connecter à un serveur "
-"Active Directory. Ce fournisseur exige que la machine soit jointe au domaine "
-"AD et qu'un fichier keytab soit disponible."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ad.5.xml:44
@@ -10145,14 +10222,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ad.5.xml:54
-#, fuzzy
-#| msgid ""
-#| "The AD provider accepts the same options used by the <citerefentry> "
-#| "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> identity provider and the <citerefentry> "
-#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> authentication provider with some exceptions described "
-#| "below."
 msgid ""
 "The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity "
@@ -10163,11 +10232,6 @@ msgid ""
 "exceptions. However, it is neither necessary nor recommended to set these "
 "options."
 msgstr ""
-"Le fournisseur AD accepte les mêmes options utilisées par le fournisseur "
-"d'identité <citerefentry><refentrytitle>sssd-ldap</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> et le fournisseur d'authentification "
-"<citerefentry><refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> avec les quelques exceptions décrites ci-dessous."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ad.5.xml:69
@@ -10250,10 +10314,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:127
-#, fuzzy
-#| msgid "ad_domain (string)"
 msgid "ad_enabled_domains (string)"
-msgstr "ad_domain (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:130
@@ -10265,43 +10327,26 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
 #: sssd-ad.5.xml:140
-#, fuzzy, no-wrap
-#| msgid ""
-#| "subdomain_inherit = ldap_purge_cache_timeout\n"
-#| "                            "
+#, no-wrap
 msgid ""
 "ad_enabled_domains = sales.example.com, eng.example.com\n"
 "                            "
 msgstr ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-"                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:136
-#, fuzzy
-#| msgid ""
-#| "For proper operation, this option should be specified as the lower-case "
-#| "version of the long version of the Active Directory domain."
 msgid ""
 "For proper operation, this option must be specified in all lower-case and as "
 "the fully qualified domain name of the Active Directory domain. For example: "
 "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
-"Pour un fonctionnement correct, cette option doit être le nom long du "
-"domaine Active Directory, spécifié en minuscules."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:144
-#, fuzzy
-#| msgid ""
-#| "The short domain name (also known as the NetBIOS or the flat name) is "
-#| "autodetected by the SSSD."
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) will be "
 "autodetected by SSSD."
 msgstr ""
-"Le nom de domaine court (aussi connu comme le nom NetBIOS ou nom plat) est "
-"autodétecté par SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:154
@@ -10310,24 +10355,11 @@ msgstr "ad_server, ad_backup_server (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:157
-#, fuzzy
-#| msgid ""
-#| "The comma-separated list of hostnames of the AD servers to which SSSD "
-#| "should connect in order of preference. For more information on failover "
-#| "and server redundancy, see the <quote>FAILOVER</quote> section.  This is "
-#| "optional if autodiscovery is enabled.  For more information on service "
-#| "discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
 msgid ""
 "The comma-separated list of hostnames of the AD servers to which SSSD should "
 "connect in order of preference. For more information on failover and server "
 "redundancy, see the <quote>FAILOVER</quote> section."
 msgstr ""
-"La liste par ordre de préférence séparée par des virgules des noms de "
-"systèmes des serveurs AD auquel SSSD doit se connecter. Pour plus "
-"d'informations sur la redondance de serveurs et la bascule, consulter la "
-"section <quote>BASCULE</quote>. Ceci est facultatif si la découverte "
-"automatique est activée.  Pour plus d'informations sur la découverte de "
-"services, se reporter à la section de <quote>DÉCOUVERTE DE SERVICE</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:164
@@ -10455,17 +10487,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
 #: sssd-ad.5.xml:273
-#, fuzzy, no-wrap
-#| msgid ""
-#| "# apply filter on domain called dom1 only:\n"
-#| "dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
-#| "\n"
-#| "# apply filter on domain called dom2 only:\n"
-#| "DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
-#| "\n"
-#| "# apply filter on forest called EXAMPLE.COM only:\n"
-#| "FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
-#| "                        "
+#, no-wrap
 msgid ""
 "# apply filter on domain called dom1 only:\n"
 "dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
@@ -10480,15 +10502,6 @@ msgid ""
 "DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n"
 "                        "
 msgstr ""
-"# applique le filtre sur le seul domaine dom1 :\n"
-"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
-"\n"
-"# applique le filtre sur le seul domaine dom2 :\n"
-"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
-"\n"
-"# applique le filtre sur la seule forêt nommée EXAMPLE.COM :\n"
-"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
-"                        "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:292
@@ -11049,34 +11062,28 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:819
-#, fuzzy
-#| msgid "Default: 300"
 msgid "Default: 30 days"
-msgstr "Par défaut : 300"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:825
-#, fuzzy
-#| msgid "pam_account_expired_message (string)"
 msgid "ad_machine_account_password_renewal_opts (string)"
-msgstr "pam_account_expired_message (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:828
 msgid ""
 "This option should only be used to test the machine account renewal task. "
-"The option expect 2 integers seperated by a colon (':'). The first integer "
+"The option expects 2 integers separated by a colon (':'). The first integer "
 "defines the interval in seconds how often the task is run. The second "
-"specifies the inital timeout in seconds before the task is run for the first "
-"time after startup."
+"specifies the initial timeout in seconds before the task is run for the "
+"first time after startup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:837
-#, fuzzy
-#| msgid "Default: 86400 (24 hours)"
 msgid "Default: 86400:750 (24h and 15m)"
-msgstr "Par défaut : 86400 (24 heures)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:846
@@ -11103,20 +11110,13 @@ msgstr "Par défaut : 3600 (secondes)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:892
-#, fuzzy
-#| msgid "Default: Use the IP address of the AD LDAP connection"
 msgid ""
 "Default: Use the IP addresses of the interface which is used for AD LDAP "
 "connection"
-msgstr "Par défaut : utilise l'adresse IP de la connexion LDAP AD"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:905
-#, fuzzy
-#| msgid ""
-#| "How often should the back end perform periodic DNS update in addition to "
-#| "the automatic update performed when the back end goes online.  This "
-#| "option is optional and applicable only when dyndns_update is true."
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -11124,10 +11124,6 @@ msgid ""
 "lowest possible value is 60 seconds in-case if value is provided less than "
 "60, parameter will assume lowest value only."
 msgstr ""
-"Fréquence de mise à jour des DNS par le moteur en plus des mises à jour "
-"automatiques effectuées lorsque le moteur arrive en ligne. Cette option est "
-"facultative, et n'est applicable que lorsque l'option dyndns_update est "
-"configurée à true."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:928 sss_rpcidmapd.5.xml:76
@@ -11210,8 +11206,8 @@ msgid ""
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
+#. type: Content of: <reference><refentry><refmeta><refentrytitle>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
 msgid "sssd-sudo"
 msgstr "sssd-sudo"
 
@@ -11624,12 +11620,12 @@ msgid "Run in the foreground, don't become a daemon."
 msgstr "Tourner en avant-plan et ne pas devenir un démon."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117 sss_debuglevel.8.xml:42
+#: sssd.8.xml:117
 msgid "<option>-c</option>,<option>--config</option>"
 msgstr "<option>-c</option>,<option>--config</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121 sss_debuglevel.8.xml:46
+#: sssd.8.xml:121
 msgid ""
 "Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
 "conf</filename>. For reference on the config file syntax and options, "
@@ -11836,10 +11832,8 @@ msgstr "Par défaut : <filename>/etc/sssd/sssd.conf</filename>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_override.8.xml:10 sss_override.8.xml:15
-#, fuzzy
-#| msgid "sss_userdel"
 msgid "sss_override"
-msgstr "sss_userdel"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_override.8.xml:16
@@ -11848,19 +11842,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_override.8.xml:21
-#, fuzzy
-#| msgid ""
-#| "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-#| "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-#| "arg>"
 msgid ""
 "<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</"
 "replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
 "arg>"
 msgstr ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:32
@@ -11916,10 +11902,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:80
-#, fuzzy
-#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
 msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
-msgstr "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:85
@@ -11931,16 +11915,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:94
-#, fuzzy
-#| msgid ""
-#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-#| "replaceable>"
 msgid ""
 "<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
 "optional>"
 msgstr ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAINE</"
-"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:99
@@ -11951,10 +11929,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:107
-#, fuzzy
-#| msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
 msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
-msgstr "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:112
@@ -12025,10 +12001,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:177
-#, fuzzy
-#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
 msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
-msgstr "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:182
@@ -12040,16 +12014,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:191
-#, fuzzy
-#| msgid ""
-#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-#| "replaceable>"
 msgid ""
 "<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
 "optional>"
 msgstr ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAINE</"
-"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:196
@@ -12117,24 +12085,18 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sss_override.8.xml:261 sssctl.8.xml:50
-#, fuzzy
-#| msgid "SUDO OPTIONS"
 msgid "COMMON OPTIONS"
-msgstr "OPTIONS DE SUDO"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:263 sssctl.8.xml:52
-#, fuzzy
-#| msgid "This option is not available in IPA provider."
 msgid "Those options are available with all commands."
-msgstr "Cette option n'est pas disponible dans le fournisseur IPA."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:268 sssctl.8.xml:57
-#, fuzzy
-#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
 msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
-msgstr "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_useradd.8.xml:10 sss_useradd.8.xml:15
@@ -13379,20 +13341,12 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_cache.8.xml:31
-#, fuzzy
-#| msgid ""
-#| "<command>sss_cache</command> invalidates records in SSSD cache.  "
-#| "Invalidated records are forced to be reloaded from server as soon as "
-#| "related SSSD backend is online."
 msgid ""
 "<command>sss_cache</command> invalidates records in SSSD cache.  Invalidated "
 "records are forced to be reloaded from server as soon as related SSSD "
 "backend is online. Options that invalidate a single object only accept a "
 "single provided argument."
 msgstr ""
-"<command>sss_cache</command> invalide les enregistrements en cache de SSSD. "
-"Les documents invalidés sont obligés d'être rechargés à partir de leur "
-"serveur d'origine dès que le moteur SSSD redevient disponible en ligne."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:43
@@ -13401,10 +13355,8 @@ msgstr "<option>-E</option>,<option>--everything</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:47
-#, fuzzy
-#| msgid "Invalidate all cached entries except for sudo rules."
 msgid "Invalidate all cached entries."
-msgstr "Invalider toutes les entrées en cache hors règles sudo."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:53
@@ -13570,43 +13522,27 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:186
-#, fuzzy
-#| msgid ""
-#| "<option>-g</option>,<option>--group</option> <replaceable>group</"
-#| "replaceable>"
 msgid ""
 "<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
 "replaceable>"
 msgstr ""
-"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:191
-#, fuzzy
-#| msgid "Invalidate all cached entries except for sudo rules."
 msgid "Invalidate particular sudo rule."
-msgstr "Invalider toutes les entrées en cache hors règles sudo."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:197
-#, fuzzy
-#| msgid "<option>-R</option>,<option>--no-remove</option>"
 msgid "<option>-R</option>,<option>--sudo-rules</option>"
-msgstr "<option>-R</option>,<option>--no-remove</option>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:201
-#, fuzzy
-#| msgid ""
-#| "Invalidate all user records. This option overrides invalidation of "
-#| "specific user if it was also set."
 msgid ""
 "Invalidate all cached sudo rules. This option overrides invalidation of "
 "specific sudo rule if it was also set."
 msgstr ""
-"L'annulation de tous les enregistrements d'utilisateur. Cette option prend "
-"le pas sur l'invalidation d'un utilisateur spécifique, si elle a été "
-"également configuré."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:209
@@ -13629,7 +13565,9 @@ msgstr "sss_debuglevel"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_debuglevel.8.xml:16
-msgid "change debug level while SSSD is running"
+#, fuzzy
+#| msgid "change debug level while SSSD is running"
+msgid "[DEPRECATED] change debug level while SSSD is running"
 msgstr "modifie le niveau de débogage pendant l'exécution de SSSD"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
@@ -13646,18 +13584,10 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_debuglevel.8.xml:32
 msgid ""
-"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
-"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
-"running."
+"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl "
+"debug-level command. Please refer to the <command>sssctl</command> man page "
+"for more information on sssctl usage."
 msgstr ""
-"<command>sss_debuglevel</command> positionne le niveau de débogage du "
-"moniteur et des fournisseurs SSSD à <replaceable>NEW_DEBUG_LEVEL</"
-"replaceable> pendant l'exécution de SSSD."
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_debuglevel.8.xml:59
-msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
-msgstr "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_seed.8.xml:10 sss_seed.8.xml:15
@@ -14101,7 +14031,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><title>
-#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:182 include/seealso.xml:2
+#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:180 include/seealso.xml:2
 msgid "SEE ALSO"
 msgstr "VOIR AUSSI"
 
@@ -14159,15 +14089,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_ssh_authorizedkeys.1.xml:41
-#, fuzzy
-#| msgid ""
-#| "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-#| "manvolnum></citerefentry> can be configured to use "
-#| "<command>sss_ssh_authorizedkeys</command> for public key user "
-#| "authentication if it is compiled with support for either "
-#| "<quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</quote> "
-#| "<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
-#| "manvolnum></citerefentry> options."
 msgid ""
 "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
 "citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
@@ -14176,13 +14097,6 @@ msgid ""
 "<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
 "manvolnum></citerefentry> man page for more details about this option."
 msgstr ""
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> peut être configuré pour utiliser "
-"<command>sss_ssh_authorizedkeys</command> pour l'authentification "
-"d'utilisateur par clé publique s'il est compilé avec la prise en compte des "
-"options <quote>AuthorizedKeysCommand</quote> ou <quote>PubkeyAgent</quote> "
-"de <citerefentry><refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sss_ssh_authorizedkeys.1.xml:59
@@ -14251,15 +14165,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_ssh_knownhostsproxy.1.xml:33
-#, fuzzy
-#| msgid ""
-#| "<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys "
-#| "for host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
-#| "known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> "
-#| "section of <citerefentry><refentrytitle>sshd</refentrytitle> "
-#| "<manvolnum>8</manvolnum></citerefentry> for more information)  <filename>/"
-#| "var/lib/sss/pubconf/known_hosts</filename> and estabilishes connection to "
-#| "the host."
 msgid ""
 "<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for "
 "host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
@@ -14268,13 +14173,6 @@ msgid ""
 "manvolnum></citerefentry> for more information)  <filename>/var/lib/sss/"
 "pubconf/known_hosts</filename> and establishes the connection to the host."
 msgstr ""
-"<command>sss_ssh_knownhostsproxy</command> récupère les clés publiques pour "
-"le système <replaceable>HOST</replaceable>, les stocke dans un fichier "
-"OpenSSH known_hosts spécifique (cf. la section <quote>FORMAT DU FICHIER "
-"SSH_KNOWN_HOSTS</quote> de <citerefentry><refentrytitle>sshd</refentrytitle> "
-"<manvolnum>8</manvolnum></citerefentry> pour plus d'informations)  "
-"<filename>/var/lib/sss/pubconf/known_hosts</filename> puis établit la "
-"connexion vers le système."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_ssh_knownhostsproxy.1.xml:43
@@ -14338,14 +14236,12 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: idmap_sss.8.xml:10 idmap_sss.8.xml:15
-#, fuzzy
-#| msgid "pam_sss"
 msgid "idmap_sss"
-msgstr "pam_sss"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: idmap_sss.8.xml:16
-msgid "SSSSD's idmap_sss Backend for Winbind"
+msgid "SSSD's idmap_sss Backend for Winbind"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
@@ -14357,10 +14253,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: idmap_sss.8.xml:29
-#, fuzzy
-#| msgid "SUDO OPTIONS"
 msgid "IDMAP OPTIONS"
-msgstr "OPTIONS DE SUDO"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: idmap_sss.8.xml:33
@@ -14374,13 +14268,6 @@ msgid ""
 "authoritative."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><title>
-#: idmap_sss.8.xml:43
-#, fuzzy
-#| msgid "EXAMPLE"
-msgid "EXAMPLES"
-msgstr "EXEMPLE"
-
 #. type: Content of: <reference><refentry><refsect1><para>
 #: idmap_sss.8.xml:45
 msgid ""
@@ -14412,19 +14299,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sssctl.8.xml:21
-#, fuzzy
-#| msgid ""
-#| "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-#| "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-#| "arg>"
 msgid ""
 "<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</"
 "replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
 "arg>"
 msgstr ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssctl.8.xml:32
@@ -14446,28 +14325,16 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-files.5.xml:10 sssd-files.5.xml:16
-#, fuzzy
-#| msgid "sssd-simple"
 msgid "sssd-files"
-msgstr "sssd-simple"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-files.5.xml:17
-#, fuzzy
-#| msgid "SSSD Kerberos provider"
 msgid "SSSD files provider"
-msgstr "Fournisseur Kerberos SSSD"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:23
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the AD provider for "
-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry>.  For a detailed syntax reference, refer to "
-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> manual page."
 msgid ""
 "This manual page describes the files provider for <citerefentry> "
 "<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -14475,24 +14342,9 @@ msgid ""
 "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
-"Cette page de manuel décrit la configuration du fournisseur AD pour "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>. Pour une référence détaillée sur la syntaxe, cf. la section "
-"<quote>FORMAT DE FICHIER</quote> de la page de manuel <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:36
-#, fuzzy
-#| msgid ""
-#| "These options can be used to configure the sudo service.  The detailed "
-#| "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
-#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with "
-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry> are in the manual page <citerefentry> "
-#| "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry>."
 msgid ""
 "The files provider mirrors the content of the <citerefentry> "
 "<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -14503,21 +14355,9 @@ msgid ""
 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>."
 msgstr ""
-"Ces options peuvent être utilisées pour configurer le service sudo.  Les "
-"directives de configuration de <citerefentry> <refentrytitle>sudo</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> dans <citerefentry> "
-"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
-"sont détaillées dans la page de manuel <citerefentry> <refentrytitle>sssd-"
-"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:59
-#, fuzzy
-#| msgid ""
-#| "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> manual page for details on the configuration of an SSSD "
-#| "domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
 "The files provider has no specific options of its own, however, generic SSSD "
 "domain options can be set where applicable.  Refer to the section "
@@ -14525,25 +14365,13 @@ msgid ""
 "conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
 "for details on the configuration of an SSSD domain."
 msgstr ""
-"Se référer à la section <quote>SECTIONS DE DOMAINE</quote> de la page de "
-"manuel <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> pour les détails sur la configuration d'un "
-"domaine SSSD. <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:73
-#, fuzzy
-#| msgid ""
-#| "The following example assumes that SSSD is correctly configured and LDAP "
-#| "is set to one of the domains in the <replaceable>[domains]</replaceable> "
-#| "section."
 msgid ""
 "The following example assumes that SSSD is correctly configured and files is "
 "one of the domains in the <replaceable>[sssd]</replaceable> section."
 msgstr ""
-"L'exemple suivant suppose que SSSD est correctement configuré et que LDAP "
-"pointe sur un des domaines de la section <replaceable>[domains]</"
-"replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sssd-files.5.xml:79
@@ -14555,28 +14383,16 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-secrets.5.xml:10 sssd-secrets.5.xml:16
-#, fuzzy
-#| msgid "sssd-simple"
 msgid "sssd-secrets"
-msgstr "sssd-simple"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-secrets.5.xml:17
-#, fuzzy
-#| msgid "SSSD Kerberos provider"
 msgid "SSSD Secrets responder"
-msgstr "Fournisseur Kerberos SSSD"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-secrets.5.xml:23
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the AD provider for "
-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry>.  For a detailed syntax reference, refer to "
-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> manual page."
 msgid ""
 "This manual page describes the configuration of the Secrets responder for "
 "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
@@ -14584,12 +14400,6 @@ msgid ""
 "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
-"Cette page de manuel décrit la configuration du fournisseur AD pour "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>. Pour une référence détaillée sur la syntaxe, cf. la section "
-"<quote>FORMAT DE FICHIER</quote> de la page de manuel <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-secrets.5.xml:36
@@ -14623,20 +14433,61 @@ msgid ""
 "nested."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:69
+msgid "secrets"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:70
+msgid "secrets for general usage"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:73
+msgid "kcm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:75
+#, fuzzy
+#| msgid ""
+#| "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
+#| "<manvolnum>8</manvolnum> </citerefentry> to specify the default "
+#| "permissions on a newly created home directory."
+msgid ""
+"used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> service."
+msgstr ""
+"Utilisé par <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> pour spécifier les permissions par "
+"défaut sur un répertoire personnel nouvellement créé."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:61
+msgid ""
+"Since the secrets responder can be used both externally to store general "
+"secrets, as described in the rest of this man page, but also internally by "
+"other SSSD components to store their secret material, some configuration "
+"options, like quotas can be configured per <quote>hive</quote> in a "
+"configuration subsection named after the hive. The currently supported hives "
+"are: <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:63
+#: sssd-secrets.5.xml:89
 msgid "USING THE SECRETS RESPONDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:65
+#: sssd-secrets.5.xml:91
 msgid ""
 "The UNIX socket the SSSD responder listens on is located at <filename>/var/"
 "run/secrets.socket</filename>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:84 sssd-kcm.8.xml:132
+#: sssd-secrets.5.xml:110
 #, no-wrap
 msgid ""
 "systemctl start sssd-secrets.socket\n"
@@ -14646,7 +14497,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:69
+#: sssd-secrets.5.xml:95
 msgid ""
 "The secrets responder is socket-activated by <citerefentry> "
 "<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </"
@@ -14661,12 +14512,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:96
-#, fuzzy
-#| msgid ""
-#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page for more details."
+#: sssd-secrets.5.xml:122
 msgid ""
 "The generic SSSD responder options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the secrets responder.  Please refer "
@@ -14674,24 +14520,28 @@ msgid ""
 "manvolnum> </citerefentry> manual page for a complete list. In addition, "
 "there are some secrets-specific options as well."
 msgstr ""
-"Se reporter au paramètre <quote>dns_discovery_domain</quote> dans la page de "
-"manuel <citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> pour plus de détails."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:132
+msgid ""
+"The secrets responder is configured with a global <quote>[secrets]</quote> "
+"section and an optional per-user <quote>[secrets/users/$uid]</quote> section "
+"in <filename>sssd.conf</filename>. Please note that some options, notably as "
+"the provider type, can only be specified in the per-user subsections."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:107
-#, fuzzy
-#| msgid "id_provider (string)"
+#: sssd-secrets.5.xml:141
 msgid "provider (string)"
-msgstr "id_provider (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:120
+#: sssd-secrets.5.xml:157
 msgid "local"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:123
+#: sssd-secrets.5.xml:160
 msgid ""
 "The secrets are stored in a local database, encrypted at rest with a master "
 "key. The local provider does not have any additional config options at the "
@@ -14699,161 +14549,192 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:131
+#: sssd-secrets.5.xml:168
 msgid "proxy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:134
+#: sssd-secrets.5.xml:171
 msgid ""
 "The secrets responder forwards the requests to a Custodia server. The proxy "
 "provider supports several additional options (see below)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:110
+#: sssd-secrets.5.xml:144
 msgid ""
 "This option specifies where should the secrets be stored. The secrets "
-"responder can configure a per-user subsections that define which provider "
-"store the secrets for this particular user. The per-user subsections should "
-"contain all options for that user's provider. If a per-user section does not "
-"exist, the global settings from the secret responder's section are used.  "
-"The following providers are supported: <placeholder type=\"variablelist\" id="
-"\"0\"/>"
+"responder can configure a per-user subsections (e.g. <quote>[secrets/"
+"users/123]</quote> - see bottom of this manual page for a full example using "
+"Custodia for a particular user) that define which provider store the secrets "
+"for this particular user. The per-user subsections should contain all "
+"options for that user's provider. Please note that currently the global "
+"provider is always local, the proxy provider can only be specified in a per-"
+"user section. The following providers are supported: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:143
-#, fuzzy
-#| msgid "Default: ldap"
+#: sssd-secrets.5.xml:180
 msgid "Default: local"
-msgstr "Par défaut : ldap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:186
+msgid ""
+"The following options affect only the secrets <quote>hive</quote> and "
+"therefore should be set in a per-hive subsection. Setting the option to 0 "
+"means \"unlimited\"."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:148
-#, fuzzy
-#| msgid "ldap_group_nesting_level (integer)"
+#: sssd-secrets.5.xml:192
 msgid "containers_nest_level (integer)"
-msgstr "ldap_group_nesting_level (entier)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:151
+#: sssd-secrets.5.xml:195
 msgid "This option specifies the maximum allowed number of nested containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:155
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-secrets.5.xml:199
 msgid "Default: 4"
-msgstr "Par défaut : 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:160
-#, fuzzy
-#| msgid "timeout (integer)"
+#: sssd-secrets.5.xml:204
 msgid "max_secrets (integer)"
-msgstr "timeout (entier)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:163
-msgid "This option specifies the maximum number of secrets that can be stored."
+#: sssd-secrets.5.xml:207
+msgid ""
+"This option specifies the maximum number of secrets that can be stored in "
+"the hive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:167
-#, fuzzy
-#| msgid "Default: 10"
-msgid "Default: 1024"
-msgstr "Par défaut : 10"
+#: sssd-secrets.5.xml:211
+msgid "Default: 1024 (secrets hive), 256 (kcm hive)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:172
+#: sssd-secrets.5.xml:216
 #, fuzzy
-#| msgid "ldap_page_size (integer)"
+#| msgid "pam_id_timeout (integer)"
+msgid "max_uid_secrets (integer)"
+msgstr "pam_id_timeout (entier)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:219
+msgid ""
+"This option specifies the maximum number of secrets that can be stored per-"
+"UID in the hive."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:223
+msgid "Default: 256 (secrets hive), 64 (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:228
 msgid "max_payload_size (integer)"
-msgstr "ldap_page_size (entier)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:175
+#: sssd-secrets.5.xml:231
 msgid ""
 "This option specifies the maximum payload size allowed for a secret payload "
 "in kilobytes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:179
-#, fuzzy
-#| msgid "Default: 1"
-msgid "Default: 16"
-msgstr "Par défaut : 1"
+#: sssd-secrets.5.xml:235
+msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-secrets.5.xml:244
+#, no-wrap
+msgid ""
+"[secrets/secrets]\n"
+"max_payload_size = 128\n"
+"\n"
+"[secrets/kcm]\n"
+"max_payload_size = 256\n"
+"            "
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:185
+#: sssd-secrets.5.xml:241
+msgid ""
+"For example, to adjust quotas differently for both the <quote>secrets</"
+"quote> and the <quote>kcm</quote> hives, configure the following: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:252
 msgid ""
 "The following options are only applicable for configurations that use the "
 "<quote>proxy</quote> provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:190
-#, fuzzy
-#| msgid "proxy_lib_name (string)"
+#: sssd-secrets.5.xml:257
 msgid "proxy_url (string)"
-msgstr "proxy_lib_name (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:193
+#: sssd-secrets.5.xml:260
 msgid ""
 "The URL the Custodia server is listening on. At the moment, http and https "
 "protocols are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:200
-#, fuzzy
-#| msgid "ldap[s]://&lt;host&gt;[:port]"
+#: sssd-secrets.5.xml:267
 msgid "http[s]://&lt;host&gt;[:port]"
-msgstr "ldap[s]://&lt;host&gt;[:port]"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:203
+#: sssd-secrets.5.xml:270
 msgid "Example: http://localhost:8080"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:208
-#, fuzzy
-#| msgid "auth_provider (string)"
+#: sssd-secrets.5.xml:275
 msgid "auth_type (string)"
-msgstr "auth_provider (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:211
+#: sssd-secrets.5.xml:278
 msgid ""
 "The method to use when authenticating to a Custodia server. The following "
 "authentication methods are supported:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:216
+#: sssd-secrets.5.xml:283
 msgid "basic_auth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:219
+#: sssd-secrets.5.xml:286
 msgid ""
 "Authenticate with a username and a password as set in the <quote>username</"
 "quote> and <quote>password</quote> options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:226
+#: sssd-secrets.5.xml:293
 msgid "header"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:229
+#: sssd-secrets.5.xml:296
 msgid ""
 "Authenticate with HTTP header value as defined in the "
 "<quote>auth_header_name</quote> and <quote>auth_header_value</quote> "
@@ -14861,14 +14742,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:240
-#, fuzzy
-#| msgid "ldap_user_name (string)"
+#: sssd-secrets.5.xml:307
 msgid "auth_header_name (string)"
-msgstr "ldap_user_name (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:243
+#: sssd-secrets.5.xml:310
 msgid ""
 "If set, the secrets responder would put a header with this name into the "
 "HTTP request with the value defined in the <quote>auth_header_value</quote> "
@@ -14876,95 +14755,81 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:248
+#: sssd-secrets.5.xml:315
 msgid "Example: MYSECRETNAME"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:253
-#, fuzzy
-#| msgid "ldap_autofs_entry_value (string)"
+#: sssd-secrets.5.xml:320
 msgid "auth_header_value (string)"
-msgstr "ldap_autofs_entry_value (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:256
+#: sssd-secrets.5.xml:323
 msgid ""
 "The value sssd-secrets would use for the <quote>auth_header_name</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:260
-#, fuzzy
-#| msgid "Example:"
+#: sssd-secrets.5.xml:327
 msgid "Example: mysecret"
-msgstr "Exemple :"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:265
-#, fuzzy
-#| msgid "override_homedir (string)"
+#: sssd-secrets.5.xml:332
 msgid "forward_headers (list of strings)"
-msgstr "override_homedir (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:268
+#: sssd-secrets.5.xml:335
 msgid ""
 "The list of HTTP headers to forward to the Custodia server together with the "
 "request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:277
-#, fuzzy
-#| msgid "try_inotify (boolean)"
+#: sssd-secrets.5.xml:344
 msgid "verify_peer (boolean)"
-msgstr "try_inotify (booléen)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:280
+#: sssd-secrets.5.xml:347
 msgid ""
 "Whether peer's certificate should be verified and valid if HTTPS protocol is "
 "used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:289
-#, fuzzy
-#| msgid "try_inotify (boolean)"
+#: sssd-secrets.5.xml:356
 msgid "verify_host (boolean)"
-msgstr "try_inotify (booléen)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:292
+#: sssd-secrets.5.xml:359
 msgid ""
 "Whether peer's hostname must match with hostname in its certificate if HTTPS "
 "protocol is used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:302
-#, fuzzy
-#| msgid "krb5_confd_path (string)"
+#: sssd-secrets.5.xml:369
 msgid "capath (string)"
-msgstr "krb5_confd_path (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:305
+#: sssd-secrets.5.xml:372
 msgid ""
 "Path to directory containing stored certificate authority certificates. "
 "System default path is used if this option is not set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:315
-#, fuzzy
-#| msgid "user (string)"
+#: sssd-secrets.5.xml:382
 msgid "cacert (string)"
-msgstr "user (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:318
+#: sssd-secrets.5.xml:385
 msgid ""
 "Path to file containing server's certificate authority certificate. If this "
 "option is not set then the CA's certificate is looked up in <quote>capath</"
@@ -14972,14 +14837,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:328
-#, fuzzy
-#| msgid "user (string)"
+#: sssd-secrets.5.xml:395
 msgid "cert (string)"
-msgstr "user (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:331
+#: sssd-secrets.5.xml:398
 msgid ""
 "Path to file containing client's certificate if required by the server. This "
 "file may also contain private key or the private key may be in separate file "
@@ -14987,26 +14850,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:342
-#, fuzzy
-#| msgid "user (string)"
+#: sssd-secrets.5.xml:409
 msgid "key (string)"
-msgstr "user (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:345
-#, fuzzy
-#| msgid "Specifies the file that contains the client's key."
+#: sssd-secrets.5.xml:412
 msgid "Path to file containing client's private key."
-msgstr "Définit le fichier qui contient la clef du client."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:355
+#: sssd-secrets.5.xml:422
 msgid "USING THE REST API"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:357
+#: sssd-secrets.5.xml:424
 msgid ""
 "This section lists the available commands and includes examples using the "
 "<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> "
@@ -15021,19 +14880,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:374
+#: sssd-secrets.5.xml:441
 msgid "Listing secrets"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:377
+#: sssd-secrets.5.xml:444
 msgid ""
 "To list the available secrets, send a HTTP GET request with a trailing slash "
 "appended to the container path."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:383
+#: sssd-secrets.5.xml:450
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -15043,19 +14902,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:391
+#: sssd-secrets.5.xml:458
 msgid "Retrieving a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:394
+#: sssd-secrets.5.xml:461
 msgid ""
 "To read a value of a single secret, send a HTTP GET request without a "
 "trailing slash. The last portion of the URI is the name of the secret."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:401
+#: sssd-secrets.5.xml:468
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -15065,7 +14924,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:406
+#: sssd-secrets.5.xml:473
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -15075,21 +14934,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:399
-#, fuzzy
-#| msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+#: sssd-secrets.5.xml:466
 msgid ""
 "Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
 "\"programlisting\" id=\"1\"/>"
-msgstr "Exemple : <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:414
+#: sssd-secrets.5.xml:481
 msgid "Setting a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:417
+#: sssd-secrets.5.xml:484
 msgid ""
 "To set a secret using the <quote>application/json</quote> type, send a HTTP "
 "PUT request with a JSON payload that includes type and value. The type "
@@ -15098,14 +14955,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:425
+#: sssd-secrets.5.xml:492
 msgid ""
 "The <quote>application/json</quote> type just sends the secret as the "
 "message payload."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:434
+#: sssd-secrets.5.xml:501
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -15116,7 +14973,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:440
+#: sssd-secrets.5.xml:507
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -15127,7 +14984,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:429
+#: sssd-secrets.5.xml:496
 msgid ""
 "The following example sets a secret named 'foo' to a value of 'foosecret' "
 "and a secret named 'bar' to a value of 'barsecret' using a different Content "
@@ -15136,12 +14993,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:449
+#: sssd-secrets.5.xml:516
 msgid "Creating a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:452
+#: sssd-secrets.5.xml:519
 msgid ""
 "Containers provide an additional namespace for this user's secrets. To "
 "create a container, send a HTTP POST request, whose URI ends with the "
@@ -15149,7 +15006,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:462
+#: sssd-secrets.5.xml:529
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -15159,20 +15016,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:459
-#, fuzzy
-#| msgid ""
-#| "The following expansions are supported: <placeholder type=\"variablelist"
-#| "\" id=\"0\"/>"
+#: sssd-secrets.5.xml:526
 msgid ""
 "The following example creates a container named 'mycontainer': <placeholder "
 "type=\"programlisting\" id=\"0\"/>"
 msgstr ""
-"Les expansions suivantes sont prises en charge : <placeholder type="
-"\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:471
+#: sssd-secrets.5.xml:538
 #, no-wrap
 msgid ""
 "http://localhost/secrets/mycontainer/mysecret\n"
@@ -15180,28 +15031,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:468
+#: sssd-secrets.5.xml:535
 msgid ""
 "To manipulate secrets under this container, just nest the secrets underneath "
 "the container path: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:477
-#, fuzzy
-#| msgid "delete a user account"
+#: sssd-secrets.5.xml:544
 msgid "Deleting a secret or a container"
-msgstr "Supprimer un compte utilisateur"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:480
+#: sssd-secrets.5.xml:547
 msgid ""
 "To delete a secret or a container, send a HTTP DELETE request with a path to "
 "the secret or the container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:486
+#: sssd-secrets.5.xml:553
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -15211,25 +15060,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:484
-#, fuzzy
-#| msgid ""
-#| "The following expansions are supported: <placeholder type=\"variablelist"
-#| "\" id=\"0\"/>"
+#: sssd-secrets.5.xml:551
 msgid ""
 "The following example deletes a secret named 'foo'.  <placeholder type="
 "\"programlisting\" id=\"0\"/>"
 msgstr ""
-"Les expansions suivantes sont prises en charge : <placeholder type="
-"\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:496
+#: sssd-secrets.5.xml:563
 msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:498
+#: sssd-secrets.5.xml:565
 msgid ""
 "For testing the proxy provider, you need to set up a Custodia server to "
 "proxy requests to. Please always consult the Custodia documentation, the "
@@ -15237,7 +15080,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:509
+#: sssd-secrets.5.xml:576
 #, no-wrap
 msgid ""
 "[global]\n"
@@ -15267,7 +15110,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:503
+#: sssd-secrets.5.xml:570
 msgid ""
 "This configuration will set up a Custodia server listening on http://"
 "localhost:8080, allowing anyone with header named MYSECRETNAME set to "
@@ -15277,14 +15120,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:535
+#: sssd-secrets.5.xml:602
 msgid ""
 "Then run the <replaceable>custodia</replaceable> command, pointing it at the "
 "config file as a command line argument."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:539
+#: sssd-secrets.5.xml:606
 msgid ""
 "Please note that currently it's not possible to proxy all requests globally "
 "to a Custodia instance. Instead, per-user subsections for user IDs that "
@@ -15295,7 +15138,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><programlisting>
-#: sssd-secrets.5.xml:547
+#: sssd-secrets.5.xml:614
 #, no-wrap
 msgid ""
 "[secrets]\n"
@@ -15310,18 +15153,99 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
+#: sssd-session-recording.5.xml:16
+msgid "sssd-session-recording"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-session-recording.5.xml:17
+#, fuzzy
+#| msgid "Configuring sudo to cooperate with SSSD"
+msgid "Configuring session recording with SSSD"
+msgstr "Configuration de sudo pour coopérer avec SSSD"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:23
+#, fuzzy
+#| msgid ""
+#| "This manual page describes the configuration of the simple access-control "
+#| "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
+#| "<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax "
+#| "reference, refer to the <quote>FILE FORMAT</quote> section of the "
+#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> manual page."
+msgid ""
+"This manual page describes how to configure <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to "
+"implement user session recording on text terminals.  For a detailed "
+"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> "
+"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+"Cette page de manuel décrit la configuration du fournisseur de contrôle "
+"d'accès simple de <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>. Pour plus de détails sur la "
+"syntaxe, cf. la section <quote>FORMAT DE FICHIER</quote> de la page de "
+"manuel <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:41
+msgid ""
+"SSSD can be set up to enable recording of everything specific users see or "
+"type during their sessions on text terminals. E.g.  when users log in on the "
+"console, or via SSH. SSSD itself doesn't record anything, but makes sure "
+"tlog-rec-session is started upon user login, so it can record according to "
+"its configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:48
+msgid ""
+"For users with session recording enabled, SSSD replaces the user shell with "
+"tlog-rec-session in NSS responses, and adds a variable specifying the "
+"original shell to the user environment, upon PAM session setup. This way "
+"tlog-rec-session can be started in place of the user shell, and know which "
+"actual shell to start, once it set up the recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:60
 #, fuzzy
-#| msgid "sssd-krb5"
+#| msgid "These options can be used to configure the PAC responder."
+msgid "These options can be used to configure the session recording."
+msgstr ""
+"Les options suivantes peuvent être utilisées pour configurer le répondeur "
+"PAC."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:146
+msgid ""
+"The following snippet of sssd.conf enables session recording for users "
+"\"contractor1\" and \"contractor2\", and group \"students\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-session-recording.5.xml:151
+#, no-wrap
+msgid ""
+"[session_recording]\n"
+"scope = some\n"
+"users = contractor1, contractor2\n"
+"groups = students\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
 msgid "sssd-kcm"
-msgstr "sssd-krb5"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-kcm.8.xml:17
-#, fuzzy
-#| msgid "SSSD Kerberos provider"
 msgid "SSSD Kerberos Cache Manager"
-msgstr "Fournisseur Kerberos SSSD"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-kcm.8.xml:23
@@ -15374,20 +15298,12 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 #: sssd-kcm.8.xml:61
-#, fuzzy
-#| msgid ""
-#| "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> for more information on configuring Kerberos."
 msgid ""
 "the SSSD implementation stores the ccaches in the SSSD <citerefentry> "
 "<refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</manvolnum> </"
 "citerefentry> secrets store, allowing the ccaches to survive KCM server "
 "restarts or machine reboots."
 msgstr ""
-"<quote>krb5</quote> pour une authentification Kerberos. Cf. <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> pour plus d'informations sur la configuration de Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-kcm.8.xml:69
@@ -15413,13 +15329,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-kcm.8.xml:78
-#, fuzzy
-#| msgid ""
-#| "If the auth-module krb5 is used in an SSSD domain, the following options "
-#| "must be used. See the <citerefentry> <refentrytitle>sssd.conf</"
-#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, "
-#| "section <quote>DOMAIN SECTIONS</quote>, for details on the configuration "
-#| "of an SSSD domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
 "In order to use KCM credential cache, it must be selected as the default "
 "credential type in <citerefentry> <refentrytitle>krb5.conf</"
@@ -15427,22 +15336,9 @@ msgid ""
 "cache name must be only <quote>KCM:</quote> without any template "
 "expansions.  For example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
-"Si le module auth krb5 est utilisé dans un domaine SSSD, les options "
-"suivantes doivent être utilisées. Cf. la page de manuel "
-"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry>, section <quote>SECTIONS DOMAINE</quote> pour plus "
-"de détails sur la configuration d'un domaine SSSD.  <placeholder type="
-"\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-kcm.8.xml:91
-#, fuzzy
-#| msgid ""
-#| "Specifies if the SSSD should instruct the Kerberos libraries what realm "
-#| "and which KDCs to use. This option is on by default, if you disable it, "
-#| "you need to configure the Kerberos library using the <citerefentry> "
-#| "<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> configuration file."
 msgid ""
 "Next, make sure the Kerberos client libraries and the KCM server must agree "
 "on the UNIX socket path. By default, both use the same path <replaceable>/"
@@ -15451,11 +15347,6 @@ msgid ""
 "the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</"
 "manvolnum> </citerefentry> manual page."
 msgstr ""
-"Indique si SSSD doit préciser aux bibliothèques Kerberos quels domaine et "
-"KDC utiliser. Cette option est activée par défaut, si elle est désactivée, "
-"la bibliothèque Kerberos doit être configurée à l'aide du fichier de "
-"configuration <citerefentry> <refentrytitle>krb5.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sssd-kcm.8.xml:113
@@ -15463,7 +15354,6 @@ msgstr ""
 msgid ""
 "systemctl start sssd-kcm.socket\n"
 "systemctl enable sssd-kcm.socket\n"
-"systemctl enable sssd-kcm.service\n"
 "            "
 msgstr ""
 
@@ -15480,12 +15370,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-kcm.8.xml:123
+#: sssd-kcm.8.xml:122
 msgid "THE CREDENTIAL CACHE STORAGE"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:131
+#, no-wrap
+msgid ""
+"systemctl start sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.socket\n"
+"            "
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:125
+#: sssd-kcm.8.xml:124
 msgid ""
 "The credential caches are stored in the SSSD secrets service (see "
 "<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
@@ -15496,15 +15395,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:143
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the simple access-control "
-#| "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-#| "<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax "
-#| "reference, refer to the <quote>FILE FORMAT</quote> section of the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page."
+#: sssd-kcm.8.xml:141
 msgid ""
 "The KCM service is configured in the <quote>kcm</quote> section of the sssd."
 "conf file. Please note that currently, is it not sufficient to restart the "
@@ -15515,20 +15406,9 @@ msgid ""
 "<quote>FILE FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd."
 "conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
-"Cette page de manuel décrit la configuration du fournisseur de contrôle "
-"d'accès simple de <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>. Pour plus de détails sur la "
-"syntaxe, cf. la section <quote>FORMAT DE FICHIER</quote> de la page de "
-"manuel <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:157
-#, fuzzy
-#| msgid ""
-#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page for more details."
+#: sssd-kcm.8.xml:155
 msgid ""
 "The generic SSSD service options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the kcm service.  Please refer to "
@@ -15536,42 +15416,428 @@ msgid ""
 "manvolnum> </citerefentry> manual page for a complete list. In addition, "
 "there are some KCM-specific options as well."
 msgstr ""
-"Se reporter au paramètre <quote>dns_discovery_domain</quote> dans la page de "
-"manuel <citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> pour plus de détails."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-kcm.8.xml:168
-#, fuzzy
-#| msgid "skel_dir (string)"
+#: sssd-kcm.8.xml:166
 msgid "socket_path (string)"
-msgstr "skel_dir (chaîne)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:171
+#: sssd-kcm.8.xml:169
 msgid "The socket the KCM service will listen on."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:174
+#: sssd-kcm.8.xml:172
 msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:184
-#, fuzzy
-#| msgid ""
-#| "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</"
-#| "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</"
-#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>"
+#: sssd-kcm.8.xml:182
 msgid ""
 "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>,"
 msgstr ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry>"
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
+#, fuzzy
+#| msgid "sssd-simple"
+msgid "sssd-systemtap"
+msgstr "sssd-simple"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-systemtap.5.xml:17
+msgid "SSSD systemtap information"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:23
+#, fuzzy
+#| msgid ""
+#| "This manual page only describes attribute name mapping.  For detailed "
+#| "explanation of sudo related attribute semantics, see <citerefentry> "
+#| "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
+#| "citerefentry>"
+msgid ""
+"This manual page provides information about the systemtap functionality in "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+"Cette page de manuel décrit uniquement le mappage de noms d'attribut.  Pour "
+"une explication détaillée des sémantiques d'attributs relatives à sudo, cf. "
+"<citerefentry><refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry>"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:32
+msgid ""
+"SystemTap Probe points have been added into various locations in SSSD code "
+"to assist in troubleshooting and analyzing performance related issues."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:40
+msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:46
+msgid ""
+"Probes and miscellaneous functions are defined in /usr/share/systemtap/"
+"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp "
+"respectively."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-systemtap.5.xml:57
+msgid "PROBE POINTS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:341
+msgid ""
+"The information below lists the probe points and arguments available in the "
+"following format:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:64
+#, fuzzy
+#| msgid "realm name"
+msgid "probe $name"
+msgstr "nom de domaine"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:67
+msgid "Description of probe point"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:70
+#, no-wrap
+msgid ""
+"variable1:datatype\n"
+"variable2:datatype\n"
+"variable3:datatype\n"
+"...\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:80
+msgid "Database Transaction Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:84
+msgid "probe sssd_transaction_start"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:87
+msgid ""
+"Start of a sysdb transaction, probes the sysdb_transaction_start() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118
+#: sssd-systemtap.5.xml:131
+#, no-wrap
+msgid ""
+"nesting:integer\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:97
+msgid "probe sssd_transaction_cancel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:100
+msgid ""
+"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel()  "
+"function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:111
+msgid "probe sssd_transaction_commit_before"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:114
+msgid "Probes the sysdb_transaction_commit_before()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:124
+msgid "probe sssd_transaction_commit_after"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:127
+msgid "Probes the sysdb_transaction_commit_after()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:141
+msgid "LDAP Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:145
+msgid "probe sdap_search_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:148
+msgid "Probes the sdap_get_generic_ext_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:152 sssd-systemtap.5.xml:167 sssd-systemtap.5.xml:196
+#, no-wrap
+msgid ""
+"base:string\n"
+"scope:integer\n"
+"filter:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:160
+msgid "probe sdap_search_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:163
+msgid "Probes the sdap_get_generic_ext_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:175
+msgid "probe sdap_deref_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:178
+msgid "Probes the sdap_deref_search_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:182
+#, no-wrap
+msgid ""
+"base_dn:string\n"
+"deref_attr:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:189
+msgid "probe sdap_deref_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:192
+msgid "Probes the sdap_deref_search_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:208
+msgid "LDAP Account Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:212
+msgid "probe sdap_acct_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:215
+msgid "Probes the sdap_acct_req_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:219 sssd-systemtap.5.xml:234
+#, no-wrap
+msgid ""
+"entry_type:int\n"
+"filter_type:int\n"
+"filter_value:string\n"
+"extra_value:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:227
+msgid "probe sdap_acct_req_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:230
+msgid "Probes the sdap_acct_req_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:246
+msgid "LDAP User Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:250
+msgid "probe sdap_search_user_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:253
+msgid "Probes the sdap_search_user_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
+#: sssd-systemtap.5.xml:293
+#, fuzzy, no-wrap
+#| msgid ""
+#| "fallback_homedir = /home/%u\n"
+#| "                            "
+msgid ""
+"filter:string\n"
+"                       "
+msgstr ""
+"fallback_homedir = /home/%u\n"
+"                            "
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:262
+msgid "probe sdap_search_user_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:265
+msgid "Probes the sdap_search_user_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:274
+msgid "probe sdap_search_user_save_begin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:277
+msgid "Probes the sdap_search_user_save_begin()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:286
+msgid "probe sdap_search_user_save_end"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:289
+msgid "Probes the sdap_search_user_save_end()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:302
+msgid "Data Provider Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:306
+msgid "probe dp_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:309
+msgid "A Data Provider request is submitted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:312
+#, no-wrap
+msgid ""
+"dp_req_domain:string\n"
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:320
+msgid "probe dp_req_done"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:323
+msgid "A Data Provider request is completed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:326
+#, no-wrap
+msgid ""
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"dp_ret:int\n"
+"dp_errorstr:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:339
+msgid "MISCELLANEOUS FUNCTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:346
+msgid "function acct_req_desc(entry_type)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:349
+msgid "Convert entry_type to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:354
+msgid ""
+"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
+"filter_value, extra_value)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:358
+msgid "Create probe string based on filter type"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:363
+msgid "function dp_target_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:366
+msgid "Convert target to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:371
+msgid "function dp_method_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:374
+msgid "Convert method to string and return string"
+msgstr ""
 
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
@@ -15660,16 +15926,10 @@ msgstr ""
 
 #. type: Content of: <refentryinfo>
 #: include/upstream.xml:2
-#, fuzzy
-#| msgid ""
-#| "<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-#| "fedorahosted.org/sssd</orgname>"
 msgid ""
 "<productname>SSSD</productname> <orgname>The SSSD upstream - https://pagure."
 "io/SSSD/sssd/</orgname>"
 msgstr ""
-"<productname>SSSD</productname> <orgname>Le projet SSSD - http://"
-"fedorahosted.org/sssd</orgname>"
 
 #. type: Content of: outside any tag (error?)
 #: include/upstream.xml:1
@@ -15778,6 +16038,83 @@ msgstr ""
 "bascule dans le mode hors connexion et tente ensuite de se reconnecter "
 "toutes les 30 secondes."
 
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:53
+msgid "Failover time outs and tuning"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:55
+msgid ""
+"Resolving a server to connect to can be as simple as running a single DNS "
+"query or can involve several steps, such as finding the correct site or "
+"trying out multiple host names in case some of the configured servers are "
+"not reachable. The more complex scenarios can take some time and SSSD needs "
+"to balance between providing enough time to finish the resolution process "
+"but on the other hand, not trying for too long before falling back to "
+"offline mode. If the SSSD debug logs show that the server resolution is "
+"timing out before a live server is contacted, you can consider changing the "
+"time outs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:76
+#, fuzzy
+#| msgid "dns_resolver_timeout (integer)"
+msgid "dns_resolver_op_timeout"
+msgstr "dns_resolver_timeout (entier)"
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:80
+msgid "How long would SSSD talk to a single DNS server."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:86
+#, fuzzy
+#| msgid "dns_resolver_timeout (integer)"
+msgid "dns_resolver_timeout"
+msgstr "dns_resolver_timeout (entier)"
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:90
+msgid ""
+"How long would SSSD try to resolve a failover service. This service "
+"resolution internally might include several steps, such as resolving DNS SRV "
+"queries or locating the site."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:67
+#, fuzzy
+#| msgid ""
+#| "All of the common configuration options that apply to SSSD domains also "
+#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
+#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details.  "
+#| "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgid ""
+"This section lists the available tunables. Please refer to their description "
+"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, manual page.  <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+"Toutes les options de configuration communes appliquées aux domaines SSSD "
+"s'appliquent aussi aux domaines LDAP. Voir la section des <quote>SECTIONS DE "
+"DOMAINE</quote> dans la page de manuel <citerefentry> <refentrytitle>sssd."
+"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> pour plus de "
+"détails. <placeholder type=\"variablelist\" id=\"0\"/>"
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:100
+msgid ""
+"For LDAP-based providers, the resolve operation is performed as part of an "
+"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"quote> timeout should be set to a larger value than "
+"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
+"value than <quote>dns_resolver_op_timeout</quote>."
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/ldap_id_mapping.xml:2
 msgid "ID MAPPING"
@@ -15949,19 +16286,11 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/ldap_id_mapping.xml:111
-#, fuzzy
-#| msgid ""
-#| "The default configuration results in configuring 10,000 slices, each "
-#| "capable of holding up to 200,000 IDs, starting from 10,001 and going up "
-#| "to 2,000,100,000. This should be sufficient for most deployments."
 msgid ""
 "The default configuration results in configuring 10,000 slices, each capable "
 "of holding up to 200,000 IDs, starting from 200,000 and going up to "
 "2,000,200,000. This should be sufficient for most deployments."
 msgstr ""
-"La configuration par défaut active 10 000 tranches, chacune pouvant contenir "
-"jusqu'à 200 000 identifiants, démarrant à 10 001 et allant jusqu'à "
-"2 000 100 000. Cela devrait être suffisant pour la plupart des déploiements."
 
 #. type: Content of: <refsect1><refsect2><refsect3><title>
 #: include/ldap_id_mapping.xml:117
@@ -16148,10 +16477,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
 #: include/ldap_id_mapping.xml:249
-#, fuzzy
-#| msgid "ldap_idmap_range_size (integer)"
 msgid "ldap_idmap_helper_table_size (integer)"
-msgstr "ldap_idmap_range_size (integer)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
 #: include/ldap_id_mapping.xml:252
@@ -16302,19 +16629,11 @@ msgstr ""
 
 #. type: Content of: <listitem><para>
 #: include/debug_levels.xml:38 include/debug_levels_tools.xml:19
-#, fuzzy
-#| msgid ""
-#| "<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. "
-#| "An error that doesn't kill the SSSD, but one that indicates that at least "
-#| "one major feature is not going to work properly."
 msgid ""
 "<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
 "error that doesn't kill SSSD, but one that indicates that at least one major "
 "feature is not going to work properly."
 msgstr ""
-"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis> : échecs critiques. Une "
-"erreur qui ne tue pas SSSD, mais qui indique qu'au moins une caractéristique "
-"majeure ne pourra pas fonctionner correctement."
 
 #. type: Content of: <listitem><para>
 #: include/debug_levels.xml:45 include/debug_levels_tools.xml:26
@@ -16428,16 +16747,10 @@ msgstr "<emphasis>Par défaut</emphasis> : 0"
 
 #. type: Content of: outside any tag (error?)
 #: include/experimental.xml:1
-#, fuzzy
-#| msgid ""
-#| "<emphasis> This is an experimental feature, please use http://"
-#| "fedorahosted.org/sssd to report any issues.  </emphasis>"
 msgid ""
 "<emphasis> This is an experimental feature, please use https://pagure.io/"
 "SSSD/sssd/ to report any issues.  </emphasis>"
 msgstr ""
-"<emphasis>Il s'agit d'une fonctionnalité expérimentale, utiliser http://"
-"fedorahosted.org/sssd pour signaler les problèmes.</emphasis>"
 
 #. type: Content of: <refsect1><title>
 #: include/local.xml:2
@@ -16475,48 +16788,6 @@ msgstr ""
 
 #. type: Content of: <refsect1><para>
 #: include/seealso.xml:4
-#, fuzzy
-#| msgid ""
-#| "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</"
-#| "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</"
-#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </"
-#| "citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> "
-#| "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
-#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
-#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
-#| "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> "
-#| "<citerefentry> <refentrytitle>sss_ssh_authorizedkeys</refentrytitle> "
-#| "<manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
-#| "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry>, </phrase> <citerefentry> "
-#| "<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-#| "citerefentry>.  <citerefentry> <refentrytitle>sss_rpcidmapd</"
-#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>"
 msgid ""
 "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
@@ -16532,75 +16803,38 @@ msgid ""
 "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> "
 "<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
+"citerefentry>, </phrase> <citerefentry> <refentrytitle>sssd-session-"
+"recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, "
+"<citerefentry> <refentrytitle>sss_cache</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
-"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
+"\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
 "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>.  <citerefentry> "
 "<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
+"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
+"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> </phrase>"
 msgstr ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> "
-"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
-"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
-"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>.  <citerefentry> "
-"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
 
 #. type: Content of: <listitem><para>
 #: include/ldap_search_bases.xml:3
@@ -16780,10 +17014,8 @@ msgstr "Par défaut : /home"
 
 #. type: Content of: <refsect1><title>
 #: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2
-#, fuzzy
-#| msgid "GENERAL OPTIONS"
 msgid "MODIFIED DEFAULT OPTIONS"
-msgstr "OPTIONS GÉNÉRALES"
+msgstr ""
 
 #. type: Content of: <refsect1><para>
 #: include/ad_modified_defaults.xml:4
@@ -16795,80 +17027,58 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9
-#, fuzzy
-#| msgid "SSSD IPA provider"
 msgid "KRB5 Provider"
-msgstr "Fournisseur IPA SSSD"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13
-#, fuzzy
-#| msgid "krb5_validate (boolean)"
 msgid "krb5_validate = true"
-msgstr "krb5_validate (booléen)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:18
-#, fuzzy
-#| msgid "krb5_use_enterprise_principal (boolean)"
 msgid "krb5_use_enterprise_principal = true"
-msgstr "krb5_use_enterprise_principal (booléen)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/ad_modified_defaults.xml:24
-#, fuzzy
-#| msgid "SSSD LDAP provider"
 msgid "LDAP Provider"
-msgstr "Fournisseur LDAP SSSD"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:28
-#, fuzzy
-#| msgid "ldap_schema (string)"
 msgid "ldap_schema = ad"
-msgstr "ldap_schema (chaîne)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38
-#, fuzzy
-#| msgid "ldap_force_upper_case_realm (boolean)"
 msgid "ldap_force_upper_case_realm = true"
-msgstr "ldap_force_upper_case_realm (booléen)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:38
-#, fuzzy
-#| msgid "ldap_id_mapping (boolean)"
 msgid "ldap_id_mapping = true"
-msgstr "ldap_id_mapping (boolean)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:43
-#, fuzzy
-#| msgid "ldap_sasl_mech (string)"
 msgid "ldap_sasl_mech = gssapi"
-msgstr "ldap_sasl_mech (chaîne)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:48
-#, fuzzy
-#| msgid "ldap_referrals (boolean)"
 msgid "ldap_referrals = false"
-msgstr "ldap_referrals (booléen)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:53
-#, fuzzy
-#| msgid "ldap_account_expire_policy (string)"
 msgid "ldap_account_expire_policy = ad"
-msgstr "ldap_account_expire_policy (chaîne)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58
-#, fuzzy
-#| msgid "ldap_use_tokengroups"
 msgid "ldap_use_tokengroups = true"
-msgstr "ldap_use_tokengroups"
+msgstr ""
 
 #. type: Content of: <refsect1><para>
 #: include/ipa_modified_defaults.xml:4
@@ -16880,17 +17090,13 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:18
-#, fuzzy
-#| msgid "krb5_use_fast (string)"
 msgid "krb5_use_fast = try"
-msgstr "krb5_use_fast (chaîne)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:23
-#, fuzzy
-#| msgid "krb5_canonicalize (boolean)"
 msgid "krb5_canonicalize = true"
-msgstr "krb5_canonicalize (booléen)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/ipa_modified_defaults.xml:29
@@ -16899,31 +17105,23 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:33
-#, fuzzy
-#| msgid "ldap_schema (string)"
 msgid "ldap_schema = ipa_v1"
-msgstr "ldap_schema (chaîne)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:43
-#, fuzzy
-#| msgid "ldap_sasl_mech (string)"
 msgid "ldap_sasl_mech = GSSAPI"
-msgstr "ldap_sasl_mech (chaîne)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:48
-#, fuzzy
-#| msgid "ldap_sasl_minssf (integer)"
 msgid "ldap_sasl_minssf = 56"
-msgstr "ldap_sasl_minssf (integer)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:53
-#, fuzzy
-#| msgid "ldap_account_expire_policy (string)"
 msgid "ldap_account_expire_policy = ipa"
-msgstr "ldap_account_expire_policy (chaîne)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/ipa_modified_defaults.xml:64
@@ -16932,191 +17130,67 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:68
-#, fuzzy
-#| msgid "ldap_user_member_of (string)"
 msgid "ldap_user_member_of = memberOf"
-msgstr "ldap_user_member_of (chaîne)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:73
-#, fuzzy
-#| msgid "ldap_user_uuid (string)"
 msgid "ldap_user_uuid = ipaUniqueID"
-msgstr "ldap_user_uuid (chaîne)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:78
-#, fuzzy
-#| msgid "ldap_user_ssh_public_key (string)"
 msgid "ldap_user_ssh_public_key = ipaSshPubKey"
-msgstr "ldap_user_ssh_public_key (chaîne)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:83
 msgid "ldap_user_auth_type = ipaUserAuthType"
 msgstr ""
 
-#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:88
-#, fuzzy
-#| msgid "ldap_user_certificate (string)"
-msgid "ldap_user_certificate = userCertificate;binary"
-msgstr "ldap_user_certificate (chaîne)"
-
 #. type: Content of: <refsect1><refsect2><title>
-#: include/ipa_modified_defaults.xml:94
+#: include/ipa_modified_defaults.xml:89
 msgid "LDAP Provider - Group options"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:98
-#, fuzzy
-#| msgid "ldap_group_object_class (string)"
+#: include/ipa_modified_defaults.xml:93
 msgid "ldap_group_object_class = ipaUserGroup"
-msgstr "ldap_group_object_class (chaîne)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:103
-#, fuzzy
-#| msgid "ldap_group_object_class (string)"
+#: include/ipa_modified_defaults.xml:98
 msgid "ldap_group_object_class_alt = posixGroup"
-msgstr "ldap_group_object_class (chaîne)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:108
-#, fuzzy
-#| msgid "ldap_group_member (string)"
+#: include/ipa_modified_defaults.xml:103
 msgid "ldap_group_member = member"
-msgstr "ldap_group_member (chaîne)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:113
-#, fuzzy
-#| msgid "ldap_group_uuid (string)"
+#: include/ipa_modified_defaults.xml:108
 msgid "ldap_group_uuid = ipaUniqueID"
-msgstr "ldap_group_uuid (chaîne)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:118
-#, fuzzy
-#| msgid "ldap_group_objectsid (string)"
+#: include/ipa_modified_defaults.xml:113
 msgid "ldap_group_objectsid = ipaNTSecurityIdentifier"
-msgstr "ldap_group_objectsid (string)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:123
+#: include/ipa_modified_defaults.xml:118
 msgid "ldap_group_external_member = ipaExternalMember"
 msgstr ""
 
 #~ msgid ""
-#~ "Comma separated list of services that are started when sssd itself starts."
-#~ msgstr ""
-#~ "Liste des services séparés par des virgules qui sont démarrés quand sssd "
-#~ "se lance."
-
-#~ msgid ""
-#~ "The user to drop the privileges to where appropriate to avoid running as "
-#~ "the root user."
+#~ "<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
+#~ "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
+#~ "running."
 #~ msgstr ""
-#~ "L'utilisation vers lequel abandonner les privilèges pour éviter de "
-#~ "fonctionner en tant que l'utilisateur root."
+#~ "<command>sss_debuglevel</command> positionne le niveau de débogage du "
+#~ "moniteur et des fournisseurs SSSD à <replaceable>NEW_DEBUG_LEVEL</"
+#~ "replaceable> pendant l'exécution de SSSD."
 
-#~ msgid "force_timeout (integer)"
-#~ msgstr "force_timeout (integer)"
-
-#~ msgid ""
-#~ "If a service is not responding to ping checks (see the <quote>timeout</"
-#~ "quote> option), it is first sent the SIGTERM signal that instructs it to "
-#~ "quit gracefully.  If the service does not terminate after "
-#~ "<quote>force_timeout</quote> seconds, the monitor will forcibly shut it "
-#~ "down by sending a SIGKILL signal."
-#~ msgstr ""
-#~ "Si un service ne répond pas aux vérifications par ping (Cf. l'option "
-#~ "<quote>timeout</quote>), le signal SIGTERM est d'abord envoyé de façon à "
-#~ "l'arrêter proprement.  Si le service ne se termine pas après "
-#~ "<quote>force_timeout</quote> secondes, le moniteur sera arrêté violemment "
-#~ "à l'aide d'un signal SIGKILL."
-
-#~ msgid "Default: uid"
-#~ msgstr "Par défaut : uid"
-
-#~ msgid ""
-#~ "Please note that the default values correspond to the default schema "
-#~ "which is RFC2307."
-#~ msgstr ""
-#~ "Veuillez noter que les valeurs par défaut correspondent au schéma par "
-#~ "défaut qui est RFC2307."
-
-#~ msgid "Default: automountMap"
-#~ msgstr "Par défaut : automountMap"
-
-#~ msgid "Default: ou"
-#~ msgstr "Par défaut : ou"
-
-#~ msgid "Default: automountInformation"
-#~ msgstr "Par défaut : automountInformation"
-
-#~ msgid ""
-#~ "Verify with the help of krb5_keytab that the TGT obtained has not been "
-#~ "spoofed."
-#~ msgstr ""
-#~ "Vérifie avec l'aide de krb5_keytab que le TGT obtenu n'est pas usurpé."
-
-#~ msgid ""
-#~ "Note that this default differs from the traditional Kerberos provider "
-#~ "back end."
-#~ msgstr ""
-#~ "Noter que cette valeur par défaut diffère du moteur de traitement "
-#~ "Kerberos original."
-
-#~ msgid ""
-#~ "Specifies if the host and user principal should be canonicalized when "
-#~ "connecting to IPA LDAP and also for AS requests. This feature is "
-#~ "available with MIT Kerberos >= 1.7"
-#~ msgstr ""
-#~ "Spécifie si l'hôte et l'utilisateur principal doivent être rendus "
-#~ "canoniques lors des connexions au serveur LDAP de IPA, mais aussi pour "
-#~ "les requêtes AS. Cette fonctionnalité est disponible avec MIT Kerberos > "
-#~ "= 1.7"
-
-#~ msgid "<emphasis>never</emphasis> use FAST."
-#~ msgstr "<emphasis>never</emphasis> : ne jamais utiliser FAST."
-
-#~ msgid ""
-#~ "<emphasis>try</emphasis> to use FAST. If the server does not support "
-#~ "FAST, continue the authentication without it. This is equivalent to not "
-#~ "setting this option at all."
-#~ msgstr ""
-#~ "<emphasis>try</emphasis> : eassyer d'utiliser FAST. Si le serveur ne "
-#~ "prend pas en charge FAST, continuer l'authentification sans. Ceci "
-#~ "équivaut à ne pas définir cette option."
-
-#~ msgid "Default: try"
-#~ msgstr "Par défaut : try"
-
-#~ msgid ""
-#~ "The option denotes that the SSSD is running on IPA server and should "
-#~ "perform lookups of users and groups from trusted domains differently."
-#~ msgstr ""
-#~ "Cette option indique que SSSD fonctionne sur un serveur IPA et doit "
-#~ "effectuer différemment ses recherches d'utilisateurs et groupes depuis "
-#~ "les domaines approuvés."
-
-#~ msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-#~ msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-
-#~ msgid ""
-#~ "If <quote>PubkeyAgent</quote> is supported, "
-#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-#~ "manvolnum></citerefentry> can be configured to use it by using the "
-#~ "following directive for <citerefentry> <refentrytitle>sshd</"
-#~ "refentrytitle> <manvolnum>8</manvolnum></citerefentry> configuration: "
-#~ "<placeholder type=\"programlisting\" id=\"0\"/>"
-#~ msgstr ""
-#~ "Si <quote>PubkeyAgent</quote> est pris en charge, "
-#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-#~ "manvolnum></citerefentry> peut être configuré pour l'utiliser en "
-#~ "utilisant la directive suivante de la configuration de "
-#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-#~ "manvolnum></citerefentry> : <placeholder type=\"programlisting\" id=\"0\"/"
-#~ ">"
+#~ msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+#~ msgstr "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
diff --git a/src/man/po/ja.po b/src/man/po/ja.po
index 32ef50af2..6987d7c9e 100644
--- a/src/man/po/ja.po
+++ b/src/man/po/ja.po
@@ -8,9 +8,9 @@
 # carrotsoft <www.carrotsoft@gmail.com>, 2012
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.12.90\n"
+"Project-Id-Version: sssd-docs 1.15.3\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2017-07-25 11:51+0200\n"
+"POT-Creation-Date: 2017-10-20 16:15+0200\n"
 "PO-Revision-Date: 2014-12-14 11:59-0500\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Japanese (http://www.transifex.com/projects/p/sssd/language/"
@@ -32,7 +32,8 @@ msgstr ""
 #: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
 #: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
 #: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5
-#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-kcm.8.xml:5
+#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-session-recording.5.xml:5
+#: sssd-kcm.8.xml:5 sssd-systemtap.5.xml:5
 msgid "SSSD Manual pages"
 msgstr "SSSD マニュアル ページ"
 
@@ -77,7 +78,8 @@ msgstr ""
 #: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31
 #: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
 #: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30
-#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-kcm.8.xml:21
+#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-session-recording.5.xml:21
+#: sssd-kcm.8.xml:21 sssd-systemtap.5.xml:21
 msgid "DESCRIPTION"
 msgstr "概要"
 
@@ -94,8 +96,8 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "オプション"
 
@@ -146,7 +148,8 @@ msgstr "sssd.conf"
 #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
 #: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11
 #: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
-#: sssd-files.5.xml:11 sssd-secrets.5.xml:11
+#: sssd-files.5.xml:11 sssd-secrets.5.xml:11 sssd-session-recording.5.xml:11
+#: sssd-systemtap.5.xml:11
 msgid "5"
 msgstr "5"
 
@@ -154,7 +157,8 @@ msgstr "5"
 #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
 #: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12
 #: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
-#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-kcm.8.xml:12
+#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-session-recording.5.xml:12
+#: sssd-kcm.8.xml:12 sssd-systemtap.5.xml:12
 msgid "File Formats and Conventions"
 msgstr "ファイル形式および変換"
 
@@ -290,10 +294,8 @@ msgstr "debug_level (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:112
-#, fuzzy
-#| msgid "debug_level (integer)"
 msgid "debug (integer)"
-msgstr "debug_level (整数)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:115
@@ -317,11 +319,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:813
-#: sssd.conf.5.xml:1422 sssd-ldap.5.xml:1695 sssd-ldap.5.xml:1792
-#: sssd-ldap.5.xml:1854 sssd-ldap.5.xml:2411 sssd-ldap.5.xml:2476
-#: sssd-ldap.5.xml:2494 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:284 sssd-secrets.5.xml:297
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
+#: sssd.conf.5.xml:1467 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1881 sssd-ldap.5.xml:2447 sssd-ldap.5.xml:2512
+#: sssd-ldap.5.xml:2530 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
+#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr "初期値: true"
 
@@ -338,17 +340,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:697
-#: sssd.conf.5.xml:1376 sssd.conf.5.xml:2691 sssd-ldap.5.xml:708
-#: sssd-ldap.5.xml:1569 sssd-ldap.5.xml:1588 sssd-ldap.5.xml:1764
-#: sssd-ldap.5.xml:2181 sssd-ipa.5.xml:144 sssd-ipa.5.xml:231
-#: sssd-ipa.5.xml:496 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
+#: sssd.conf.5.xml:1400 sssd.conf.5.xml:2865 sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:1596 sssd-ldap.5.xml:1615 sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:2217 sssd-ipa.5.xml:145 sssd-ipa.5.xml:232
+#: sssd-ipa.5.xml:540 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
 #: sssd-krb5.5.xml:471
 msgid "Default: false"
 msgstr "初期値: false"
 
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2219
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2255
+#: sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:210
+#: sssd-systemtap.5.xml:248 sssd-systemtap.5.xml:304
 msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
 
@@ -371,8 +375,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1328 sssd.conf.5.xml:2707
-#: sssd-ldap.5.xml:1440 include/ldap_id_mapping.xml:264
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1352 sssd.conf.5.xml:2881
+#: sssd-ldap.5.xml:1467 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr "初期値: 10"
 
@@ -387,7 +391,7 @@ msgid "The [sssd] section"
 msgstr "[sssd] セクション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:2796
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:2970
 msgid "Section parameters"
 msgstr "セクションのパラメーター"
 
@@ -437,12 +441,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:589
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
 msgid "reconnection_retries (integer)"
 msgstr "reconnection_retries (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:592
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
@@ -451,7 +455,7 @@ msgstr ""
 "める前に試行する回数です。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:597
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
 msgid "Default: 3"
 msgstr "初期値: 3"
 
@@ -471,7 +475,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2508
 msgid "re_expression (string)"
 msgstr "re_expression (文字列)"
 
@@ -491,12 +495,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2391
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2559
 msgid "full_name_format (string)"
 msgstr "full_name_format (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2394
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2562
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -507,39 +511,39 @@ msgstr ""
 "manvolnum> </citerefentry> 互換形式。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2405
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2573
 msgid "%1$s"
 msgstr "%1$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2574
 msgid "user name"
 msgstr "ユーザー名"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2577
 msgid "%2$s"
 msgstr "%2$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2412
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2580
 msgid "domain name as specified in the SSSD config file."
 msgstr "SSSD 設定ファイルにおいて指定されるドメイン名。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2418
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2586
 msgid "%3$s"
 msgstr "%3$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2421
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2589
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2402
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2570
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -682,11 +686,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1132 sssd-ldap.5.xml:679
-#: sssd-ldap.5.xml:1528 sssd-ldap.5.xml:1540 sssd-ldap.5.xml:1622
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1156 sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:1555 sssd-ldap.5.xml:1567 sssd-ldap.5.xml:1649
 #: sssd-ad.5.xml:667 sssd-ad.5.xml:742 sssd-krb5.5.xml:410 sssd-krb5.5.xml:556
-#: sssd-secrets.5.xml:272 sssd-secrets.5.xml:310 sssd-secrets.5.xml:323
-#: sssd-secrets.5.xml:337 sssd-secrets.5.xml:348
+#: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
+#: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415
 #: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
 msgid "Default: not set"
 msgstr "初期値: 設定されません"
@@ -722,10 +726,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:448
-#, fuzzy
-#| msgid "re_expression (string)"
 msgid "certificate_verification (string)"
-msgstr "re_expression (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:456
@@ -804,17 +806,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:507
-#, fuzzy
-#| msgid "Default: not set, i.e. service discovery is disabled"
 msgid "Default: not set, i.e. do not restrict certificate verification"
-msgstr "初期値: 設定されていません、つまりサービス検索が無効にされています"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:513
-#, fuzzy
-#| msgid "ldap_disable_paging (boolean)"
 msgid "disable_netlink (boolean)"
-msgstr "ldap_disable_paging (論理値)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:516
@@ -832,17 +830,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:526
-#, fuzzy
-#| msgid "Default: False (disabled)"
 msgid "Default: false (netlink changes are detected)"
-msgstr "初期値: False (無効)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:531
-#, fuzzy
-#| msgid "ad_enable_dns_sites (boolean)"
 msgid "enable_files_domain (boolean)"
-msgstr "ad_enable_dns_sites (論理値)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:534
@@ -867,8 +861,24 @@ msgid ""
 "be looked up in a random order for each parent domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:563
+msgid ""
+"Please, note that when this option is set the output format of all commands "
+"is always fully-qualified even when using short names for input.  In case "
+"the administrator wants the output not fully-qualified, the full_name_format "
+"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
+"However, keep in mind that during login, login applications often "
+"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
+"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
+"shortname is returned for a qualified input (while trying to reach a user "
+"which exists in multiple domains) might re-route the login attempt into the "
+"domain which users shortnames, making this workaround totally not "
+"recommended in cases where usernames may overlap between domains."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563 sssd.conf.5.xml:1340 sssd.conf.5.xml:2757
+#: sssd.conf.5.xml:587 sssd.conf.5.xml:1364 sssd.conf.5.xml:2931
 #: sssd-ad.5.xml:148 sssd-ad.5.xml:286 sssd-ad.5.xml:300
 msgid "Default: Not set"
 msgstr ""
@@ -890,12 +900,12 @@ msgstr ""
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:574
+#: sssd.conf.5.xml:598
 msgid "SERVICES SECTIONS"
 msgstr "サービスセクション"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:600
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -907,22 +917,22 @@ msgstr ""
 "ば、NSS サービスは <quote>[nss]</quote> セクションです"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:607
 msgid "General service configuration options"
 msgstr "サービス設定の全体オプション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:609
 msgid "These options can be used to configure any service."
 msgstr "これらのオプションはすべてのサービスを設定するために使用できます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:626
 msgid "fd_limit"
 msgstr "fd_limit"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:605
+#: sssd.conf.5.xml:629
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -932,22 +942,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:614
+#: sssd.conf.5.xml:638
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:643
 msgid "client_idle_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
-#, fuzzy
-#| msgid ""
-#| "This option specifies the number of seconds that a client of an SSSD "
-#| "process can hold onto a file descriptor without communicating on it. This "
-#| "value is limited in order to avoid resource exhaustion on the system."
+#: sssd.conf.5.xml:646
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -955,23 +960,20 @@ msgid ""
 "can't be shorter than 10 seconds. If a lower value is configured, it will be "
 "adjusted to 10 seconds."
 msgstr ""
-"このオプションは、SSSD プロセスのクライアントがそれとコミュニケーションなしで"
-"ファイル記述子に保持できる秒数を指定します。この値はシステムのリソース枯渇を"
-"避けるために制限されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:631 sssd.conf.5.xml:663 sssd.conf.5.xml:944
-#: sssd.conf.5.xml:1198 sssd-ldap.5.xml:1267
+#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
+#: sssd.conf.5.xml:1222 sssd-ldap.5.xml:1294
 msgid "Default: 60"
 msgstr "初期値: 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:660
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:663
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -979,24 +981,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:670
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:673
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:678
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:681
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -1004,14 +1006,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:668
-#, fuzzy
-#| msgid "client_idle_timeout"
+#: sssd.conf.5.xml:692
 msgid "responder_idle_timeout"
-msgstr "client_idle_timeout"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:695
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1023,30 +1023,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685 sssd.conf.5.xml:956 sssd.conf.5.xml:1514
+#: sssd.conf.5.xml:709 sssd.conf.5.xml:980 sssd.conf.5.xml:1559
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr "初期値: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:690
+#: sssd.conf.5.xml:714
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:717
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:729
 msgid "NSS configuration options"
 msgstr "NSS 設定オプション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:731
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
@@ -1054,12 +1054,12 @@ msgstr ""
 "きます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:712
+#: sssd.conf.5.xml:736
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715
+#: sssd.conf.5.xml:739
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
@@ -1068,17 +1068,17 @@ msgstr ""
 "要求）。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:719
+#: sssd.conf.5.xml:743
 msgid "Default: 120"
 msgstr "初期値: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:748
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr "entry_cache_nowait_percentage (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
+#: sssd.conf.5.xml:751
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1089,7 +1089,7 @@ msgstr ""
 "す。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:733
+#: sssd.conf.5.xml:757
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1104,7 +1104,7 @@ msgstr ""
 "とをブロックする必要がありません。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:767
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1117,17 +1117,17 @@ msgstr ""
 "（0 はこの機能を無効にします）"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:775 sssd.conf.5.xml:1421
 msgid "Default: 50"
 msgstr "初期値: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:780
 msgid "entry_negative_timeout (integer)"
 msgstr "entry_negative_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:783
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1138,63 +1138,43 @@ msgstr ""
 "せ）をキャッシュする秒数を指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:765 sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:789 sssd.conf.5.xml:1445
 msgid "Default: 15"
 msgstr "初期値: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:770
-#, fuzzy
-#| msgid "autofs_negative_timeout (integer)"
+#: sssd.conf.5.xml:794
 msgid "local_negative_timeout (integer)"
-msgstr "autofs_negative_timeout (整数)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:773
-#, fuzzy
-#| msgid ""
-#| "Specifies for how many seconds nss_sss should cache negative cache hits "
-#| "(that is, queries for invalid database entries, like nonexistent ones)  "
-#| "before asking the back end again."
+#: sssd.conf.5.xml:797
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again."
 msgstr ""
-"nss_sss が再びバックエンドに問い合わせる前にネガティブキャッシュヒット（つま"
-"り、存在しないドメインのように、無効なデータベースエントリーに対する問い合わ"
-"せ）をキャッシュする秒数を指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778 sssd.conf.5.xml:1186 sssd.conf.5.xml:2641 sssd.8.xml:79
+#: sssd.conf.5.xml:802 sssd.conf.5.xml:1210 sssd.conf.5.xml:2815 sssd.8.xml:79
 msgid "Default: 0"
 msgstr "初期値: 0"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:807
 msgid "filter_users, filter_groups (string)"
 msgstr "filter_users, filter_groups (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:786
-#, fuzzy
-#| msgid ""
-#| "Exclude certain users from being fetched from the sss NSS database. This "
-#| "is particularly useful for system accounts. This option can also be set "
-#| "per-domain or include fully-qualified names to filter only users from the "
-#| "particular domain."
+#: sssd.conf.5.xml:810
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
 "also be set per-domain or include fully-qualified names to filter only users "
 "from the particular domain."
 msgstr ""
-"sss NSS データベースから取り出されたものから特定のユーザーを除外します。これ"
-"はとくにシステムアカウントに対して有効です。このオプションはドメインごとに設"
-"定できます。または特定のドメインからユーザーのみをフィルターするために完全修"
-"飾名を含めることができます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:817
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1203,17 +1183,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:801
+#: sssd.conf.5.xml:825
 msgid "Default: root"
 msgstr "初期値: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:830
 msgid "filter_users_in_groups (bool)"
 msgstr "filter_users_in_groups (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:833
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
@@ -1221,12 +1201,12 @@ msgstr ""
 "ションを偽に設定します。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:820
+#: sssd.conf.5.xml:844
 msgid "fallback_homedir (string)"
 msgstr "fallback_homedir (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:847
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
@@ -1235,7 +1215,7 @@ msgstr ""
 "ホームディレクトリーの標準テンプレートを設定します。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:852
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
@@ -1243,7 +1223,7 @@ msgstr ""
 "同じです。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:834
+#: sssd.conf.5.xml:858
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1253,23 +1233,23 @@ msgstr ""
 "                            "
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1265 sssd.conf.5.xml:1284
+#: sssd.conf.5.xml:856 sssd.conf.5.xml:1289 sssd.conf.5.xml:1308
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "例: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:862
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr "初期値: 設定なし (ホームディレクトリーの設定がない場合は代替なし)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:868
 msgid "override_shell (string)"
 msgstr "override_shell (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:871
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1277,17 +1257,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:877
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr "初期値: 設定なし (SSSD は LDAP から取得された値を使用します)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:883
 msgid "allowed_shells (string)"
 msgstr "allowed_shells (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:886
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
@@ -1295,13 +1275,13 @@ msgstr ""
 "す:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:889
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 "1. シェルが <quote>/etc/shells</quote> に存在すると、それが使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:869
+#: sssd.conf.5.xml:893
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
@@ -1310,7 +1290,7 @@ msgstr ""
 "ば、shell_fallback パラメーターの値を使用します。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:898
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
@@ -1319,12 +1299,12 @@ msgstr ""
 "ば、nologin シェルが使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:879
+#: sssd.conf.5.xml:903
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:906
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1332,12 +1312,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:913
 msgid "An empty string for shell is passed as-is to libc."
 msgstr "シェルの空文字列は libc にそのまま渡されます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:892
+#: sssd.conf.5.xml:916
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
@@ -1347,27 +1327,27 @@ msgstr ""
 "ます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:920
 msgid "Default: Not set. The user shell is automatically used."
 msgstr "初期値: 設定されません。ユーザーシェルが自動的に使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:925
 msgid "vetoed_shells (string)"
 msgstr "vetoed_shells (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:904
+#: sssd.conf.5.xml:928
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr "これらのシェルのインスタンスをすべて shell_fallback に置き換えます"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:909
+#: sssd.conf.5.xml:933
 msgid "shell_fallback (string)"
 msgstr "shell_fallback (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:936
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
@@ -1375,67 +1355,67 @@ msgstr ""
 "す。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:940
 msgid "Default: /bin/sh"
 msgstr "初期値: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:945
 msgid "default_shell"
 msgstr "default_shell"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:948
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:954
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:937 sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:961 sssd.conf.5.xml:1215
 msgid "get_domains_timeout (int)"
 msgstr "get_domains_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1218
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:973
 msgid "memcache_timeout (int)"
 msgstr "memcache_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:952
+#: sssd.conf.5.xml:976
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:983
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:967 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:991 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:994
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1446,50 +1426,48 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1007
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1012
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:993
-#, fuzzy
-#| msgid "skel_dir (string)"
+#: sssd.conf.5.xml:1017
 msgid "pwfield (string)"
-msgstr "skel_dir (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:996
+#: sssd.conf.5.xml:1020
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1025 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr "このオプションはドメインごとに設定できます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1004
+#: sssd.conf.5.xml:1028
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1012
+#: sssd.conf.5.xml:1036
 msgid "PAM configuration options"
 msgstr "PAM 設定オプション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1038
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
@@ -1498,12 +1476,12 @@ msgstr ""
 "ために使用できます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1043
 msgid "offline_credentials_expiration (integer)"
 msgstr "offline_credentials_expiration (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1022
+#: sssd.conf.5.xml:1046
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
@@ -1512,17 +1490,17 @@ msgstr ""
 "ラインログインの最終成功からの日数）です。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027 sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1051 sssd.conf.5.xml:1064
 msgid "Default: 0 (No limit)"
 msgstr "初期値: 0 (無制限)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1057
 msgid "offline_failed_login_attempts (integer)"
 msgstr "offline_failed_login_attempts (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1060
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
@@ -1530,12 +1508,12 @@ msgstr ""
 "認証プロバイダーがオフラインの場合、ログイン試行の失敗が許容される回数です。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1070
 msgid "offline_failed_login_delay (integer)"
 msgstr "offline_failed_login_delay (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1073
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
@@ -1544,7 +1522,7 @@ msgstr ""
 "渡される分単位の時間です。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1078
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1555,17 +1533,17 @@ msgstr ""
 "効にできます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1084 sssd.conf.5.xml:1182
 msgid "Default: 5"
 msgstr "初期値: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1090
 msgid "pam_verbosity (integer)"
 msgstr "pam_verbosity (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1093
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
@@ -1574,113 +1552,105 @@ msgstr ""
 "きいほどメッセージが表示されます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1098
 msgid "Currently sssd supports the following values:"
 msgstr "現在 sssd は以下の値をサポートします:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1101
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr "<emphasis>0</emphasis>: 何もメッセージを表示しない"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1104
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr "<emphasis>1</emphasis>: 重要なメッセージのみを表示する"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1108
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr "<emphasis>2</emphasis>: 情報レベルのメッセージを表示する"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1111
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr "<emphasis>3</emphasis>: すべてのメッセージとデバッグ情報を表示する"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.8.xml:63
+#: sssd.conf.5.xml:1115 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "初期値: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
-#, fuzzy
-#| msgid "pam_verbosity (integer)"
+#: sssd.conf.5.xml:1121
 msgid "pam_response_filter (integer)"
-msgstr "pam_verbosity (整数)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1124
 msgid ""
-"A comma separated list of strings which allows to remove (filter) data send "
+"A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
-"responses send to pam_sss e.g. messages displayed to the user or environment "
+"responses sent to pam_sss e.g. messages displayed to the user or environment "
 "variables which should be set by pam_sss."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1132
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1139
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1116
-msgid "Do not sent any environment variables to any service."
+#: sssd.conf.5.xml:1140
+msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1143
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
-msgid "Do not sent environment variable var_name to any service."
+#: sssd.conf.5.xml:1144
+msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1148
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1125
-msgid "Do not sent environment variable var_name to service."
+#: sssd.conf.5.xml:1149
+msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
-#, fuzzy
-#| msgid ""
-#| "The following expansions are supported: <placeholder type=\"variablelist"
-#| "\" id=\"0\"/>"
+#: sssd.conf.5.xml:1137
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
-"以下の拡張モジュールがサポートされます: <placeholder type=\"variablelist\" "
-"id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1159
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1165
 msgid "pam_id_timeout (integer)"
 msgstr "pam_id_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1168
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1690,7 +1660,7 @@ msgstr ""
 "されるよう、SSSD は直ちにキャッシュされた識別情報を更新しようとします。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1174
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1703,17 +1673,17 @@ msgstr ""
 "アプリケーションごとに）制御します。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1188
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr "pam_pwd_expiration_warning (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1167 sssd.conf.5.xml:1866
+#: sssd.conf.5.xml:1191 sssd.conf.5.xml:2010
 msgid "Display a warning N days before the password expires."
 msgstr "パスワードの期限が切れる前に N 日間警告を表示します。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1194
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1723,26 +1693,26 @@ msgstr ""
 "ことに注意してください。この情報がなければ、sssd は警告を表示します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1869
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2013
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1205
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1227
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1206
+#: sssd.conf.5.xml:1230
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1752,74 +1722,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1240
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1220
+#: sssd.conf.5.xml:1244
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1251
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1254
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1258
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1238
+#: sssd.conf.5.xml:1262
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1242
+#: sssd.conf.5.xml:1266
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1246 sssd.conf.5.xml:1271 sssd.conf.5.xml:1290
-#: sssd.conf.5.xml:1663 sssd.conf.5.xml:2577 sssd-ldap.5.xml:1823
+#: sssd.conf.5.xml:1270 sssd.conf.5.xml:1295 sssd.conf.5.xml:1314
+#: sssd.conf.5.xml:1807 sssd.conf.5.xml:2751 sssd-ldap.5.xml:1850
 msgid "Default: none"
 msgstr "初期値: none"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1275
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1254
+#: sssd.conf.5.xml:1278
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1283
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:1291
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1827,21 +1797,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1276
-#, fuzzy
-#| msgid "ldap_ns_account_lock (string)"
+#: sssd.conf.5.xml:1300
 msgid "pam_account_locked_message (string)"
-msgstr "ldap_ns_account_lock (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1303
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1310
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1849,14 +1817,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
-#, fuzzy
-#| msgid "enumerate (bool)"
+#: sssd.conf.5.xml:1319
 msgid "pam_cert_auth (bool)"
-msgstr "enumerate (論理値)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1322
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1864,64 +1830,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1304 sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1078
-#: sssd-ldap.5.xml:1369 sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1896
+#: sssd.conf.5.xml:1328 sssd-ldap.5.xml:1078 sssd-ldap.5.xml:1105
+#: sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1417 sssd-ldap.5.xml:1923
 #: include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr "初期値: 偽"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1309
-#, fuzzy
-#| msgid "ipa_hbac_search_base (string)"
+#: sssd.conf.5.xml:1333
 msgid "pam_cert_db_path (string)"
-msgstr "ipa_hbac_search_base (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1312
+#: sssd.conf.5.xml:1336
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1340
 msgid "Default: /etc/pki/nssdb (NSS version)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
-#, fuzzy
-#| msgid "pam_id_timeout (integer)"
+#: sssd.conf.5.xml:1345
 msgid "p11_child_timeout (integer)"
-msgstr "pam_id_timeout (整数)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1348
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
-#, fuzzy
-#| msgid "ldap_service_name (string)"
+#: sssd.conf.5.xml:1357
 msgid "pam_app_services (string)"
-msgstr "ldap_service_name (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1360
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1349
+#: sssd.conf.5.xml:1373
 msgid "SUDO configuration options"
 msgstr "SUDO 設定オプション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1351
+#: sssd.conf.5.xml:1375
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1932,12 +1892,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1392
 msgid "sudo_timed (bool)"
 msgstr "sudo_timed (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1371
+#: sssd.conf.5.xml:1395
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
@@ -1945,23 +1905,40 @@ msgstr ""
 "時間依存の sudoers エントリーを実装する sudoNotBefore と sudoNotAfter の属性"
 "を評価するかしないかです。"
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1407
+#, fuzzy
+#| msgid "ldap_deref_threshold (integer)"
+msgid "sudo_threshold (integer)"
+msgstr "ldap_deref_threshold (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1410
+msgid ""
+"Maximum number of expired rules that can be refreshed at once. If number of "
+"expired rules is below threshold, those rules are refreshed with "
+"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
+"<quote>full refresh</quote> of sudo rules is triggered instead. This "
+"threshold number also applies to IPA sudo command and command group searches."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1429
 msgid "AUTOFS configuration options"
 msgstr "Autofs 設定オプション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1431
 msgid "These options can be used to configure the autofs service."
 msgstr "これらのオプションが autofs サービスを設定するために使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1390
+#: sssd.conf.5.xml:1435
 msgid "autofs_negative_timeout (integer)"
 msgstr "autofs_negative_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1393
+#: sssd.conf.5.xml:1438
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1972,72 +1949,68 @@ msgstr ""
 "ヒットする秒数を指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1409
+#: sssd.conf.5.xml:1454
 msgid "SSH configuration options"
 msgstr "SSH 設定オプション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1411
+#: sssd.conf.5.xml:1456
 msgid "These options can be used to configure the SSH service."
 msgstr "これらのオプションは SSH サービスを設定するために使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1415
+#: sssd.conf.5.xml:1460
 msgid "ssh_hash_known_hosts (bool)"
 msgstr "ssh_hash_known_hosts (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1463
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1427
+#: sssd.conf.5.xml:1472
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr "ssh_known_hosts_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430
+#: sssd.conf.5.xml:1475
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1434
+#: sssd.conf.5.xml:1479
 msgid "Default: 180"
 msgstr "初期値: 180"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1439
-#, fuzzy
-#| msgid "mail_dir (string)"
+#: sssd.conf.5.xml:1484
 msgid "ca_db (string)"
-msgstr "mail_dir (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1487
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1447
-#, fuzzy
-#| msgid "Default: /etc/krb5.keytab"
+#: sssd.conf.5.xml:1492
 msgid "Default: /etc/pki/nssdb"
-msgstr "初期値: /etc/krb5.keytab"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1455
+#: sssd.conf.5.xml:1500
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1457
+#: sssd.conf.5.xml:1502
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2048,7 +2021,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1466
+#: sssd.conf.5.xml:1511
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2059,24 +2032,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1519
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1525
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1484 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1529 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr "allowed_uids (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1487
+#: sssd.conf.5.xml:1532
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -2084,12 +2057,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1538
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1497
+#: sssd.conf.5.xml:1542
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -2098,33 +2071,183 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
-#, fuzzy
-#| msgid "pam_id_timeout (integer)"
+#: sssd.conf.5.xml:1551
 msgid "pac_lifetime (integer)"
-msgstr "pam_id_timeout (整数)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1554
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1567
+#, fuzzy
+#| msgid "General service configuration options"
+msgid "Session recording configuration options"
+msgstr "サービス設定の全体オプション"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1569
+#, fuzzy
+#| msgid ""
+#| "This manual page describes the configuration of the IPA provider for "
+#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
+#| "manvolnum> </citerefentry>.  For a detailed syntax reference, refer to "
+#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
+#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> manual page."
+msgid ""
+"Session recording works in conjunction with <citerefentry> "
+"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>, a part of tlog package, to log what users see and type when "
+"they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
+"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+"このマニュアルページは <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> に対する IPA プロバイダーの設定を説"
+"明しています。詳細な構文の参考資料は <citerefentry> <refentrytitle>sssd."
+"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルペー"
+"ジの <quote>ファイル形式</quote> を参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1582
+#, fuzzy
+#| msgid "These options can be used to configure any service."
+msgid "These options can be used to configure session recording."
+msgstr "これらのオプションはすべてのサービスを設定するために使用できます。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1586 sssd-session-recording.5.xml:64
+#, fuzzy
+#| msgid "sudo_provider (string)"
+msgid "scope (string)"
+msgstr "sudo_provider (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:71
+msgid "\"none\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:74
+msgid "No users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1601 sssd-session-recording.5.xml:79
+msgid "\"some\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1604 sssd-session-recording.5.xml:82
+#, fuzzy
+#| msgid ""
+#| "Append this user to groups specified by the <replaceable>GROUPS</"
+#| "replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter "
+#| "is a comma separated list of group names."
+msgid ""
+"Users/groups specified by <replaceable>users</replaceable> and "
+"<replaceable>groups</replaceable> options are recorded."
+msgstr ""
+"このユーザーを <replaceable>GROUPS</replaceable> パラメーターにより指定された"
+"グループに追加します。 <replaceable>GROUPS</replaceable> パラメーターはグルー"
+"プ名のカンマ区切り一覧です。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1613 sssd-session-recording.5.xml:91
+msgid "\"all\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1616 sssd-session-recording.5.xml:94
+msgid "All users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1589 sssd-session-recording.5.xml:67
+#, fuzzy
+#| msgid ""
+#| "The following expansions are supported: <placeholder type=\"variablelist"
+#| "\" id=\"0\"/>"
+msgid ""
+"One of the following strings specifying the scope of session recording: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+"以下の拡張モジュールがサポートされます: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:101
+#, fuzzy
+#| msgid "Default: none"
+msgid "Default: \"none\""
+msgstr "初期値: none"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1628 sssd-session-recording.5.xml:106
+#, fuzzy
+#| msgid "skel_dir (string)"
+msgid "users (string)"
+msgstr "skel_dir (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1631 sssd-session-recording.5.xml:109
+msgid ""
+"A comma-separated list of users which should have session recording enabled. "
+"Matches user names as returned by NSS. I.e. after the possible space "
+"replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1637 sssd-session-recording.5.xml:115
+#, fuzzy
+#| msgid "Default: empty, i.e. ldap_uri is used."
+msgid "Default: Empty. Matches no users."
+msgstr "初期値: 空、つまり ldap_uri が使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1642 sssd-session-recording.5.xml:120
+#, fuzzy
+#| msgid "ldap_group_name (string)"
+msgid "groups (string)"
+msgstr "ldap_group_name (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1645 sssd-session-recording.5.xml:123
+msgid ""
+"A comma-separated list of groups, members of which should have session "
+"recording enabled. Matches group names as returned by NSS. I.e. after the "
+"possible space replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1651 sssd-session-recording.5.xml:129
+msgid ""
+"NOTE: using this option (having it set to anything) has a considerable "
+"performance cost, because each uncached request for a user requires "
+"retrieving and matching the groups the user is member of."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:136
+msgid "Default: Empty. Matches no groups."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1668
 msgid "DOMAIN SECTIONS"
 msgstr "ドメインセクション"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1531
-#, fuzzy
-#| msgid "ad_domain (string)"
+#: sssd.conf.5.xml:1675
 msgid "domain_type (string)"
-msgstr "ad_domain (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1534
+#: sssd.conf.5.xml:1678
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -2133,57 +2256,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1542
+#: sssd.conf.5.xml:1686
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546
-#, fuzzy
-#| msgid ""
-#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page for more details."
+#: sssd.conf.5.xml:1690
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
 "<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>) and the PAM responder."
 msgstr ""
-"詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> マニュアルページにある "
-"<quote>dns_discovery_domain</quote> パラメーターを参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1698
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1702
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1562
-#, fuzzy
-#| msgid "Default: posixGroup"
+#: sssd.conf.5.xml:1706
 msgid "Default: posix"
-msgstr "初期値: posixGroup"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1568
+#: sssd.conf.5.xml:1712
 msgid "min_id,max_id (integer)"
 msgstr "min_id,max_id (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1715
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
@@ -2192,7 +2305,7 @@ msgstr ""
 "トリーを含む場合、それは無視されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1720
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2204,24 +2317,24 @@ msgstr ""
 "バーに対して、範囲内にあるものは予期されたものとして報告されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1727
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1731
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr "初期値: min_id は 1, max_id は 0 (無制限)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1737
 msgid "enumerate (bool)"
 msgstr "enumerate (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596
+#: sssd.conf.5.xml:1740
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
@@ -2230,22 +2343,22 @@ msgstr ""
 "必要があります:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1744
 msgid "TRUE = Users and groups are enumerated"
 msgstr "TRUE = ユーザーとグループが列挙されます"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603
+#: sssd.conf.5.xml:1747
 msgid "FALSE = No enumerations for this domain"
 msgstr "FALSE = このドメインに対して列挙しません"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1821 sssd.conf.5.xml:1988
+#: sssd.conf.5.xml:1750 sssd.conf.5.xml:1965 sssd.conf.5.xml:2132
 msgid "Default: FALSE"
 msgstr "初期値: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1609
+#: sssd.conf.5.xml:1753
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2257,7 +2370,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1766
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
@@ -2266,7 +2379,7 @@ msgstr ""
 "れが完了するまで結果を返しません。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1771
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2279,39 +2392,39 @@ msgstr ""
 "てください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:1779
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1643
+#: sssd.conf.5.xml:1787
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1650
+#: sssd.conf.5.xml:1794
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1651
+#: sssd.conf.5.xml:1795
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1798
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1799
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1790
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2320,12 +2433,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1813
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672
+#: sssd.conf.5.xml:1816
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
@@ -2334,7 +2447,7 @@ msgstr ""
 "数です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1820
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2345,17 +2458,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1689
+#: sssd.conf.5.xml:1833
 msgid "Default: 5400"
 msgstr "初期値: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1695
+#: sssd.conf.5.xml:1839
 msgid "entry_cache_user_timeout (integer)"
 msgstr "entry_cache_user_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1698
+#: sssd.conf.5.xml:1842
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
@@ -2364,19 +2477,19 @@ msgstr ""
 "考える秒数です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1702 sssd.conf.5.xml:1715 sssd.conf.5.xml:1728
-#: sssd.conf.5.xml:1741 sssd.conf.5.xml:1754 sssd.conf.5.xml:1768
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1846 sssd.conf.5.xml:1859 sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1885 sssd.conf.5.xml:1898 sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1926
 msgid "Default: entry_cache_timeout"
 msgstr "初期値: entry_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1708
+#: sssd.conf.5.xml:1852
 msgid "entry_cache_group_timeout (integer)"
 msgstr "entry_cache_group_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1711
+#: sssd.conf.5.xml:1855
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
@@ -2385,12 +2498,12 @@ msgstr ""
 "考える秒数です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1721
+#: sssd.conf.5.xml:1865
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr "entry_cache_netgroup_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1868
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
@@ -2399,12 +2512,12 @@ msgstr ""
 "有効であると考える秒数です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1878
 msgid "entry_cache_service_timeout (integer)"
 msgstr "entry_cache_service_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1881
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
@@ -2413,94 +2526,94 @@ msgstr ""
 "考える秒数です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1891
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr "entry_cache_sudo_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1750
+#: sssd.conf.5.xml:1894
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1760
+#: sssd.conf.5.xml:1904
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr "entry_cache_autofs_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1763
+#: sssd.conf.5.xml:1907
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1774
+#: sssd.conf.5.xml:1918
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1921
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1932
 msgid "refresh_expired_interval (integer)"
 msgstr "refresh_expired_interval (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1791
+#: sssd.conf.5.xml:1935
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1796
+#: sssd.conf.5.xml:1940
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1944
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1804 sssd-ldap.5.xml:746 sssd-ipa.5.xml:247
+#: sssd.conf.5.xml:1948 sssd-ldap.5.xml:746 sssd-ipa.5.xml:248
 msgid "Default: 0 (disabled)"
 msgstr "初期値: 0 (無効)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1810
+#: sssd.conf.5.xml:1954
 msgid "cache_credentials (bool)"
 msgstr "cache_credentials (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1957
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 "ユーザーのクレディンシャルがローカル LDB キャッシュにキャッシュされるかどうか"
 "を決めます"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1961
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 "ユーザーのクレディンシャルが、平文ではなく SHA512 ハッシュで保存されます"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1827
+#: sssd.conf.5.xml:1971
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1830
+#: sssd.conf.5.xml:1974
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2508,24 +2621,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1981
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1986
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1992
 msgid "account_cache_expiration (integer)"
 msgstr "account_cache_expiration (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1995
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2537,17 +2650,17 @@ msgstr ""
 "offline_credentials_expiration と同等以上でなければいけません。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1858
+#: sssd.conf.5.xml:2002
 msgid "Default: 0 (unlimited)"
 msgstr "初期値: 0 (無制限)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:2007
 msgid "pwd_expiration_warning (integer)"
 msgstr "pwd_expiration_warning (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1874
+#: sssd.conf.5.xml:2018
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2556,17 +2669,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1881
+#: sssd.conf.5.xml:2025
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr "初期値: 7 (Kerberos), 0 (LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:2031
 msgid "id_provider (string)"
 msgstr "id_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2034
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
@@ -2574,17 +2687,17 @@ msgstr ""
 "ダーは次のとおりです:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1894
+#: sssd.conf.5.xml:2038
 msgid "<quote>proxy</quote>: Support a legacy NSS provider"
 msgstr "<quote>proxy</quote>: レガシーな NSS プロバイダーのサポート"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897 sssd.conf.5.xml:2034
+#: sssd.conf.5.xml:2041 sssd.conf.5.xml:2178
 msgid "<quote>local</quote>: SSSD internal provider for local users"
 msgstr "<quote>local</quote>: ローカルユーザー向け SSSD 内部プロバイダー"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:2045
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2595,8 +2708,8 @@ msgstr ""
 "manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1909 sssd.conf.5.xml:2014 sssd.conf.5.xml:2069
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2053 sssd.conf.5.xml:2158 sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2609,8 +2722,8 @@ msgstr ""
 "い。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1918 sssd.conf.5.xml:2023 sssd.conf.5.xml:2078
-#: sssd.conf.5.xml:2141
+#: sssd.conf.5.xml:2062 sssd.conf.5.xml:2167 sssd.conf.5.xml:2222
+#: sssd.conf.5.xml:2285
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2621,12 +2734,12 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2073
 msgid "use_fully_qualified_names (bool)"
 msgstr "use_fully_qualified_names (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:2076
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
@@ -2635,7 +2748,7 @@ msgstr ""
 "名形式により整形されたように) を使用します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2081
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2648,7 +2761,7 @@ msgstr ""
 "んが、<command>getent passwd test@LOCAL</command> は見つけられます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1945
+#: sssd.conf.5.xml:2089
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2656,22 +2769,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1952
+#: sssd.conf.5.xml:2096
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2102
 msgid "ignore_group_members (bool)"
 msgstr "ignore_group_members (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1961
+#: sssd.conf.5.xml:2105
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2108
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2683,7 +2796,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1982
+#: sssd.conf.5.xml:2126
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2691,12 +2804,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1993
+#: sssd.conf.5.xml:2137
 msgid "auth_provider (string)"
 msgstr "auth_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1996
+#: sssd.conf.5.xml:2140
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
@@ -2705,7 +2818,7 @@ msgstr ""
 "ダーは次のとおりです:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000 sssd.conf.5.xml:2062
+#: sssd.conf.5.xml:2144 sssd.conf.5.xml:2206
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2716,7 +2829,7 @@ msgstr ""
 "manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2007
+#: sssd.conf.5.xml:2151
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2727,19 +2840,19 @@ msgstr ""
 "manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2175
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 "<quote>proxy</quote> はいくつかの他の PAM ターゲットに認証を中継します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2182
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr "<quote>none</quote> は明示的に認証を無効化します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2041
+#: sssd.conf.5.xml:2185
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
@@ -2748,12 +2861,12 @@ msgstr ""
 "ならば、それが使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2191
 msgid "access_provider (string)"
 msgstr "access_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2194
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2764,7 +2877,7 @@ msgstr ""
 "えます）。内部の特別プロバイダーは次のとおりです:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
+#: sssd.conf.5.xml:2200
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
@@ -2773,12 +2886,12 @@ msgstr ""
 "ロバイダーのみアクセスが許可されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059
+#: sssd.conf.5.xml:2203
 msgid "<quote>deny</quote> always deny access."
 msgstr "<quote>deny</quote> は常にアクセスを拒否します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2086
+#: sssd.conf.5.xml:2230
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2791,44 +2904,30 @@ msgstr ""
 "citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2093
-#, fuzzy
-#| msgid ""
-#| "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> for more information on configuring Kerberos."
+#: sssd.conf.5.xml:2237
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
 "citerefentry> for more information on configuring Kerberos."
 msgstr ""
-"<quote>krb5</quote> は Kerberos 認証向けです。Kerberos の設定に関する詳細は "
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2100
-#, fuzzy
-#| msgid ""
-#| "<quote>proxy</quote> for relaying password changes to some other PAM "
-#| "target."
+#: sssd.conf.5.xml:2244
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
-"<quote>proxy</quote> はいくつかの他の PAM ターゲットにパスワードの変更を中継"
-"します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2247
 msgid "Default: <quote>permit</quote>"
 msgstr "初期値: <quote>permit</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2108
+#: sssd.conf.5.xml:2252
 msgid "chpass_provider (string)"
 msgstr "chpass_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2111
+#: sssd.conf.5.xml:2255
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
@@ -2837,23 +2936,15 @@ msgstr ""
 "パスワード変更プロバイダーは次のとおりです:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2116
-#, fuzzy
-#| msgid ""
-#| "<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-#| "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> for more information on configuring LDAP."
+#: sssd.conf.5.xml:2260
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry> for more information on configuring LDAP."
 msgstr ""
-"<quote>ldap</quote> は LDAP サーバーに保存されているパスワードを変更します。 "
-"LDAP の設定に関する詳細は <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2124
+#: sssd.conf.5.xml:2268
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2864,7 +2955,7 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2149
+#: sssd.conf.5.xml:2293
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
@@ -2872,12 +2963,12 @@ msgstr ""
 "します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2153
+#: sssd.conf.5.xml:2297
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr "<quote>none</quote> は明示的にパスワードの変更を無効化します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2300
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
@@ -2886,19 +2977,19 @@ msgstr ""
 "うことができるならば、それが使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2163
+#: sssd.conf.5.xml:2307
 msgid "sudo_provider (string)"
 msgstr "sudo_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2166
+#: sssd.conf.5.xml:2310
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 "ドメインに使用される SUDO プロバイダーです。サポートされる SUDO プロバイダー"
 "は次のとおりです:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2314
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2909,33 +3000,33 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry> を参照します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2178
+#: sssd.conf.5.xml:2322
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2326
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2186
+#: sssd.conf.5.xml:2330
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr "<quote>none</quote> は SUDO を明示的に無効化します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189 sssd.conf.5.xml:2267 sssd.conf.5.xml:2308
-#: sssd.conf.5.xml:2333
+#: sssd.conf.5.xml:2333 sssd.conf.5.xml:2411 sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2501
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 "初期値: <quote>id_provider</quote> の値が設定されていると使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2337
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2946,12 +3037,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2210
+#: sssd.conf.5.xml:2354
 msgid "selinux_provider (string)"
 msgstr "selinux_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2357
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -2959,7 +3050,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2219
+#: sssd.conf.5.xml:2363
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2967,31 +3058,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2227
+#: sssd.conf.5.xml:2371
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2230
+#: sssd.conf.5.xml:2374
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2380
 msgid "subdomains_provider (string)"
 msgstr "subdomains_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2383
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2245
+#: sssd.conf.5.xml:2389
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2999,7 +3090,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2254
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -3008,17 +3099,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2263
+#: sssd.conf.5.xml:2407
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr "<quote>none</quote> はサブドメインの取り出しを明示的に無効化します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2417
+#, fuzzy
+#| msgid "selinux_provider (string)"
+msgid "session_provider (string)"
+msgstr "selinux_provider (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2420
+msgid ""
+"The provider which configures and manages user session related tasks. The "
+"only user session task currently provided is the integration with Fleet "
+"Commander, which works only with IPA.  Supported session providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2427
+msgid "<quote>ipa</quote> to allow performing user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2431
+msgid ""
+"<quote>none</quote> does not perform any kind of user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2435
+#, fuzzy
+#| msgid ""
+#| "Default: <quote>id_provider</quote> is used if it is set and can handle "
+#| "authentication requests."
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can perform "
+"session related tasks."
+msgstr ""
+"初期値: <quote>id_provider</quote> が設定され、認証要求を取り扱うことができる"
+"ならば、それが使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2442
 msgid "autofs_provider (string)"
 msgstr "autofs_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2445
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
@@ -3026,7 +3156,7 @@ msgstr ""
 "プロバイダーは次のとおりです:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2449
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3037,7 +3167,7 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2288
+#: sssd.conf.5.xml:2456
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3048,33 +3178,25 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2296
-#, fuzzy
-#| msgid ""
-#| "<quote>ipa</quote> to load maps stored in an IPA server. See "
-#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> for more information on configuring IPA."
+#: sssd.conf.5.xml:2464
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry> for more information on configuring the AD provider."
 msgstr ""
-"<quote>ipa</quote> は IPA サーバーに保存されているマップを読み込みます。IPA "
-"の設定に関する詳細は <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2305
+#: sssd.conf.5.xml:2473
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr "<quote>none</quote> は明示的に autofs を無効にします。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2483
 msgid "hostid_provider (string)"
 msgstr "hostid_provider (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2486
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
@@ -3083,7 +3205,7 @@ msgstr ""
 "hostid プロバイダーは次のとおりです:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2322
+#: sssd.conf.5.xml:2490
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3094,12 +3216,12 @@ msgstr ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2330
+#: sssd.conf.5.xml:2498
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr "<quote>none</quote> は明示的に hostid を無効にします。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2343
+#: sssd.conf.5.xml:2511
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -3109,7 +3231,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2520
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -3118,29 +3240,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2525
 msgid "username"
 msgstr "username"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2528
 msgid "username@domain.name"
 msgstr "username@domain.name"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2363
+#: sssd.conf.5.xml:2531
 msgid "domain\\username"
 msgstr "domain\\username"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2366
+#: sssd.conf.5.xml:2534
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2371
+#: sssd.conf.5.xml:2539
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -3151,7 +3273,7 @@ msgstr ""
 "everything after that\" に解釈されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2377
+#: sssd.conf.5.xml:2545
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -3159,7 +3281,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2384
+#: sssd.conf.5.xml:2552
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
@@ -3168,17 +3290,17 @@ msgstr ""
 "Python 構文 (?P&lt;name&gt;) のみをサポートします。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2431
+#: sssd.conf.5.xml:2599
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "初期値: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2437
+#: sssd.conf.5.xml:2605
 msgid "lookup_family_order (string)"
 msgstr "lookup_family_order (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2440
+#: sssd.conf.5.xml:2608
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
@@ -3187,68 +3309,81 @@ msgstr ""
 "します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2444
+#: sssd.conf.5.xml:2612
 msgid "Supported values:"
 msgstr "サポートする値:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2447
+#: sssd.conf.5.xml:2615
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 "ipv4_first: IPv4 アドレスの検索を試行します。失敗すると IPv6 を試行します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2450
+#: sssd.conf.5.xml:2618
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 "ipv4_only: ホスト名を IPv4 アドレスに名前解決することのみを試行します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2621
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 "ipv6_first: IPv6 アドレスの検索を試行します。失敗すると IPv4 を試行します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2456
+#: sssd.conf.5.xml:2624
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 "ipv6_only: ホスト名を IPv6 アドレスに名前解決することのみを試行します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2459
+#: sssd.conf.5.xml:2627
 msgid "Default: ipv4_first"
 msgstr "初期値: ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2633
 msgid "dns_resolver_timeout (integer)"
 msgstr "dns_resolver_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2468
+#: sssd.conf.5.xml:2636
+#, fuzzy
+#| msgid ""
+#| "Defines the amount of time (in seconds) to wait for a reply from the DNS "
+#| "resolver before assuming that it is unreachable. If this timeout is "
+#| "reached, the domain will continue to operate in offline mode."
 msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
+"Defines the amount of time (in seconds) to wait for a reply from the "
+"internal fail over service before assuming that the service is unreachable. "
+"If this timeout is reached, the domain will continue to operate in offline "
+"mode."
 msgstr ""
 "DNS リゾルバーが到達不可能であると仮定するまでに、そこからの応答を待つ時間"
 "（秒単位）を定義します。このタイムアウトに達すると、ドメインはオフラインモー"
 "ドにて操作を継続します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2474 sssd-ldap.5.xml:1251 sssd-ldap.5.xml:1293
-#: sssd-ldap.5.xml:1311 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2643
+msgid ""
+"Please see the section <quote>FAILOVER</quote> for more information about "
+"the service resolution."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2648 sssd-ldap.5.xml:1278 sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1338 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr "初期値: 6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2654
 msgid "dns_discovery_domain (string)"
 msgstr "dns_discovery_domain (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2483
+#: sssd.conf.5.xml:2657
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
@@ -3257,52 +3392,52 @@ msgstr ""
 "イン部分を指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2661
 msgid "Default: Use the domain part of machine's hostname"
 msgstr "初期値: マシンのホスト名のドメイン部分を使用します"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2493
+#: sssd.conf.5.xml:2667
 msgid "override_gid (integer)"
 msgstr "override_gid (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2496
+#: sssd.conf.5.xml:2670
 msgid "Override the primary GID value with the one specified."
 msgstr "プライマリー GID の値を指定されたもので上書きします。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2502
+#: sssd.conf.5.xml:2676
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2510
+#: sssd.conf.5.xml:2684
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2513
+#: sssd.conf.5.xml:2687
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2519
+#: sssd.conf.5.xml:2693
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2695
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2525
+#: sssd.conf.5.xml:2699
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2528
+#: sssd.conf.5.xml:2702
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -3310,7 +3445,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2505
+#: sssd.conf.5.xml:2679
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -3318,17 +3453,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2540
+#: sssd.conf.5.xml:2714
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2546
+#: sssd.conf.5.xml:2720
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2549
+#: sssd.conf.5.xml:2723
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3336,34 +3471,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2729
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2558
+#: sssd.conf.5.xml:2732
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2561 sssd-ldap.5.xml:1084
+#: sssd.conf.5.xml:2735 sssd-ldap.5.xml:1111
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2564
+#: sssd.conf.5.xml:2738
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2567
+#: sssd.conf.5.xml:2741
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2573
+#: sssd.conf.5.xml:2747
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3371,34 +3506,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2571 sssd-secrets.5.xml:381
+#: sssd.conf.5.xml:2745 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2580
-#, fuzzy
-#| msgid "This option is not available in IPA provider."
+#: sssd.conf.5.xml:2754
 msgid "Note: This option only works with the IPA and AD provider."
-msgstr "このオプションは IPA プロバイダーにおいて利用可能ではありません。"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2587
+#: sssd.conf.5.xml:2761
 msgid "subdomain_homedir (string)"
 msgstr "subdomain_homedir (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2772
 msgid "%F"
 msgstr "%F"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2599
+#: sssd.conf.5.xml:2773
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr "サブドメインのフラット (NetBIOS) 名。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2764
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3408,37 +3541,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:2778
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 "値は <emphasis>override_homedir</emphasis> オプションにより上書きできます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:2782
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr "初期値: <filename>/home/%d/%u</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2613
+#: sssd.conf.5.xml:2787
 msgid "realmd_tags (string)"
 msgstr "realmd_tags (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2616
+#: sssd.conf.5.xml:2790
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2622
-#, fuzzy
-#| msgid "memcache_timeout (int)"
+#: sssd.conf.5.xml:2796
 msgid "cached_auth_timeout (int)"
-msgstr "memcache_timeout (整数)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2625
+#: sssd.conf.5.xml:2799
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3446,12 +3577,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2805
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2635
+#: sssd.conf.5.xml:2809
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3459,7 +3590,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1670
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3470,17 +3601,17 @@ msgstr ""
 "\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2653
+#: sssd.conf.5.xml:2827
 msgid "proxy_pam_target (string)"
 msgstr "proxy_pam_target (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2656
+#: sssd.conf.5.xml:2830
 msgid "The proxy target PAM proxies to."
 msgstr "中継するプロキシターゲット PAM です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2659
+#: sssd.conf.5.xml:2833
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
@@ -3489,12 +3620,12 @@ msgstr ""
 "をここに追加する必要があります。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2841
 msgid "proxy_lib_name (string)"
 msgstr "proxy_lib_name (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2670
+#: sssd.conf.5.xml:2844
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3505,12 +3636,12 @@ msgstr ""
 "_nss_files_getpwent です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2680
+#: sssd.conf.5.xml:2854
 msgid "proxy_fast_alias (boolean)"
 msgstr "proxy_fast_alias (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2683
+#: sssd.conf.5.xml:2857
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3519,14 +3650,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2697
-#, fuzzy
-#| msgid "min_id,max_id (integer)"
+#: sssd.conf.5.xml:2871
 msgid "proxy_max_children (integer)"
-msgstr "min_id,max_id (整数)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2700
+#: sssd.conf.5.xml:2874
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3534,7 +3663,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2823
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
@@ -3543,12 +3672,12 @@ msgstr ""
 "\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2890
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2892
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3565,7 +3694,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2738
+#: sssd.conf.5.xml:2912
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3573,21 +3702,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2744
-#, fuzzy
-#| msgid "Section parameters"
+#: sssd.conf.5.xml:2918
 msgid "Application domain parameters"
-msgstr "セクションのパラメーター"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2746
-#, fuzzy
-#| msgid "full_name_format (string)"
+#: sssd.conf.5.xml:2920
 msgid "inherit_from (string)"
-msgstr "full_name_format (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2749
+#: sssd.conf.5.xml:2923
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3596,18 +3721,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2937
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
-"through the NSS responder. In addition, the application domains also "
-"requests the telephoneNumber attribute, stores it as the phone attribute in "
-"the cache and makes the phone attribute reachable through the D-Bus "
-"interface."
+"through the NSS responder. In addition, the application domain also requests "
+"the telephoneNumber attribute, stores it as the phone attribute in the cache "
+"and makes the phone attribute reachable through the D-Bus interface."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:2771
+#: sssd.conf.5.xml:2945
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3627,12 +3751,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2963
 msgid "The local domain section"
 msgstr "ローカルドメインのセクション"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2791
+#: sssd.conf.5.xml:2965
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3643,27 +3767,27 @@ msgstr ""
 "メインに対する設定を含みます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2798
+#: sssd.conf.5.xml:2972
 msgid "default_shell (string)"
 msgstr "default_shell (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2975
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr "SSSD ユーザー空間ツールを用いて作成されたユーザーの初期シェルです。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2805
+#: sssd.conf.5.xml:2979
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr "初期値: <filename>/bin/bash</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2810
+#: sssd.conf.5.xml:2984
 msgid "base_directory (string)"
 msgstr "base_directory (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2987
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
@@ -3672,17 +3796,17 @@ msgstr ""
 "ホームディレクトリーとして使用します。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2992
 msgid "Default: <filename>/home</filename>"
 msgstr "初期値: <filename>/home</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2823
+#: sssd.conf.5.xml:2997
 msgid "create_homedir (bool)"
 msgstr "create_homedir (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:3000
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
@@ -3691,17 +3815,17 @@ msgstr ""
 "す。コマンドラインにおいて上書きできます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830 sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:3004 sssd.conf.5.xml:3016
 msgid "Default: TRUE"
 msgstr "初期値: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2835
+#: sssd.conf.5.xml:3009
 msgid "remove_homedir (bool)"
 msgstr "remove_homedir (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2838
+#: sssd.conf.5.xml:3012
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
@@ -3710,12 +3834,12 @@ msgstr ""
 "す。コマンドラインにおいて上書きできます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2847
+#: sssd.conf.5.xml:3021
 msgid "homedir_umask (integer)"
 msgstr "homedir_umask (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2850
+#: sssd.conf.5.xml:3024
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3726,17 +3850,17 @@ msgstr ""
 "manvolnum> </citerefentry> により使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2858
+#: sssd.conf.5.xml:3032
 msgid "Default: 077"
 msgstr "初期値: 077"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:3037
 msgid "skel_dir (string)"
 msgstr "skel_dir (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2866
+#: sssd.conf.5.xml:3040
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3749,17 +3873,17 @@ msgstr ""
 "を含む、スケルトンディレクトリーです。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2876
+#: sssd.conf.5.xml:3050
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr "初期値: <filename>/etc/skel</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2881
+#: sssd.conf.5.xml:3055
 msgid "mail_dir (string)"
 msgstr "mail_dir (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2884
+#: sssd.conf.5.xml:3058
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3770,17 +3894,17 @@ msgstr ""
 "が使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2891
+#: sssd.conf.5.xml:3065
 msgid "Default: <filename>/var/mail</filename>"
 msgstr "初期値: <filename>/var/mail</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:3070
 msgid "userdel_cmd (string)"
 msgstr "userdel_cmd (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2899
+#: sssd.conf.5.xml:3073
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3791,102 +3915,85 @@ msgstr ""
 "せん。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2905
+#: sssd.conf.5.xml:3079
 msgid "Default: None, no command is run"
 msgstr "初期値: なし、コマンドを実行しません"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2915
-#, fuzzy
-#| msgid "DOMAIN SECTIONS"
+#: sssd.conf.5.xml:3089
 msgid "TRUSTED DOMAIN SECTION"
-msgstr "ドメインセクション"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:3091
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
 "<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
-"replaceable>]</quote>.  Currently supported options in the trusted domain "
-"section are:"
+"replaceable>]</quote>.  Where DOMAIN_NAME is the actual joined-to base "
+"domain. Please refer to examples below for explanation.  Currently supported "
+"options in the trusted domain section are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2922
-#, fuzzy
-#| msgid "ldap_search_base (string)"
+#: sssd.conf.5.xml:3098
 msgid "ldap_search_base,"
-msgstr "ldap_search_base (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2923
-#, fuzzy
-#| msgid "ldap_user_search_base (string)"
+#: sssd.conf.5.xml:3099
 msgid "ldap_user_search_base,"
-msgstr "ldap_user_search_base (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2924
-#, fuzzy
-#| msgid "ldap_group_search_base (string)"
+#: sssd.conf.5.xml:3100
 msgid "ldap_group_search_base,"
-msgstr "ldap_group_search_base (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2925
-#, fuzzy
-#| msgid "ldap_netgroup_search_base (string)"
+#: sssd.conf.5.xml:3101
 msgid "ldap_netgroup_search_base,"
-msgstr "ldap_netgroup_search_base (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2926
-#, fuzzy
-#| msgid "ldap_service_search_base (string)"
+#: sssd.conf.5.xml:3102
 msgid "ldap_service_search_base,"
-msgstr "ldap_service_search_base (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2927
+#: sssd.conf.5.xml:3103
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2928
-#, fuzzy
-#| msgid "ad_server, ad_backup_server (string)"
+#: sssd.conf.5.xml:3104
 msgid "ad_backup_server,"
-msgstr "ad_server, ad_backup_server (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2929
+#: sssd.conf.5.xml:3105
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2930
-#, fuzzy
-#| msgid "use_fully_qualified_names (bool)"
+#: sssd.conf.5.xml:3106
 msgid "use_fully_qualified_names"
-msgstr "use_fully_qualified_names (論理値)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2932
+#: sssd.conf.5.xml:3108
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2938 sssd-ldap.5.xml:2662 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:673 sssd-ad.5.xml:1018 sssd-krb5.5.xml:570
-#: sss_rpcidmapd.5.xml:98 sssd-files.5.xml:71
-msgid "EXAMPLE"
-msgstr "例"
+#: sssd.conf.5.xml:3114 idmap_sss.8.xml:43
+msgid "EXAMPLES"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2944
+#: sssd.conf.5.xml:3120
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3940,9 +4047,15 @@ msgstr ""
 "enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2940
+#: sssd.conf.5.xml:3116
+#, fuzzy
+#| msgid ""
+#| "The following example shows a typical SSSD config. It does not describe "
+#| "configuration of the domains themselves - refer to documentation on "
+#| "configuring domains for more details.  <placeholder type=\"programlisting"
+#| "\" id=\"0\"/>"
 msgid ""
-"The following example shows a typical SSSD config. It does not describe "
+"1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 "id=\"0\"/>"
@@ -3951,6 +4064,25 @@ msgstr ""
 "ん - ドメインの設定に関する詳細はドキュメントを参照してください。  "
 "<placeholder type=\"programlisting\" id=\"0\"/>"
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:3153
+#, no-wrap
+msgid ""
+"[domain/ipa.com/child.ad.com]\n"
+"use_fully_qualified_names = false\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3147
+msgid ""
+"2. The following example shows configuration of IPA AD trust where the AD "
+"forest consists of two domains in a parent-child structure.  Suppose IPA "
+"domain (ipa.com) has trust with AD domain(ad.com).  ad.com has child domain "
+"(child.ad.com). To enable shortnames in the child domain the following "
+"configuration should be used.  <placeholder type=\"programlisting\" id=\"0\"/"
+">"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
 msgid "sssd-ldap"
@@ -4003,7 +4135,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:75 sssd-ad.5.xml:99
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
-#: sssd-secrets.5.xml:94 sssd-kcm.8.xml:141
+#: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
 msgstr "設定オプション"
 
@@ -4023,7 +4155,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:197
+#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:264
 msgid "The format of the URI must match the format defined in RFC 2732:"
 msgstr "URI の形式は RFC 2732 に決められている形式と一致しなければいけません:"
 
@@ -4316,16 +4448,14 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
 msgstr "ユーザーのプライマリーグループ ID に対応する LDAP の属性です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:893
+#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:920
 msgid "Default: gidNumber"
 msgstr "初期値: gidNumber"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:303
-#, fuzzy
-#| msgid "ldap_user_principal (string)"
 msgid "ldap_user_primary_group (string)"
-msgstr "ldap_user_principal (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:306
@@ -4396,7 +4526,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:919
+#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:946
 msgid ""
 "Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
 "IPA"
@@ -4417,7 +4547,7 @@ msgstr ""
 "ActiveDirectory サーバーに対してのみ必要です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:961
 msgid "Default: objectSid for ActiveDirectory, not set for other servers."
 msgstr ""
 
@@ -4427,14 +4557,14 @@ msgid "ldap_user_modify_timestamp (string)"
 msgstr "ldap_user_modify_timestamp (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:944 sssd-ldap.5.xml:1167
+#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:971 sssd-ldap.5.xml:1194
 msgid ""
 "The LDAP attribute that contains timestamp of the last modification of the "
 "parent object."
 msgstr "親オブジェクトの最終変更のタイムスタンプを含む LDAP 属性です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:948 sssd-ldap.5.xml:1174
+#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:975 sssd-ldap.5.xml:1201
 msgid "Default: modifyTimestamp"
 msgstr "初期値: modifyTimestamp"
 
@@ -4876,8 +5006,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
 msgstr "ユーザーの完全名に対応する LDAP 属性です。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1199
-#: sssd-ldap.5.xml:2240 sssd-ipa.5.xml:544
+#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1152 sssd-ldap.5.xml:1226
+#: sssd-ldap.5.xml:2276 sssd-ipa.5.xml:588
 msgid "Default: cn"
 msgstr "初期値: cn"
 
@@ -4974,112 +5104,159 @@ msgstr "初期値: host"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:833
-msgid "ldap_user_certificate (string)"
-msgstr ""
+#, fuzzy
+#| msgid "ldap_user_authorized_host (string)"
+msgid "ldap_user_authorized_rhost (string)"
+msgstr "ldap_user_authorized_host (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:836
-msgid "Name of the LDAP attribute containing the X509 certificate of the user."
+#, fuzzy
+#| msgid ""
+#| "If access_provider=ldap and ldap_access_order=host, SSSD will use the "
+#| "presence of the host attribute in the user's LDAP entry to determine "
+#| "access privilege."
+msgid ""
+"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
+"presence of the rhost attribute in the user's LDAP entry to determine access "
+"privilege. Similarly to host verification process."
 msgstr ""
+"access_provider=ldap かつ ldap_access_order=host ならば、 SSSD はアクセス権限"
+"を決めるために、ユーザーの LDAP エントリーにあるホスト属性の存在を使用しま"
+"す。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:840
-msgid "Default: no set in the general case, userCertificate;binary for IPA"
+#: sssd-ldap.5.xml:843
+#, fuzzy
+#| msgid ""
+#| "An explicit deny (!host) is resolved first. Second, SSSD searches for "
+#| "explicit allow (host) and finally for allow_all (*)."
+msgid ""
+"An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
+"explicit allow (rhost) and finally for allow_all (*)."
 msgstr ""
+"明示的な拒否 (!host) がまず解決されます。次に SSSD が明示的な許可 (host) を検"
+"索します。最後にすべて許可 (*) が検索されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:848
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>rhost</quote> in order for the "
+"ldap_user_authorized_rhost option to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:855
+#, fuzzy
+#| msgid "Default: host"
+msgid "Default: rhost"
+msgstr "初期値: host"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:847
+#: sssd-ldap.5.xml:861
+msgid "ldap_user_certificate (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "Name of the LDAP attribute containing the X509 certificate of the user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:868
 #, fuzzy
-#| msgid "ldap_user_shell (string)"
+#| msgid "Default: filter"
+msgid "Default: userCertificate;binary"
+msgstr "初期値: filter"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:874
 msgid "ldap_user_email (string)"
-msgstr "ldap_user_shell (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:850
-#, fuzzy
-#| msgid "The LDAP attribute that contains the names of the group's members."
+#: sssd-ldap.5.xml:877
 msgid "Name of the LDAP attribute containing the email address of the user."
-msgstr "グループのメンバーの名前を含む LDAP の属性です。"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-#, fuzzy
-#| msgid "Default: false"
+#: sssd-ldap.5.xml:881
 msgid "Default: mail"
-msgstr "初期値: false"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:860
+#: sssd-ldap.5.xml:887
 msgid "ldap_group_object_class (string)"
 msgstr "ldap_group_object_class (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:890
 msgid "The object class of a group entry in LDAP."
 msgstr "LDAP にあるグループエントリーのオブジェクトクラスです。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:893
 msgid "Default: posixGroup"
 msgstr "初期値: posixGroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:872
+#: sssd-ldap.5.xml:899
 msgid "ldap_group_name (string)"
 msgstr "ldap_group_name (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:875
+#: sssd-ldap.5.xml:902
 msgid "The LDAP attribute that corresponds to the group name."
 msgstr "グループ名に対応する LDAP 属性です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:879
+#: sssd-ldap.5.xml:906
 msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:886
+#: sssd-ldap.5.xml:913
 msgid "ldap_group_gid_number (string)"
 msgstr "ldap_group_gid_number (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:916
 msgid "The LDAP attribute that corresponds to the group's id."
 msgstr "グループの ID に対応する LDAP 属性です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:926
 msgid "ldap_group_member (string)"
 msgstr "ldap_group_member (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:902
+#: sssd-ldap.5.xml:929
 msgid "The LDAP attribute that contains the names of the group's members."
 msgstr "グループのメンバーの名前を含む LDAP の属性です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:933
 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
 msgstr "初期値: memberuid (rfc2307) / member (rfc2307bis)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:939
 msgid "ldap_group_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:942
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:953
 msgid "ldap_group_objectsid (string)"
 msgstr "ldap_group_objectsid (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:929
+#: sssd-ldap.5.xml:956
 msgid ""
 "The LDAP attribute that contains the objectSID of an LDAP group object. This "
 "is usually only necessary for ActiveDirectory servers."
@@ -5088,24 +5265,24 @@ msgstr ""
 "ActiveDirectory サーバーに対してのみ必要です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:968
 msgid "ldap_group_modify_timestamp (string)"
 msgstr "ldap_group_modify_timestamp (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:981
 msgid "ldap_group_type (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:957
+#: sssd-ldap.5.xml:984
 msgid ""
 "The LDAP attribute that contains an integer value indicating the type of the "
 "group and maybe other flags."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:962
+#: sssd-ldap.5.xml:989
 msgid ""
 "This attribute is currently only used by the AD provider to determine if a "
 "group is a domain local groups and has to be filtered out for trusted "
@@ -5113,36 +5290,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:968
+#: sssd-ldap.5.xml:995
 msgid "Default: groupType in the AD provider, otherwise not set"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:975
-#, fuzzy
-#| msgid "ldap_group_member (string)"
+#: sssd-ldap.5.xml:1002
 msgid "ldap_group_external_member (string)"
-msgstr "ldap_group_member (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:978
+#: sssd-ldap.5.xml:1005
 msgid ""
 "The LDAP attribute that references group members that are defined in an "
 "external domain. At the moment, only IPA's external members are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:1011
 msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1018
 msgid "ldap_group_nesting_level (integer)"
 msgstr "ldap_group_nesting_level (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1021
 msgid ""
 "If ldap_schema is set to a schema format that supports nested groups (e.g. "
 "RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -5153,7 +5328,7 @@ msgstr ""
 "のオプションは RFC2307 スキーマにおいて効果がありません。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
+#: sssd-ldap.5.xml:1028
 msgid ""
 "Note: This option specifies the guaranteed level of nested groups to be "
 "processed for any lookup. However, nested groups beyond this limit "
@@ -5163,7 +5338,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1037
 msgid ""
 "If ldap_group_nesting_level is set to 0 then no nested groups are processed "
 "at all. However, when connected to Active-Directory Server 2008 and later "
@@ -5173,17 +5348,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1046
 msgid "Default: 2"
 msgstr "初期値: 2"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1025
+#: sssd-ldap.5.xml:1052
 msgid "ldap_groups_use_matching_rule_in_chain"
 msgstr "ldap_groups_use_matching_rule_in_chain"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1028
+#: sssd-ldap.5.xml:1055
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which may speed up group lookup operations on deployments with "
@@ -5191,14 +5366,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1034
+#: sssd-ldap.5.xml:1061
 msgid ""
 "In most common cases, it is best to leave this option disabled. It generally "
 "only provides a performance increase on very complex nestings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039 sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1093
 msgid ""
 "If this option is enabled, SSSD will use it if it detects that the server "
 "supports it during initial connection. So \"True\" here essentially means "
@@ -5206,7 +5381,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1072
+#: sssd-ldap.5.xml:1072 sssd-ldap.5.xml:1099
 msgid ""
 "Note: This feature is currently known to work only with Active Directory "
 "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -5215,12 +5390,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1057
+#: sssd-ldap.5.xml:1084
 msgid "ldap_initgroups_use_matching_rule_in_chain"
 msgstr "ldap_initgroups_use_matching_rule_in_chain"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1087
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which might speed up initgroups operations (most notably when "
@@ -5228,81 +5403,81 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1114
 msgid ""
 "This options enables or disables use of Token-Groups attribute when "
 "performing initgroup for users from Active Directory Server 2008 and later."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1092
+#: sssd-ldap.5.xml:1119
 msgid "Default: True for AD and IPA otherwise False."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1125
 msgid "ldap_netgroup_object_class (string)"
 msgstr "ldap_netgroup_object_class (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1101
+#: sssd-ldap.5.xml:1128
 msgid "The object class of a netgroup entry in LDAP."
 msgstr "LDAP にあるネットワークグループエントリーのオブジェクトクラスです。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1104
+#: sssd-ldap.5.xml:1131
 msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
 msgstr ""
 "IPA プロバイダーにおいては ipa_netgroup_object_class が代わりに使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1108
+#: sssd-ldap.5.xml:1135
 msgid "Default: nisNetgroup"
 msgstr "初期値: nisNetgroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1114
+#: sssd-ldap.5.xml:1141
 msgid "ldap_netgroup_name (string)"
 msgstr "ldap_netgroup_name (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1117
+#: sssd-ldap.5.xml:1144
 msgid "The LDAP attribute that corresponds to the netgroup name."
 msgstr "ネットワークグループ名に対応する LDAP 属性です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1121
+#: sssd-ldap.5.xml:1148
 msgid "In IPA provider, ipa_netgroup_name should be used instead."
 msgstr "IPA プロバイダーにおいては ipa_netgroup_name が代わりに使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1131
+#: sssd-ldap.5.xml:1158
 msgid "ldap_netgroup_member (string)"
 msgstr "ldap_netgroup_member (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1134
+#: sssd-ldap.5.xml:1161
 msgid "The LDAP attribute that contains the names of the netgroup's members."
 msgstr "ネットワークグループのメンバーの名前を含む LDAP 属性です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1165
 msgid "In IPA provider, ipa_netgroup_member should be used instead."
 msgstr ""
 "IPA プロバイダーにおいては ipa_netgroup_member が代わりに使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1142
+#: sssd-ldap.5.xml:1169
 msgid "Default: memberNisNetgroup"
 msgstr "初期値: memberNisNetgroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1175
 msgid "ldap_netgroup_triple (string)"
 msgstr "ldap_netgroup_triple (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1178
 msgid ""
 "The LDAP attribute that contains the (host, user, domain) netgroup triples."
 msgstr ""
@@ -5310,90 +5485,90 @@ msgstr ""
 "す。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1155 sssd-ldap.5.xml:1171
+#: sssd-ldap.5.xml:1182 sssd-ldap.5.xml:1198
 msgid "This option is not available in IPA provider."
 msgstr "このオプションは IPA プロバイダーにおいて利用可能ではありません。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1158
+#: sssd-ldap.5.xml:1185
 msgid "Default: nisNetgroupTriple"
 msgstr "初期値: nisNetgroupTriple"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1191
 msgid "ldap_netgroup_modify_timestamp (string)"
 msgstr "ldap_netgroup_modify_timestamp (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1207
 msgid "ldap_service_object_class (string)"
 msgstr "ldap_service_object_class (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1210
 msgid "The object class of a service entry in LDAP."
 msgstr "LDAP にあるサービスエントリーのオブジェクトクラスです。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1186
+#: sssd-ldap.5.xml:1213
 msgid "Default: ipService"
 msgstr "初期値: ipService"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1192
+#: sssd-ldap.5.xml:1219
 msgid "ldap_service_name (string)"
 msgstr "ldap_service_name (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1195
+#: sssd-ldap.5.xml:1222
 msgid ""
 "The LDAP attribute that contains the name of service attributes and their "
 "aliases."
 msgstr "サービス属性の名前とそのエイリアスを含む LDAP 属性です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1205
+#: sssd-ldap.5.xml:1232
 msgid "ldap_service_port (string)"
 msgstr "ldap_service_port (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1235
 msgid "The LDAP attribute that contains the port managed by this service."
 msgstr "このサービスにより管理されるポートを含む LDAP 属性です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1239
 msgid "Default: ipServicePort"
 msgstr "初期値: ipServicePort"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1245
 msgid "ldap_service_proto (string)"
 msgstr "ldap_service_proto (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1248
 msgid ""
 "The LDAP attribute that contains the protocols understood by this service."
 msgstr "このサービスにより認識されるプロトコルを含む LDAP 属性です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1252
 msgid "Default: ipServiceProtocol"
 msgstr "初期値: ipServiceProtocol"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1231
+#: sssd-ldap.5.xml:1258
 msgid "ldap_service_search_base (string)"
 msgstr "ldap_service_search_base (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1236
+#: sssd-ldap.5.xml:1263
 msgid "ldap_search_timeout (integer)"
 msgstr "ldap_search_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1266
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches are allowed to run "
 "before they are cancelled and cached results are returned (and offline mode "
@@ -5401,7 +5576,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1245
+#: sssd-ldap.5.xml:1272
 msgid ""
 "Note: this option is subject to change in future versions of the SSSD. It "
 "will likely be replaced at some point by a series of timeouts for specific "
@@ -5412,12 +5587,12 @@ msgstr ""
 "かもしれません。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1257
+#: sssd-ldap.5.xml:1284
 msgid "ldap_enumeration_search_timeout (integer)"
 msgstr "ldap_enumeration_search_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1260
+#: sssd-ldap.5.xml:1287
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches for user and group "
 "enumerations are allowed to run before they are cancelled and cached results "
@@ -5425,12 +5600,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1273
+#: sssd-ldap.5.xml:1300
 msgid "ldap_network_timeout (integer)"
 msgstr "ldap_network_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1303
 msgid ""
 "Specifies the timeout (in seconds) after which the <citerefentry> "
 "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -5446,12 +5621,12 @@ msgstr ""
 "citerefentry> が未使用を返した後のタイムアウト（秒単位）を指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1326
 msgid "ldap_opt_timeout (integer)"
 msgstr "ldap_opt_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1329
 msgid ""
 "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
 "will abort if no response is received. Also controls the timeout when "
@@ -5460,12 +5635,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1344
 msgid "ldap_connection_expire_timeout (integer)"
 msgstr "ldap_connection_expire_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1347
 msgid ""
 "Specifies a timeout (in seconds) that a connection to an LDAP server will be "
 "maintained. After this time, the connection will be re-established. If used "
@@ -5474,17 +5649,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1328 sssd-ldap.5.xml:2397
+#: sssd-ldap.5.xml:1355 sssd-ldap.5.xml:2433
 msgid "Default: 900 (15 minutes)"
 msgstr "初期値: 900 (15 分)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1361
 msgid "ldap_page_size (integer)"
 msgstr "ldap_page_size (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1364
 msgid ""
 "Specify the number of records to retrieve from LDAP in a single request. "
 "Some LDAP servers enforce a maximum limit per-request."
@@ -5493,17 +5668,17 @@ msgstr ""
 "バーは 1 要求あたりの最大数の制限を強制します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1342
+#: sssd-ldap.5.xml:1369
 msgid "Default: 1000"
 msgstr "初期値: 1000"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1375
 msgid "ldap_disable_paging (boolean)"
 msgstr "ldap_disable_paging (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1378
 msgid ""
 "Disable the LDAP paging control. This option should be used if the LDAP "
 "server reports that it supports the LDAP paging control in its RootDSE but "
@@ -5514,7 +5689,7 @@ msgstr ""
 "ことを報告する場合に、このオプションが使用されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1384
 msgid ""
 "Example: OpenLDAP servers with the paging control module installed on the "
 "server but not enabled will report it in the RootDSE but be unable to use it."
@@ -5524,7 +5699,7 @@ msgstr ""
 "す。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1363
+#: sssd-ldap.5.xml:1390
 msgid ""
 "Example: 389 DS has a bug where it can only support a one paging control at "
 "a time on a single connection. On busy clients, this can result in some "
@@ -5535,17 +5710,17 @@ msgstr ""
 "があります。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1375
+#: sssd-ldap.5.xml:1402
 msgid "ldap_disable_range_retrieval (boolean)"
 msgstr "ldap_disable_range_retrieval (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1378
+#: sssd-ldap.5.xml:1405
 msgid "Disable Active Directory range retrieval."
 msgstr "Active Directory の範囲の取得を無効化します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1381
+#: sssd-ldap.5.xml:1408
 msgid ""
 "Active Directory limits the number of members to be retrieved in a single "
 "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -5555,12 +5730,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1396
+#: sssd-ldap.5.xml:1423
 msgid "ldap_sasl_minssf (integer)"
 msgstr "ldap_sasl_minssf (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1426
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -5568,17 +5743,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1432
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1439
 msgid "ldap_deref_threshold (integer)"
 msgstr "ldap_deref_threshold (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1415
+#: sssd-ldap.5.xml:1442
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -5586,13 +5761,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1448
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1452
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -5601,7 +5776,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1433
+#: sssd-ldap.5.xml:1460
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -5609,12 +5784,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1473
 msgid "ldap_tls_reqcert (string)"
 msgstr "ldap_tls_reqcert (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1449
+#: sssd-ldap.5.xml:1476
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
@@ -5623,7 +5798,7 @@ msgstr ""
 "クするものを指定します。以下の値のうち 1 つを指定できます:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1482
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
@@ -5632,7 +5807,7 @@ msgstr ""
 "確認しません。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1486
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5643,7 +5818,7 @@ msgstr ""
 "無視され、セッションが通常通り進められます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466
+#: sssd-ldap.5.xml:1493
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5654,7 +5829,7 @@ msgstr ""
 "ンが直ちに終了します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1472
+#: sssd-ldap.5.xml:1499
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -5664,22 +5839,22 @@ msgstr ""
 "なければ、もしくは不正な証明書が提供されれば、セッションが直ちに終了します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1478
+#: sssd-ldap.5.xml:1505
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr "<emphasis>hard</emphasis> = <quote>demand</quote> と同じです"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1509
 msgid "Default: hard"
 msgstr "初期値: hard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1515
 msgid "ldap_tls_cacert (string)"
 msgstr "ldap_tls_cacert (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1518
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
@@ -5689,7 +5864,7 @@ msgstr ""
 "書を含むファイルを指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1496 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1523 sssd-ldap.5.xml:1541 sssd-ldap.5.xml:1582
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
@@ -5698,12 +5873,12 @@ msgstr ""
 "filename> にあります"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1530
 msgid "ldap_tls_cacertdir (string)"
 msgstr "ldap_tls_cacertdir (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1533
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -5716,32 +5891,32 @@ msgstr ""
 "ます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1548
 msgid "ldap_tls_cert (string)"
 msgstr "ldap_tls_cert (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1524
+#: sssd-ldap.5.xml:1551
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr "クライアントのキーに対する証明書を含むファイルを指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1534
+#: sssd-ldap.5.xml:1561
 msgid "ldap_tls_key (string)"
 msgstr "ldap_tls_key (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1564
 msgid "Specifies the file that contains the client's key."
 msgstr "クライアントのキーを含むファイルを指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1573
 msgid "ldap_tls_cipher_suite (string)"
 msgstr "ldap_tls_cipher_suite (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1576
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -5749,12 +5924,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1589
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr "ldap_id_use_start_tls (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1565
+#: sssd-ldap.5.xml:1592
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem class="
 "\"protocol\">tls</systemitem> to protect the channel."
@@ -5763,12 +5938,12 @@ msgstr ""
 "用する必要がある id_provider 接続を指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1602
 msgid "ldap_id_mapping (boolean)"
 msgstr "ldap_id_mapping (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1605
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -5776,20 +5951,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1584
+#: sssd-ldap.5.xml:1611
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 "この機能は現在 ActiveDirectory objectSID マッピングのみサポートします。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1594
-#, fuzzy
-#| msgid "ldap_min_id, ldap_max_id (interger)"
+#: sssd-ldap.5.xml:1621
 msgid "ldap_min_id, ldap_max_id (integer)"
-msgstr "ldap_min_id, ldap_max_id (整数)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1624
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -5800,17 +5973,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1636
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1642
 msgid "ldap_sasl_mech (string)"
 msgstr "ldap_sasl_mech (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1645
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
 "supported."
@@ -5819,12 +5992,12 @@ msgstr ""
 "れます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1655
 msgid "ldap_sasl_authid (string)"
 msgstr "ldap_sasl_authid (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1658
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI is used, this "
 "represents the Kerberos principal used for authentication to the directory.  "
@@ -5833,17 +6006,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1666
 msgid "Default: host/hostname@REALM"
 msgstr "初期値: host/hostname@REALM"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1672
 msgid "ldap_sasl_realm (string)"
 msgstr "ldap_sasl_realm (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1648
+#: sssd-ldap.5.xml:1675
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -5851,17 +6024,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1681
 msgid "Default: the value of krb5_realm."
 msgstr "初期値: krb5_realm の値"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1687
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr "ldap_sasl_canonicalize (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1663
+#: sssd-ldap.5.xml:1690
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
@@ -5870,33 +6043,33 @@ msgstr ""
 "するために逆引きを実行します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1668
+#: sssd-ldap.5.xml:1695
 msgid "Default: false;"
 msgstr "初期値: false;"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1701
 msgid "ldap_krb5_keytab (string)"
 msgstr "ldap_krb5_keytab (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1677
+#: sssd-ldap.5.xml:1704
 msgid "Specify the keytab to use when using SASL/GSSAPI."
 msgstr "SASL/GSSAPI を使用するときに使用するキーテーブルを指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1680
+#: sssd-ldap.5.xml:1707
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 "初期値: システムのキーテーブル、通常 <filename>/etc/krb5.keytab</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1686
+#: sssd-ldap.5.xml:1713
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr "ldap_krb5_init_creds (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1689
+#: sssd-ldap.5.xml:1716
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -5907,27 +6080,27 @@ msgstr ""
 "ます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1728
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr "ldap_krb5_ticket_lifetime (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1704
+#: sssd-ldap.5.xml:1731
 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr "GSSAPI が使用されている場合、TGT の有効期間を秒単位で指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1708 sssd-ad.5.xml:914
+#: sssd-ldap.5.xml:1735 sssd-ad.5.xml:914
 msgid "Default: 86400 (24 hours)"
 msgstr "初期値: 86400 (24 時間)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1714 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1741 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr "krb5_server, krb5_backup_server (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1717
+#: sssd-ldap.5.xml:1744
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -5939,7 +6112,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1756 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -5950,7 +6123,7 @@ msgstr ""
 "ば _tcp にフォールバックします。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1761 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -5961,27 +6134,27 @@ msgstr ""
 "quote> を使用するよう設定ファイルを移行することが推奨されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1743 sssd-ipa.5.xml:418 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1770 sssd-ipa.5.xml:432 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr "krb5_realm (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1746
+#: sssd-ldap.5.xml:1773
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
 msgstr "(SASL/GSSAPI 認証向け) Kerberos レルムを指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1749
+#: sssd-ldap.5.xml:1776
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr "初期値: システムの初期値、<filename>/etc/krb5.conf</filename> 参照。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1755 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1782 sssd-krb5.5.xml:462
 msgid "krb5_canonicalize (boolean)"
 msgstr "krb5_canonicalize (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1785
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -5990,12 +6163,12 @@ msgstr ""
 "します。この機能は MIT Kerberos >= 1.7 で利用可能です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1770 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1797 sssd-krb5.5.xml:477
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr "krb5_use_kdcinfo (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1773 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1800 sssd-krb5.5.xml:480
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -6005,7 +6178,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1811 sssd-krb5.5.xml:491
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -6016,12 +6189,12 @@ msgstr ""
 "manvolnum> </citerefentry> マニュアルページを参照ください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1825
 msgid "ldap_pwd_policy (string)"
 msgstr "ldap_pwd_policy (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1828
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
@@ -6030,7 +6203,7 @@ msgstr ""
 "す。以下の値が許容されます:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1806
+#: sssd-ldap.5.xml:1833
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
@@ -6039,7 +6212,7 @@ msgstr ""
 "ンはサーバー側のパスワードポリシーを無効にできません。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1811
+#: sssd-ldap.5.xml:1838
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -6050,7 +6223,7 @@ msgstr ""
 "manvolnum></citerefentry> 形式の属性を使用します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1817
+#: sssd-ldap.5.xml:1844
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -6061,24 +6234,24 @@ msgstr ""
 "とき、これらの属性を更新するために chpass_provider=krb5 を使用します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1826
+#: sssd-ldap.5.xml:1853
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1861
 msgid "ldap_referrals (boolean)"
 msgstr "ldap_referrals (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1864
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr "自動参照追跡が有効化されるかを指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1868
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
@@ -6087,7 +6260,7 @@ msgstr ""
 "sssd のみが参照追跡をサポートすることに注意してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1873
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -6096,28 +6269,28 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1887
 msgid "ldap_dns_service_name (string)"
 msgstr "ldap_dns_service_name (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1890
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 "サービス検索が有効にされているときに使用するサービスの名前を指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1894
 msgid "Default: ldap"
 msgstr "初期値: ldap"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1900
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr "ldap_chpass_dns_service_name (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1876
+#: sssd-ldap.5.xml:1903
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
@@ -6126,29 +6299,29 @@ msgstr ""
 "を検索するために使用するサービスの名前を指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1881
+#: sssd-ldap.5.xml:1908
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr "初期値: 設定されていません、つまりサービス検索が無効にされています"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1887
+#: sssd-ldap.5.xml:1914
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr "ldap_chpass_update_last_change (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1890
+#: sssd-ldap.5.xml:1917
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1902
+#: sssd-ldap.5.xml:1929
 msgid "ldap_access_filter (string)"
 msgstr "ldap_access_filter (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1932
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -6164,12 +6337,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1952
 msgid "Example:"
 msgstr "例:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1928
+#: sssd-ldap.5.xml:1955
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -6178,43 +6351,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1959
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1937
-#, fuzzy
-#| msgid ""
-#| "Offline caching for this feature is limited to determining whether the "
-#| "user's last online login was granted access permission. If they were "
-#| "granted access during their last login, they will continue to be granted "
-#| "access while offline and vice-versa."
+#: sssd-ldap.5.xml:1964
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
 "access during their last login, they will continue to be granted access "
 "while offline and vice versa."
 msgstr ""
-"この機能に対するオフラインキャッシュは、ユーザーの最終オンラインログインがア"
-"クセス権を許可されたかどうかを決めることに制限されます。採集ログインの間にア"
-"クセスが許可されていると、オフラインの間にアクセスが許可され続けます。逆もま"
-"た同様です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1945 sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:1972 sssd-ldap.5.xml:2029
 msgid "Default: Empty"
 msgstr "初期値: 空白"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1951
+#: sssd-ldap.5.xml:1978
 msgid "ldap_account_expire_policy (string)"
 msgstr "ldap_account_expire_policy (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1981
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
@@ -6223,7 +6386,7 @@ msgstr ""
 "ます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1958
+#: sssd-ldap.5.xml:1985
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -6234,12 +6397,12 @@ msgstr ""
 "否します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1965
+#: sssd-ldap.5.xml:1992
 msgid "The following values are allowed:"
 msgstr "以下の値が許可されます:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1995
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
@@ -6248,7 +6411,7 @@ msgstr ""
 "ldap_user_shadow_expire の値を使用します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1973
+#: sssd-ldap.5.xml:2000
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -6257,7 +6420,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:2007
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -6268,7 +6431,7 @@ msgstr ""
 "ldap_ns_account_lock の値を使用します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1986
+#: sssd-ldap.5.xml:2013
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -6281,7 +6444,7 @@ msgstr ""
 "クセスが許可されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2022
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -6289,23 +6452,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2035
 msgid "ldap_access_order (string)"
 msgstr "ldap_access_order (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2011
+#: sssd-ldap.5.xml:2038
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 "アクセス制御オプションのカンマ区切り一覧です。許可される値は次のとおりです:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2042
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr "<emphasis>filter</emphasis>: ldap_access_filter を使用します"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2045
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6315,14 +6478,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2028
+#: sssd-ldap.5.xml:2055
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2062
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6335,12 +6498,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2052
+#: sssd-ldap.5.xml:2079
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr "<emphasis>expire</emphasis>: ldap_account_expire_policy を使用します"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2056
+#: sssd-ldap.5.xml:2083
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -6350,7 +6513,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2093
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -6360,20 +6523,20 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2101
 msgid ""
 "Note If user password is expired no explicit message is prompted by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2105
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2083
+#: sssd-ldap.5.xml:2110
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
@@ -6382,30 +6545,48 @@ msgstr ""
 "authorizedService 属性を使用します"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2115
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 "<emphasis>host</emphasis>: アクセス権を決めるために host 属性を使用します"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2092
+#: sssd-ldap.5.xml:2119
+#, fuzzy
+#| msgid ""
+#| "<emphasis>host</emphasis>: use the host attribute to determine access"
+msgid ""
+"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
+"remote host can access"
+msgstr ""
+"<emphasis>host</emphasis>: アクセス権を決めるために host 属性を使用します"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2123
+msgid ""
+"Please note, rhost field in pam is set by application, it is better to check "
+"what the application sends to pam, before enabling this access control option"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2128
 msgid "Default: filter"
 msgstr "初期値: filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2095
+#: sssd-ldap.5.xml:2131
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr "値が複数使用されていると設定エラーになることに注意してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2102
+#: sssd-ldap.5.xml:2138
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2105
+#: sssd-ldap.5.xml:2141
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -6414,22 +6595,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2113
+#: sssd-ldap.5.xml:2149
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2152
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2122
+#: sssd-ldap.5.xml:2158
 msgid "ldap_deref (string)"
 msgstr "ldap_deref (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2125
+#: sssd-ldap.5.xml:2161
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
@@ -6438,12 +6619,12 @@ msgstr ""
 "ションが許容されます:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2130
+#: sssd-ldap.5.xml:2166
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr "<emphasis>never</emphasis>: エイリアスが参照解決されません。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2134
+#: sssd-ldap.5.xml:2170
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
@@ -6452,7 +6633,7 @@ msgstr ""
 "決されますが、検索のベースオブジェクトの位置を探すときはされません。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2139
+#: sssd-ldap.5.xml:2175
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
@@ -6461,7 +6642,7 @@ msgstr ""
 "すときのみ参照解決されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2144
+#: sssd-ldap.5.xml:2180
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
@@ -6470,7 +6651,7 @@ msgstr ""
 "きも位置を検索するときも参照解決されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2149
+#: sssd-ldap.5.xml:2185
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
@@ -6479,19 +6660,19 @@ msgstr ""
 "して取り扱われます）"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2157
+#: sssd-ldap.5.xml:2193
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr "ldap_rfc2307_fallback_to_local_users (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2196
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2200
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -6502,7 +6683,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2175
+#: sssd-ldap.5.xml:2211
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -6510,26 +6691,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2223 sssd-ifp.5.xml:136
 #, fuzzy
 #| msgid "ldap_opt_timeout (integer)"
-msgid "wildcart_limit (integer)"
+msgid "wildcard_limit (integer)"
 msgstr "ldap_opt_timeout (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2226
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2194
+#: sssd-ldap.5.xml:2230
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2234
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
@@ -6549,12 +6730,12 @@ msgstr ""
 "\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2244
 msgid "SUDO OPTIONS"
 msgstr "SUDO オプション"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2210
+#: sssd-ldap.5.xml:2246
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -6562,52 +6743,52 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2221
+#: sssd-ldap.5.xml:2257
 msgid "ldap_sudorule_object_class (string)"
 msgstr "ldap_sudorule_object_class (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2260
 msgid "The object class of a sudo rule entry in LDAP."
 msgstr "LDAP にある sudo ルールエントリーのオブジェクトクラスです。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2227
+#: sssd-ldap.5.xml:2263
 msgid "Default: sudoRole"
 msgstr "初期値: sudoRole"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2233
+#: sssd-ldap.5.xml:2269
 msgid "ldap_sudorule_name (string)"
 msgstr "ldap_sudorule_name (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2272
 msgid "The LDAP attribute that corresponds to the sudo rule name."
 msgstr "sudo ルール名に対応する LDAP 属性です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2246
+#: sssd-ldap.5.xml:2282
 msgid "ldap_sudorule_command (string)"
 msgstr "ldap_sudorule_command (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2249
+#: sssd-ldap.5.xml:2285
 msgid "The LDAP attribute that corresponds to the command name."
 msgstr "コマンド名に対応する LDAP 属性です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2253
+#: sssd-ldap.5.xml:2289
 msgid "Default: sudoCommand"
 msgstr "初期値: sudoCommand"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2259
+#: sssd-ldap.5.xml:2295
 msgid "ldap_sudorule_host (string)"
 msgstr "ldap_sudorule_host (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2262
+#: sssd-ldap.5.xml:2298
 msgid ""
 "The LDAP attribute that corresponds to the host name (or host IP address, "
 "host IP network, or host netgroup)"
@@ -6616,17 +6797,17 @@ msgstr ""
 "クグループ）に対応する LDAP 属性です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2303
 msgid "Default: sudoHost"
 msgstr "初期値: sudoHost"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2273
+#: sssd-ldap.5.xml:2309
 msgid "ldap_sudorule_user (string)"
 msgstr "ldap_sudorule_user (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2276
+#: sssd-ldap.5.xml:2312
 msgid ""
 "The LDAP attribute that corresponds to the user name (or UID, group name or "
 "user's netgroup)"
@@ -6635,49 +6816,49 @@ msgstr ""
 "る LDAP 属性です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2316
 msgid "Default: sudoUser"
 msgstr "初期値: sudoUser"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2286
+#: sssd-ldap.5.xml:2322
 msgid "ldap_sudorule_option (string)"
 msgstr "ldap_sudorule_option (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2289
+#: sssd-ldap.5.xml:2325
 msgid "The LDAP attribute that corresponds to the sudo options."
 msgstr "sudo オプションに対応する LDAP 属性です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2329
 msgid "Default: sudoOption"
 msgstr "初期値: sudoOption"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2335
 msgid "ldap_sudorule_runasuser (string)"
 msgstr "ldap_sudorule_runasuser (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2302
+#: sssd-ldap.5.xml:2338
 msgid ""
 "The LDAP attribute that corresponds to the user name that commands may be "
 "run as."
 msgstr "コマンドを実行するユーザー名に対応する LDAP 属性です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2306
+#: sssd-ldap.5.xml:2342
 msgid "Default: sudoRunAsUser"
 msgstr "初期値: sudoRunAsUser"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2312
+#: sssd-ldap.5.xml:2348
 msgid "ldap_sudorule_runasgroup (string)"
 msgstr "ldap_sudorule_runasgroup (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2351
 msgid ""
 "The LDAP attribute that corresponds to the group name or group GID that "
 "commands may be run as."
@@ -6685,34 +6866,34 @@ msgstr ""
 "コマンドを実行するグループ名またはグループの GID に対応する LDAP 属性です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2319
+#: sssd-ldap.5.xml:2355
 msgid "Default: sudoRunAsGroup"
 msgstr "初期値: sudoRunAsGroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2361
 msgid "ldap_sudorule_notbefore (string)"
 msgstr "ldap_sudorule_notbefore (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2328
+#: sssd-ldap.5.xml:2364
 msgid ""
 "The LDAP attribute that corresponds to the start date/time for when the sudo "
 "rule is valid."
 msgstr "sudo ルールが有効になる開始日時に対応する LDAP 属性です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2332
+#: sssd-ldap.5.xml:2368
 msgid "Default: sudoNotBefore"
 msgstr "初期値: sudoNotBefore"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2338
+#: sssd-ldap.5.xml:2374
 msgid "ldap_sudorule_notafter (string)"
 msgstr "ldap_sudorule_notafter (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2341
+#: sssd-ldap.5.xml:2377
 msgid ""
 "The LDAP attribute that corresponds to the expiration date/time, after which "
 "the sudo rule will no longer be valid."
@@ -6721,39 +6902,39 @@ msgstr ""
 "す。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2346
+#: sssd-ldap.5.xml:2382
 msgid "Default: sudoNotAfter"
 msgstr "初期値: sudoNotAfter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2352
+#: sssd-ldap.5.xml:2388
 msgid "ldap_sudorule_order (string)"
 msgstr "ldap_sudorule_order (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2391
 msgid "The LDAP attribute that corresponds to the ordering index of the rule."
 msgstr "ルールの並び替えインデックスに対応する LDAP 属性です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2359
+#: sssd-ldap.5.xml:2395
 msgid "Default: sudoOrder"
 msgstr "初期値: sudoOrder"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2365
+#: sssd-ldap.5.xml:2401
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr "ldap_sudo_full_refresh_interval (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2368
+#: sssd-ldap.5.xml:2404
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2373
+#: sssd-ldap.5.xml:2409
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
@@ -6762,17 +6943,17 @@ msgstr ""
 "ります"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2378
+#: sssd-ldap.5.xml:2414
 msgid "Default: 21600 (6 hours)"
 msgstr "初期値: 21600 (6 時間)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2420
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr "ldap_sudo_smart_refresh_interval (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387
+#: sssd-ldap.5.xml:2423
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest USN "
@@ -6780,31 +6961,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2429
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2403
+#: sssd-ldap.5.xml:2439
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr "ldap_sudo_use_host_filter (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2406
+#: sssd-ldap.5.xml:2442
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2417
+#: sssd-ldap.5.xml:2453
 msgid "ldap_sudo_hostnames (string)"
 msgstr "ldap_sudo_hostnames (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2420
+#: sssd-ldap.5.xml:2456
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
@@ -6813,15 +6994,15 @@ msgstr ""
 "区切り一覧です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2425
+#: sssd-ldap.5.xml:2461
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2430 sssd-ldap.5.xml:2453 sssd-ldap.5.xml:2471
-#: sssd-ldap.5.xml:2489
+#: sssd-ldap.5.xml:2466 sssd-ldap.5.xml:2489 sssd-ldap.5.xml:2507
+#: sssd-ldap.5.xml:2525
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
@@ -6830,17 +7011,17 @@ msgstr ""
 "ならば、このオプションは効果を持ちません。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2435 sssd-ldap.5.xml:2458
+#: sssd-ldap.5.xml:2471 sssd-ldap.5.xml:2494
 msgid "Default: not specified"
 msgstr "初期値: 指定なし"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2477
 msgid "ldap_sudo_ip (string)"
 msgstr "ldap_sudo_ip (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2444
+#: sssd-ldap.5.xml:2480
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
@@ -6849,7 +7030,7 @@ msgstr ""
 "アドレスの空白区切り一覧です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2449
+#: sssd-ldap.5.xml:2485
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
@@ -6857,31 +7038,31 @@ msgstr ""
 "このオプションが空白ならば、SSSD は自動的にアドレスを検索しようとします。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2464
+#: sssd-ldap.5.xml:2500
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr "ldap_sudo_include_netgroups (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2467
+#: sssd-ldap.5.xml:2503
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2482
+#: sssd-ldap.5.xml:2518
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr "ldap_sudo_include_regexp (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2485
+#: sssd-ldap.5.xml:2521
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2501
+#: sssd-ldap.5.xml:2537
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -6893,93 +7074,87 @@ msgstr ""
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry> を参照してください"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2547
 msgid "AUTOFS OPTIONS"
 msgstr "AUTOFS オプション"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2513
+#: sssd-ldap.5.xml:2549
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2555
 msgid "ldap_autofs_map_master_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2522
+#: sssd-ldap.5.xml:2558
 msgid "The name of the automount master map in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2525
+#: sssd-ldap.5.xml:2561
 msgid "Default: auto.master"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2532
+#: sssd-ldap.5.xml:2568
 msgid "ldap_autofs_map_object_class (string)"
 msgstr "ldap_autofs_map_object_class (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2535
+#: sssd-ldap.5.xml:2571
 msgid "The object class of an automount map entry in LDAP."
 msgstr "LDAP にある automount マップエントリーのオブジェクトクラスです。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2538
+#: sssd-ldap.5.xml:2574
 msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2546
+#: sssd-ldap.5.xml:2582
 msgid "ldap_autofs_map_name (string)"
 msgstr "ldap_autofs_map_name (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2549
+#: sssd-ldap.5.xml:2585
 msgid "The name of an automount map entry in LDAP."
 msgstr "LDAP における automount のマップエントリーの名前です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2552
+#: sssd-ldap.5.xml:2588
 msgid ""
 "Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2596
 msgid "ldap_autofs_entry_object_class (string)"
 msgstr "ldap_autofs_entry_object_class (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2563
-#, fuzzy
-#| msgid ""
-#| "The key of an automount entry in LDAP. The entry usually corresponds to a "
-#| "mount point."
+#: sssd-ldap.5.xml:2599
 msgid ""
 "The object class of an automount entry in LDAP. The entry usually "
 "corresponds to a mount point."
 msgstr ""
-"LDAP にある automount エントリーのキーです。エントリーは一般的にマウントポイ"
-"ントと対応します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2568
+#: sssd-ldap.5.xml:2604
 msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2576
+#: sssd-ldap.5.xml:2612
 msgid "ldap_autofs_entry_key (string)"
 msgstr "ldap_autofs_entry_key (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2579 sssd-ldap.5.xml:2594
+#: sssd-ldap.5.xml:2615 sssd-ldap.5.xml:2630
 msgid ""
 "The key of an automount entry in LDAP. The entry usually corresponds to a "
 "mount point."
@@ -6988,24 +7163,24 @@ msgstr ""
 "ントと対応します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2583
+#: sssd-ldap.5.xml:2619
 msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2627
 msgid "ldap_autofs_entry_value (string)"
 msgstr "ldap_autofs_entry_value (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2598
+#: sssd-ldap.5.xml:2634
 msgid ""
 "Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
 "automountInformation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2517
+#: sssd-ldap.5.xml:2553
 msgid ""
 "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
 "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -7014,56 +7189,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2609
+#: sssd-ldap.5.xml:2645
 msgid "ADVANCED OPTIONS"
 msgstr "高度なオプション"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2616
+#: sssd-ldap.5.xml:2652
 msgid "ldap_netgroup_search_base (string)"
 msgstr "ldap_netgroup_search_base (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2621
+#: sssd-ldap.5.xml:2657
 msgid "ldap_user_search_base (string)"
 msgstr "ldap_user_search_base (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2626
+#: sssd-ldap.5.xml:2662
 msgid "ldap_group_search_base (string)"
 msgstr "ldap_group_search_base (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2631
+#: sssd-ldap.5.xml:2667
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2633
+#: sssd-ldap.5.xml:2669
 msgid ""
-"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
+"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
 "memberships, even with no GID mapping. It is recommended to disable this "
 "feature, if group names are not being displayed correctly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2640
+#: sssd-ldap.5.xml:2676
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2642
+#: sssd-ldap.5.xml:2678
 msgid "ldap_sudo_search_base (string)"
 msgstr "ldap_sudo_search_base (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2647
+#: sssd-ldap.5.xml:2683
 msgid "ldap_autofs_search_base (string)"
 msgstr "ldap_autofs_search_base (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2611
+#: sssd-ldap.5.xml:2647
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -7071,8 +7246,15 @@ msgid ""
 "\"variablelist\" id=\"1\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2698 sssd-simple.5.xml:131 sssd-ipa.5.xml:717
+#: sssd-ad.5.xml:1018 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+msgid "EXAMPLE"
+msgstr "例"
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2664
+#: sssd-ldap.5.xml:2700
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -7083,7 +7265,7 @@ msgstr ""
 "す。"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2670
+#: sssd-ldap.5.xml:2706
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7096,26 +7278,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2669 sssd-ldap.5.xml:2687 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:681 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 include/ldap_id_mapping.xml:105
+#: sssd-ldap.5.xml:2705 sssd-ldap.5.xml:2723 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2681
+#: sssd-ldap.5.xml:2717
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2683
+#: sssd-ldap.5.xml:2719
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2688
+#: sssd-ldap.5.xml:2724
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7131,13 +7314,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2703 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2739 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1041 sssd.8.xml:195 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "注記"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2705
+#: sssd-ldap.5.xml:2741
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -7314,10 +7497,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:166
-#, fuzzy
-#| msgid "<option>forward_pass</option>"
 msgid "<option>allow_missing_name</option>"
-msgstr "<option>forward_pass</option>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:170
@@ -7347,10 +7528,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:190
-#, fuzzy
-#| msgid "<option>retry=N</option>"
 msgid "<option>prompt_always</option>"
-msgstr "<option>retry=N</option>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:194
@@ -7481,17 +7660,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd_krb5_locator_plugin.8.xml:73
-#, fuzzy
-#| msgid ""
-#| "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-#| "debug messages will be sent to stderr."
 msgid ""
 "If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value "
 "the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the "
 "caller."
 msgstr ""
-"環境変数 SSSD_KRB5_LOCATOR_DEBUG に何らかの値が設定されていると、デバッグメッ"
-"セージが標準エラーに送られます。"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-simple.5.xml:10 sssd-simple.5.xml:16
@@ -7715,9 +7888,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:45
 msgid ""
-"The rules are process by priority while the number '0' (zero)  indicates the "
-"highest priority. The higher the number the lower is the priority. A missing "
-"value indicates the lowest priority."
+"The rules are processed by priority while the number '0' (zero)  indicates "
+"the highest priority. The higher the number the lower is the priority. A "
+"missing value indicates the lowest priority."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
@@ -7801,7 +7974,7 @@ msgstr ""
 #: sss-certmap.5.xml:112
 msgid ""
 "This option can be used to specify which key usage values the certificate "
-"should have. The following value can be used in a comma separate list:"
+"should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
@@ -8154,22 +8327,14 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:66
-#, fuzzy
-#| msgid ""
-#| "The following expansions are supported: <placeholder type=\"variablelist"
-#| "\" id=\"0\"/>"
 msgid ""
 "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
-"以下の拡張モジュールがサポートされます: <placeholder type=\"variablelist\" "
-"id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sss-certmap.5.xml:336
-#, fuzzy
-#| msgid "ID MAPPING"
 msgid "MAPPING RULE"
-msgstr "ID マッピング"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:338
@@ -8186,7 +8351,7 @@ msgid ""
 "exception is the proxy provider which is not of relevance here). Because of "
 "this the mapping rule is based on LDAP search filter syntax with templates "
 "to add certificate content to the filter. It is expected that the filter "
-"will only contain the specific data needed for the mapping an that the "
+"will only contain the specific data needed for the mapping and that the "
 "caller will embed it in another filter to do the actual search. Because of "
 "this the filter string should start and stop with '(' and ')' respectively."
 msgstr ""
@@ -8206,8 +8371,8 @@ msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
 "is that the user specific data in LDAP might change for various reasons "
-"would would break the mapping. On the other hand it would be hard to break "
-"the mapping on purpose for a specific user."
+"would break the mapping. On the other hand it would be hard to break the "
+"mapping on purpose for a specific user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -8301,7 +8466,7 @@ msgstr ""
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
-"represent the first part of the principal before the '@' sign."
+"represents the first part of the principal before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -8319,8 +8484,8 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:459
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by pkinit. The 'short_name' component represent the first part of the "
+"This template will add the Kerberos principal which is given by the SAN used "
+"by pkinit. The 'short_name' component represents the first part of the "
 "principal before the '@' sign."
 msgstr ""
 
@@ -8339,9 +8504,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:473
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by AD. The 'short_name' component represent the first part of the "
-"principal before the '@' sign."
+"This template will add the Kerberos principal which is given by the SAN used "
+"by AD. The 'short_name' component represent the first part of the principal "
+"before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -8354,7 +8519,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
-"represent the first part of the address before the '@' sign."
+"represents the first part of the address before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -8374,7 +8539,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
-"component represent the first part of the name before the first '.' sign."
+"component represents the first part of the name before the first '.' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -8490,7 +8655,7 @@ msgstr ""
 #: sss-certmap.5.xml:367
 msgid ""
 "The templates to add certificate data to the search filter are based on "
-"Python-style formatting strings. They consists of a keyword in curly braces "
+"Python-style formatting strings. They consist of a keyword in curly braces "
 "with an optional sub-component specifier separated by a '.' or an optional "
 "conversion/formatting option separated by a '!'.  Allowed values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -8498,10 +8663,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sss-certmap.5.xml:590
-#, fuzzy
-#| msgid "DOMAIN SECTIONS"
 msgid "DOMAIN LIST"
-msgstr "ドメインセクション"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:592
@@ -8551,14 +8714,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:43
-#, fuzzy
-#| msgid ""
-#| "The IPA provider accepts the same options used by the <citerefentry> "
-#| "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> identity provider and the <citerefentry> "
-#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> authentication provider with some exceptions described "
-#| "below."
 msgid ""
 "The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity "
@@ -8568,11 +8723,6 @@ msgid ""
 "options used by the sssd-ldap and sssd-krb5 providers with some exceptions. "
 "However, it is neither necessary nor recommended to set these options."
 msgstr ""
-"IPA プロバイダーは <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> 識別プロバイダーおよび "
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> 認証プロバイダーにより使用されるものと同じオプショ"
-"ンを受け付けます。いくつかの例外は以下に説明されています。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:57
@@ -8584,24 +8734,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:62
-#, fuzzy
-#| msgid ""
-#| "However, it is neither necessary nor recommended to set these options.  "
-#| "IPA provider can also be used as an access and chpass provider. As an "
-#| "access provider it uses HBAC (host-based access control) rules. Please "
-#| "refer to freeipa.org for more information about HBAC. No configuration of "
-#| "access provider is required on the client side."
 msgid ""
 "As an access provider, the IPA provider uses HBAC (host-based access "
 "control)  rules. Please refer to freeipa.org for more information about "
 "HBAC. No configuration of access provider is required on the client side."
 msgstr ""
-"しかし、これらのオプションを設定することは必要ありません、また推奨もされませ"
-"ん。IPA プロバイダーはアクセスプロバイダーおよびパスワード変更プロバイダーと"
-"しても使用できます。アクセスプロバイダーとしては、HBAC (ホストベースアクセス"
-"制御) ルールを使用します。HBAC の詳細は freeipa.org を参照してください。アク"
-"セスプロバイダーが設定されていなければ、クライアント側において必要になりま"
-"す。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:67
@@ -8647,20 +8784,25 @@ msgstr "ipa_hostname (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:113
+#, fuzzy
+#| msgid ""
+#| "Optional. May be set on machines where the hostname(5) does not reflect "
+#| "the fully qualified name used in the IPA domain to identify this host."
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
+"fully qualified name used in the IPA domain to identify this host.  The "
+"hostname must be fully qualified."
 msgstr ""
 "オプションです。hostname(5) がこのホストを識別するために IPA ドメインにおいて"
 "使用される完全修飾名を反映しないマシンにおいて設定されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121 sssd-ad.5.xml:843
+#: sssd-ipa.5.xml:122 sssd-ad.5.xml:843
 msgid "dyndns_update (boolean)"
 msgstr "dyndns_update (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:125
 msgid ""
 "Optional. This option tells SSSD to automatically update the DNS server "
 "built into FreeIPA with the IP address of this client. The update is secured "
@@ -8670,7 +8812,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:133 sssd-ad.5.xml:857
+#: sssd-ipa.5.xml:134 sssd-ad.5.xml:857
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -8680,7 +8822,7 @@ msgstr ""
 "要があります"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:139
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_update</"
@@ -8688,12 +8830,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:150 sssd-ad.5.xml:868
+#: sssd-ipa.5.xml:151 sssd-ad.5.xml:868
 msgid "dyndns_ttl (integer)"
 msgstr "dyndns_ttl (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:153 sssd-ad.5.xml:871
+#: sssd-ipa.5.xml:154 sssd-ad.5.xml:871
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -8701,7 +8843,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:159
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
@@ -8709,17 +8851,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:164
+#: sssd-ipa.5.xml:165
 msgid "Default: 1200 (seconds)"
 msgstr "初期値: 1200 (秒)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:170 sssd-ad.5.xml:882
+#: sssd-ipa.5.xml:171 sssd-ad.5.xml:882
 msgid "dyndns_iface (string)"
 msgstr "dyndns_iface (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173 sssd-ad.5.xml:885
+#: sssd-ipa.5.xml:174 sssd-ad.5.xml:885
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -8728,7 +8870,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180
+#: sssd-ipa.5.xml:181
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -8736,28 +8878,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:186
-#, fuzzy
-#| msgid "Default: Use the IP address of the IPA LDAP connection"
+#: sssd-ipa.5.xml:187
 msgid ""
 "Default: Use the IP addresses of the interface which is used for IPA LDAP "
 "connection"
-msgstr "初期値: IPA LDAP 接続の IP アドレスを使用します"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:190 sssd-ad.5.xml:896
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:896
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196 sssd-ad.5.xml:947
-#, fuzzy
-#| msgid "dyndns_iface (string)"
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:947
 msgid "dyndns_auth (string)"
-msgstr "dyndns_iface (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199 sssd-ad.5.xml:950
+#: sssd-ipa.5.xml:200 sssd-ad.5.xml:950
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -8765,24 +8903,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:205 sssd-ad.5.xml:956
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:956
 msgid "Default: GSS-TSIG"
-msgstr "初期値: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:212
 msgid "ipa_enable_dns_sites (boolean)"
 msgstr "ipa_enable_dns_sites (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:197
+#: sssd-ipa.5.xml:215 sssd-ad.5.xml:197
 msgid "Enables DNS sites - location based service discovery."
 msgstr "DNS サイトの有効化 - 位置情報に基づいたサービス探索。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:218
+#: sssd-ipa.5.xml:219
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, then the SSSD will first attempt location "
@@ -8794,12 +8930,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:237 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:238 sssd-ad.5.xml:902
 msgid "dyndns_refresh_interval (integer)"
 msgstr "dyndns_refresh_interval (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:240
+#: sssd-ipa.5.xml:241
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -8807,36 +8943,36 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:920
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:920
 msgid "dyndns_update_ptr (bool)"
 msgstr "dyndns_update_ptr (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:923
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:923
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:261
+#: sssd-ipa.5.xml:262
 msgid ""
 "This option should be False in most IPA deployments as the IPA server "
 "generates the PTR records automatically when forward records are changed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:268
 msgid "Default: False (disabled)"
 msgstr "初期値: False (無効)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273 sssd-ad.5.xml:934
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:934
 msgid "dyndns_force_tcp (bool)"
 msgstr "dyndns_force_tcp (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276 sssd-ad.5.xml:937
+#: sssd-ipa.5.xml:277 sssd-ad.5.xml:937
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
@@ -8845,75 +8981,92 @@ msgstr ""
 "どうか。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:941
+#: sssd-ipa.5.xml:281 sssd-ad.5.xml:941
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:286 sssd-ad.5.xml:962
-#, fuzzy
-#| msgid "dyndns_iface (string)"
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:962
 msgid "dyndns_server (string)"
-msgstr "dyndns_iface (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:289 sssd-ad.5.xml:965
+#: sssd-ipa.5.xml:290 sssd-ad.5.xml:965
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:294 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:295 sssd-ad.5.xml:970
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:299 sssd-ad.5.xml:975
+#: sssd-ipa.5.xml:300 sssd-ad.5.xml:975
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:304 sssd-ad.5.xml:980
+#: sssd-ipa.5.xml:305 sssd-ad.5.xml:980
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:310
-msgid "ipa_hbac_search_base (string)"
-msgstr "ipa_hbac_search_base (文字列)"
+#: sssd-ipa.5.xml:311
+#, fuzzy
+#| msgid "ipa_host_search_base (string)"
+msgid "ipa_deskprofile_search_base (string)"
+msgstr "ipa_host_search_base (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Optional. Use the given string as search base for HBAC related objects."
+#: sssd-ipa.5.xml:314
+#, fuzzy
+#| msgid ""
+#| "Optional. Use the given string as search base for HBAC related objects."
+msgid ""
+"Optional. Use the given string as search base for Desktop Profile related "
+"objects."
 msgstr ""
 "オプションです。与えられた文字列を HBAC 関連オブジェクトに対する検索ベースと"
 "して使用します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:317
+#: sssd-ipa.5.xml:318 sssd-ipa.5.xml:331
 msgid "Default: Use base DN"
 msgstr "初期値: ベース DN を使用します"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:324
+msgid "ipa_hbac_search_base (string)"
+msgstr "ipa_hbac_search_base (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:327
+msgid "Optional. Use the given string as search base for HBAC related objects."
+msgstr ""
+"オプションです。与えられた文字列を HBAC 関連オブジェクトに対する検索ベースと"
+"して使用します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:337
 msgid "ipa_host_search_base (string)"
 msgstr "ipa_host_search_base (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:326
+#: sssd-ipa.5.xml:340
 msgid "Optional. Use the given string as search base for host objects."
 msgstr ""
 "オプションです。ホストオブジェクトの検索ベースとして与えられた文字列を使用し"
 "ます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:330 sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 sssd-ipa.5.xml:387
-#: sssd-ipa.5.xml:406
+#: sssd-ipa.5.xml:344 sssd-ipa.5.xml:363 sssd-ipa.5.xml:382 sssd-ipa.5.xml:401
+#: sssd-ipa.5.xml:420
 msgid ""
 "See <quote>ldap_search_base</quote> for information about configuring "
 "multiple search bases."
@@ -8922,71 +9075,71 @@ msgstr ""
 "してください。"
 
 #. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:335 sssd-ipa.5.xml:354 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 include/ldap_search_bases.xml:27
 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 msgstr "初期値: <emphasis>ldap_search_base</emphasis> の値"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:356
 msgid "ipa_selinux_search_base (string)"
 msgstr "ipa_selinux_search_base (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:345
+#: sssd-ipa.5.xml:359
 msgid "Optional. Use the given string as search base for SELinux user maps."
 msgstr ""
 "オプションです。与えられた文字列を SELinux ユーザーマップに対する検索ベースと"
 "して使用します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:375
 msgid "ipa_subdomains_search_base (string)"
 msgstr "ipa_subdomains_search_base (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364
+#: sssd-ipa.5.xml:378
 msgid "Optional. Use the given string as search base for trusted domains."
 msgstr ""
 "オプションです。信頼されたドメインに対する検索ベースとして、与えられた文字列"
 "を使用します。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:373
+#: sssd-ipa.5.xml:387
 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
 msgstr "初期値: <emphasis>cn=trusts,%basedn</emphasis> の値"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:380
+#: sssd-ipa.5.xml:394
 msgid "ipa_master_domain_search_base (string)"
 msgstr "ipa_master_domain_search_base (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:383
+#: sssd-ipa.5.xml:397
 msgid "Optional. Use the given string as search base for master domain object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:406
 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
 msgstr "初期値: <emphasis>cn=ad,cn=etc,%basedn</emphasis> の値"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:399
+#: sssd-ipa.5.xml:413
 msgid "ipa_views_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:402
+#: sssd-ipa.5.xml:416
 msgid "Optional. Use the given string as search base for views containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:411
+#: sssd-ipa.5.xml:425
 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:435
 msgid ""
 "The name of the Kerberos realm. This is optional and defaults to the value "
 "of <quote>ipa_domain</quote>."
@@ -8995,7 +9148,7 @@ msgstr ""
 "quote> の値です。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:425
+#: sssd-ipa.5.xml:439
 msgid ""
 "The name of the Kerberos realm has a special meaning in IPA - it is "
 "converted into the base DN to use for performing LDAP operations."
@@ -9004,55 +9157,91 @@ msgstr ""
 "めに使用するベース DN に変換されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:433 sssd-ad.5.xml:989
+#: sssd-ipa.5.xml:447 sssd-ad.5.xml:989
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:436 sssd-ad.5.xml:992
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:992
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:440 sssd-ad.5.xml:996
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:996
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:444 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1000
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:465
+#, fuzzy
+#| msgid "ipa_hbac_refresh (integer)"
+msgid "ipa_deskprofile_refresh (integer)"
 msgstr "ipa_hbac_refresh (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:468
 msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server. This will reduce the latency and load on the IPA server if there "
+"are many desktop profiles requests made in a short period."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ipa.5.xml:477 sssd-ad.5.xml:408
+#: sssd-ipa.5.xml:475 sssd-ipa.5.xml:505 sssd-ipa.5.xml:521 sssd-ad.5.xml:408
 msgid "Default: 5 (seconds)"
 msgstr "初期値: 5 (秒)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:481
+#, fuzzy
+#| msgid "ldap_sudo_full_refresh_interval (integer)"
+msgid "ipa_deskprofile_request_interval (integer)"
+msgstr "ldap_sudo_full_refresh_interval (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:484
+msgid ""
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server in case the last request did not return any rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:489
+#, fuzzy
+#| msgid "Default: 900 (15 minutes)"
+msgid "Default: 60 (minutes)"
+msgstr "初期値: 900 (15 分)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:495
+msgid "ipa_hbac_refresh (integer)"
+msgstr "ipa_hbac_refresh (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:498
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:511
 msgid "ipa_hbac_selinux (integer)"
 msgstr "ipa_hbac_selinux (整数)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:470
+#: sssd-ipa.5.xml:514
 msgid ""
 "The amount of time between lookups of the SELinux maps against the IPA "
 "server. This will reduce the latency and load on the IPA server if there are "
@@ -9060,194 +9249,192 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:527
 msgid "ipa_server_mode (boolean)"
 msgstr "ipa_server_mode (論理値)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:486
+#: sssd-ipa.5.xml:530
 msgid ""
 "This option will be set by the IPA installer (ipa-server-install) "
 "automatically and denotes if SSSD is running on an IPA server or not."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:535
 msgid ""
 "On an IPA server SSSD will lookup users and groups from trusted domains "
 "directly while on a client it will ask an IPA server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:502
+#: sssd-ipa.5.xml:546
 msgid "ipa_automount_location (string)"
 msgstr "ipa_automount_location (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:505
+#: sssd-ipa.5.xml:549
 msgid "The automounter location this IPA client will be using"
 msgstr "この IPA クライアントが使用する automounter の場所です"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508
+#: sssd-ipa.5.xml:552
 msgid "Default: The location named \"default\""
 msgstr "初期値: \"default\" という名前の場所"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:516
+#: sssd-ipa.5.xml:560
 msgid "VIEWS AND OVERRIDES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:525
+#: sssd-ipa.5.xml:569
 msgid "ipa_view_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:572
 msgid "Objectclass of the view container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:575
 msgid "Default: nsContainer"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:537
+#: sssd-ipa.5.xml:581
 msgid "ipa_view_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:540
+#: sssd-ipa.5.xml:584
 msgid "Name of the attribute holding the name of the view."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:550
-#, fuzzy
-#| msgid "ldap_service_object_class (string)"
+#: sssd-ipa.5.xml:594
 msgid "ipa_override_object_class (string)"
-msgstr "ldap_service_object_class (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:597
 msgid "Objectclass of the override objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:556
+#: sssd-ipa.5.xml:600
 msgid "Default: ipaOverrideAnchor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:606
 msgid "ipa_anchor_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:565
+#: sssd-ipa.5.xml:609
 msgid ""
 "Name of the attribute containing the reference to the original object in a "
 "remote domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:613
 msgid "Default: ipaAnchorUUID"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:619
 msgid "ipa_user_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:578
+#: sssd-ipa.5.xml:622
 msgid ""
 "Name of the objectclass for user overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:583
+#: sssd-ipa.5.xml:627
 msgid "User overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:586
+#: sssd-ipa.5.xml:630
 msgid "ldap_user_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:589
+#: sssd-ipa.5.xml:633
 msgid "ldap_user_uid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:592
+#: sssd-ipa.5.xml:636
 msgid "ldap_user_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:595
+#: sssd-ipa.5.xml:639
 msgid "ldap_user_gecos"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:598
+#: sssd-ipa.5.xml:642
 msgid "ldap_user_home_directory"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:601
+#: sssd-ipa.5.xml:645
 msgid "ldap_user_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:604
+#: sssd-ipa.5.xml:648
 msgid "ldap_user_ssh_public_key"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:653
 msgid "Default: ipaUserOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:615
+#: sssd-ipa.5.xml:659
 msgid "ipa_group_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:618
+#: sssd-ipa.5.xml:662
 msgid ""
 "Name of the objectclass for group overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:623
+#: sssd-ipa.5.xml:667
 msgid "Group overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:626
+#: sssd-ipa.5.xml:670
 msgid "ldap_group_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:629
+#: sssd-ipa.5.xml:673
 msgid "ldap_group_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
+#: sssd-ipa.5.xml:678
 msgid "Default: ipaGroupOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:518
+#: sssd-ipa.5.xml:562
 msgid ""
 "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
 "later version. Since all paths and objectclasses are fixed on the server "
@@ -9257,19 +9444,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:646
+#: sssd-ipa.5.xml:690
 msgid "SUBDOMAINS PROVIDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:692
 msgid ""
 "The IPA subdomains provider behaves slightly differently if it is configured "
 "explicitly or implicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:652
+#: sssd-ipa.5.xml:696
 msgid ""
 "If the option 'subdomains_provider = ipa' is found in the domain section of "
 "sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -9280,7 +9467,7 @@ msgstr ""
 "メインのリクエストが必要に応じて IPA サーバーに送られます。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:658
+#: sssd-ipa.5.xml:702
 msgid ""
 "If the option 'subdomains_provider' is not set in the domain section of sssd."
 "conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -9292,7 +9479,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:675
+#: sssd-ipa.5.xml:719
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -9303,7 +9490,7 @@ msgstr ""
 "例は IPA プロバイダー固有のオプションのみを示しています。"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:682
+#: sssd-ipa.5.xml:726
 #, no-wrap
 msgid ""
 "[domain/example.com]\n"
@@ -9360,14 +9547,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ad.5.xml:54
-#, fuzzy
-#| msgid ""
-#| "The IPA provider accepts the same options used by the <citerefentry> "
-#| "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> identity provider and the <citerefentry> "
-#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> authentication provider with some exceptions described "
-#| "below."
 msgid ""
 "The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity "
@@ -9378,11 +9557,6 @@ msgid ""
 "exceptions. However, it is neither necessary nor recommended to set these "
 "options."
 msgstr ""
-"IPA プロバイダーは <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> 識別プロバイダーおよび "
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> 認証プロバイダーにより使用されるものと同じオプショ"
-"ンを受け付けます。いくつかの例外は以下に説明されています。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ad.5.xml:69
@@ -9463,10 +9637,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:127
-#, fuzzy
-#| msgid "ad_domain (string)"
 msgid "ad_enabled_domains (string)"
-msgstr "ad_domain (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:130
@@ -9486,17 +9658,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:136
-#, fuzzy
-#| msgid ""
-#| "For proper operation, this option should be specified as the lower-case "
-#| "version of the long version of the Active Directory domain."
 msgid ""
 "For proper operation, this option must be specified in all lower-case and as "
 "the fully qualified domain name of the Active Directory domain. For example: "
 "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
-"正しい動作のために、このオプションは Active Directory ドメインの長いバージョ"
-"ンの小文字バージョンとして指定されます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:144
@@ -9512,23 +9678,11 @@ msgstr "ad_server, ad_backup_server (文字列)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:157
-#, fuzzy
-#| msgid ""
-#| "The comma-separated list of hostnames of the AD servers to which SSSD "
-#| "should connect in order of preference. For more information on failover "
-#| "and server redundancy, see the <quote>FAILOVER</quote> section.  This is "
-#| "optional if autodiscovery is enabled.  For more information on service "
-#| "discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
 msgid ""
 "The comma-separated list of hostnames of the AD servers to which SSSD should "
 "connect in order of preference. For more information on failover and server "
 "redundancy, see the <quote>FAILOVER</quote> section."
 msgstr ""
-"SSSD が接続したい AD サーバー（優先順）のホスト名のカンマ区切り一覧です。"
-"フェールオーバーおよびサーバー冗長化に関する詳細は <quote>FAILOVER</quote> セ"
-"クションを参照してください。自動探索が有効になっていると、これはオプションで"
-"す。サービス探索の詳細は <quote>SERVICE DISCOVERY</quote> セクションを参照し"
-"てください。"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:164
@@ -10222,10 +10376,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:819
-#, fuzzy
-#| msgid "Default: 300"
 msgid "Default: 30 days"
-msgstr "初期値: 300"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:825
@@ -10236,18 +10388,16 @@ msgstr ""
 #: sssd-ad.5.xml:828
 msgid ""
 "This option should only be used to test the machine account renewal task. "
-"The option expect 2 integers seperated by a colon (':'). The first integer "
+"The option expects 2 integers separated by a colon (':'). The first integer "
 "defines the interval in seconds how often the task is run. The second "
-"specifies the inital timeout in seconds before the task is run for the first "
-"time after startup."
+"specifies the initial timeout in seconds before the task is run for the "
+"first time after startup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:837
-#, fuzzy
-#| msgid "Default: 86400 (24 hours)"
 msgid "Default: 86400:750 (24h and 15m)"
-msgstr "初期値: 86400 (24 時間)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:846
@@ -10267,12 +10417,10 @@ msgstr "初期値: 3600 (秒)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:892
-#, fuzzy
-#| msgid "Default: Use the IP address of the AD LDAP connection"
 msgid ""
 "Default: Use the IP addresses of the interface which is used for AD LDAP "
 "connection"
-msgstr "初期値: AD の LDAP 接続の IP アドレスを使用します"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:905
@@ -10362,8 +10510,8 @@ msgid ""
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
+#. type: Content of: <reference><refentry><refmeta><refentrytitle>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
 msgid "sssd-sudo"
 msgstr "sssd-sudo"
 
@@ -10712,12 +10860,12 @@ msgid "Run in the foreground, don't become a daemon."
 msgstr "フォアグラウンドで実行して、デーモンになりません。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117 sss_debuglevel.8.xml:42
+#: sssd.8.xml:117
 msgid "<option>-c</option>,<option>--config</option>"
 msgstr "<option>-c</option>,<option>--config</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121 sss_debuglevel.8.xml:46
+#: sssd.8.xml:121
 msgid ""
 "Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
 "conf</filename>. For reference on the config file syntax and options, "
@@ -10920,10 +11068,8 @@ msgstr "初期値: <filename>/etc/sssd/sssd.conf</filename>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_override.8.xml:10 sss_override.8.xml:15
-#, fuzzy
-#| msgid "sss_userdel"
 msgid "sss_override"
-msgstr "sss_userdel"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_override.8.xml:16
@@ -10932,19 +11078,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_override.8.xml:21
-#, fuzzy
-#| msgid ""
-#| "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-#| "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-#| "arg>"
 msgid ""
 "<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</"
 "replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
 "arg>"
 msgstr ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:32
@@ -11013,16 +11151,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:94
-#, fuzzy
-#| msgid ""
-#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-#| "replaceable>"
 msgid ""
 "<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
 "optional>"
 msgstr ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:99
@@ -11118,16 +11250,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:191
-#, fuzzy
-#| msgid ""
-#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-#| "replaceable>"
 msgid ""
 "<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
 "optional>"
 msgstr ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:196
@@ -11195,24 +11321,18 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sss_override.8.xml:261 sssctl.8.xml:50
-#, fuzzy
-#| msgid "SUDO OPTIONS"
 msgid "COMMON OPTIONS"
-msgstr "SUDO オプション"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:263 sssctl.8.xml:52
-#, fuzzy
-#| msgid "This option is not available in IPA provider."
 msgid "Those options are available with all commands."
-msgstr "このオプションは IPA プロバイダーにおいて利用可能ではありません。"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:268 sssctl.8.xml:57
-#, fuzzy
-#| msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
 msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
-msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_useradd.8.xml:10 sss_useradd.8.xml:15
@@ -12402,20 +12522,12 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_cache.8.xml:31
-#, fuzzy
-#| msgid ""
-#| "<command>sss_cache</command> invalidates records in SSSD cache.  "
-#| "Invalidated records are forced to be reloaded from server as soon as "
-#| "related SSSD backend is online."
 msgid ""
 "<command>sss_cache</command> invalidates records in SSSD cache.  Invalidated "
 "records are forced to be reloaded from server as soon as related SSSD "
 "backend is online. Options that invalidate a single object only accept a "
 "single provided argument."
 msgstr ""
-"<command>sss_cache</command> は SSSD キャッシュにあるレコードを無効にします。"
-"無効化されたレコードは、関連する SSSD バックエンドがオンラインになるとすぐ"
-"に、サーバーから強制的に再読み込みされます。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:43
@@ -12424,10 +12536,8 @@ msgstr "<option>-E</option>,<option>--everything</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:47
-#, fuzzy
-#| msgid "Invalidate all cached entries except for sudo rules."
 msgid "Invalidate all cached entries."
-msgstr "sudo ルール以外のすべてのキャッシュ項目を無効化します。"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:53
@@ -12591,42 +12701,27 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:186
-#, fuzzy
-#| msgid ""
-#| "<option>-g</option>,<option>--group</option> <replaceable>group</"
-#| "replaceable>"
 msgid ""
 "<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
 "replaceable>"
 msgstr ""
-"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:191
-#, fuzzy
-#| msgid "Invalidate all cached entries except for sudo rules."
 msgid "Invalidate particular sudo rule."
-msgstr "sudo ルール以外のすべてのキャッシュ項目を無効化します。"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:197
-#, fuzzy
-#| msgid "<option>-R</option>,<option>--no-remove</option>"
 msgid "<option>-R</option>,<option>--sudo-rules</option>"
-msgstr "<option>-R</option>,<option>--no-remove</option>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:201
-#, fuzzy
-#| msgid ""
-#| "Invalidate all user records. This option overrides invalidation of "
-#| "specific user if it was also set."
 msgid ""
 "Invalidate all cached sudo rules. This option overrides invalidation of "
 "specific sudo rule if it was also set."
 msgstr ""
-"すべてのユーザーレコードを無効にします。このオプションも設定されていると、こ"
-"れが特定のユーザーの無効化を上書きします。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:209
@@ -12649,7 +12744,9 @@ msgstr "sss_debuglevel"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_debuglevel.8.xml:16
-msgid "change debug level while SSSD is running"
+#, fuzzy
+#| msgid "change debug level while SSSD is running"
+msgid "[DEPRECATED] change debug level while SSSD is running"
 msgstr "SSSD が実行中にデバッグレベルを変更する"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
@@ -12666,18 +12763,10 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_debuglevel.8.xml:32
 msgid ""
-"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
-"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
-"running."
+"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl "
+"debug-level command. Please refer to the <command>sssctl</command> man page "
+"for more information on sssctl usage."
 msgstr ""
-"<command>sss_debuglevel</command> は SSSD が実行中に SSSD モニターとプロバイ"
-"ダーのデバッグレベルを <replaceable>NEW_DEBUG_LEVEL</replaceable> に変更しま"
-"す。"
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_debuglevel.8.xml:59
-msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
-msgstr "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_seed.8.xml:10 sss_seed.8.xml:15
@@ -13085,7 +13174,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><title>
-#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:182 include/seealso.xml:2
+#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:180 include/seealso.xml:2
 msgid "SEE ALSO"
 msgstr "関連項目"
 
@@ -13140,15 +13229,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_ssh_authorizedkeys.1.xml:41
-#, fuzzy
-#| msgid ""
-#| "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-#| "manvolnum></citerefentry> can be configured to use "
-#| "<command>sss_ssh_authorizedkeys</command> for public key user "
-#| "authentication if it is compiled with support for either "
-#| "<quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</quote> "
-#| "<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
-#| "manvolnum></citerefentry> options."
 msgid ""
 "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
 "citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
@@ -13157,12 +13237,6 @@ msgid ""
 "<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
 "manvolnum></citerefentry> man page for more details about this option."
 msgstr ""
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> は、 <quote>AuthorizedKeysCommand</quote> または "
-"<quote>PubkeyAgent</quote> <citerefentry> <refentrytitle>sshd_config</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> オプションのサポート付"
-"きでコンパイルされていると、公開鍵ユーザー認証のために "
-"<command>sss_ssh_authorizedkeys</command> を使用するために設定できます。"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sss_ssh_authorizedkeys.1.xml:59
@@ -13227,15 +13301,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_ssh_knownhostsproxy.1.xml:33
-#, fuzzy
-#| msgid ""
-#| "<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys "
-#| "for host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
-#| "known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> "
-#| "section of <citerefentry><refentrytitle>sshd</refentrytitle> "
-#| "<manvolnum>8</manvolnum></citerefentry> for more information)  <filename>/"
-#| "var/lib/sss/pubconf/known_hosts</filename> and estabilishes connection to "
-#| "the host."
 msgid ""
 "<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for "
 "host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
@@ -13244,12 +13309,6 @@ msgid ""
 "manvolnum></citerefentry> for more information)  <filename>/var/lib/sss/"
 "pubconf/known_hosts</filename> and establishes the connection to the host."
 msgstr ""
-"<command>sss_ssh_knownhostsproxy</command> はホスト <replaceable>HOST</"
-"replaceable> の SSH ホスト鍵を取得して、個別の OpenSSH known_hosts ファイル "
-"(詳細は  <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> の <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> セク"
-"ションを参照してください)  <filename>/var/lib/sss/pubconf/known_hosts</"
-"filename> に保存して、ホストへの接続を確立します。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_ssh_knownhostsproxy.1.xml:43
@@ -13312,14 +13371,12 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: idmap_sss.8.xml:10 idmap_sss.8.xml:15
-#, fuzzy
-#| msgid "pam_sss"
 msgid "idmap_sss"
-msgstr "pam_sss"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: idmap_sss.8.xml:16
-msgid "SSSSD's idmap_sss Backend for Winbind"
+msgid "SSSD's idmap_sss Backend for Winbind"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
@@ -13331,10 +13388,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: idmap_sss.8.xml:29
-#, fuzzy
-#| msgid "SUDO OPTIONS"
 msgid "IDMAP OPTIONS"
-msgstr "SUDO オプション"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: idmap_sss.8.xml:33
@@ -13348,13 +13403,6 @@ msgid ""
 "authoritative."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><title>
-#: idmap_sss.8.xml:43
-#, fuzzy
-#| msgid "EXAMPLE"
-msgid "EXAMPLES"
-msgstr "例"
-
 #. type: Content of: <reference><refentry><refsect1><para>
 #: idmap_sss.8.xml:45
 msgid ""
@@ -13386,19 +13434,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sssctl.8.xml:21
-#, fuzzy
-#| msgid ""
-#| "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-#| "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-#| "arg>"
 msgid ""
 "<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</"
 "replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
 "arg>"
 msgstr ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssctl.8.xml:32
@@ -13420,10 +13460,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-files.5.xml:10 sssd-files.5.xml:16
-#, fuzzy
-#| msgid "sssd-simple"
 msgid "sssd-files"
-msgstr "sssd-simple"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-files.5.xml:17
@@ -13432,14 +13470,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:23
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the IPA provider for "
-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry>.  For a detailed syntax reference, refer to "
-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> manual page."
 msgid ""
 "This manual page describes the files provider for <citerefentry> "
 "<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -13447,22 +13477,9 @@ msgid ""
 "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
-"このマニュアルページは <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> に対する IPA プロバイダーの設定を説"
-"明しています。詳細な構文の参考資料は <citerefentry> <refentrytitle>sssd."
-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルペー"
-"ジの <quote>ファイル形式</quote> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:36
-#, fuzzy
-#| msgid ""
-#| "Specifies the timeout (in seconds) after which the <citerefentry> "
-#| "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </"
-#| "citerefentry>/<citerefentry> <refentrytitle>select</refentrytitle> "
-#| "<manvolnum>2</manvolnum> </citerefentry> following a <citerefentry> "
-#| "<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-#| "citerefentry> returns in case of no activity."
 msgid ""
 "The files provider mirrors the content of the <citerefentry> "
 "<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -13473,20 +13490,9 @@ msgid ""
 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>."
 msgstr ""
-"<citerefentry> <refentrytitle>connect</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> に続けて <citerefentry> <refentrytitle>poll</"
-"refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/<citerefentry> "
-"<refentrytitle>select</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> が未使用を返した後のタイムアウト（秒単位）を指定します。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:59
-#, fuzzy
-#| msgid ""
-#| "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> manual page for details on the configuration of an SSSD "
-#| "domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
 "The files provider has no specific options of its own, however, generic SSSD "
 "domain options can be set where applicable.  Refer to the section "
@@ -13494,25 +13500,13 @@ msgid ""
 "conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
 "for details on the configuration of an SSSD domain."
 msgstr ""
-"SSSD ドメインの設定に関する詳細は <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルページの "
-"<quote>ドメインセクション</quote> のセクションを参照してください。  "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:73
-#, fuzzy
-#| msgid ""
-#| "The following example assumes that SSSD is correctly configured and LDAP "
-#| "is set to one of the domains in the <replaceable>[domains]</replaceable> "
-#| "section."
 msgid ""
 "The following example assumes that SSSD is correctly configured and files is "
 "one of the domains in the <replaceable>[sssd]</replaceable> section."
 msgstr ""
-"以下の例は、SSSD が正しく設定され、LDAP が <replaceable>[domains]</"
-"replaceable> セクションにあるドメインのどれかに設定されていると仮定していま"
-"す。"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sssd-files.5.xml:79
@@ -13524,10 +13518,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-secrets.5.xml:10 sssd-secrets.5.xml:16
-#, fuzzy
-#| msgid "sssd-simple"
 msgid "sssd-secrets"
-msgstr "sssd-simple"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-secrets.5.xml:17
@@ -13536,14 +13528,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-secrets.5.xml:23
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the IPA provider for "
-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry>.  For a detailed syntax reference, refer to "
-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> manual page."
 msgid ""
 "This manual page describes the configuration of the Secrets responder for "
 "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
@@ -13551,11 +13535,6 @@ msgid ""
 "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
-"このマニュアルページは <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> に対する IPA プロバイダーの設定を説"
-"明しています。詳細な構文の参考資料は <citerefentry> <refentrytitle>sssd."
-"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルペー"
-"ジの <quote>ファイル形式</quote> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-secrets.5.xml:36
@@ -13589,20 +13568,61 @@ msgid ""
 "nested."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:69
+msgid "secrets"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:70
+msgid "secrets for general usage"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:73
+msgid "kcm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:75
+#, fuzzy
+#| msgid ""
+#| "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
+#| "<manvolnum>8</manvolnum> </citerefentry> to specify the default "
+#| "permissions on a newly created home directory."
+msgid ""
+"used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> service."
+msgstr ""
+"新規に作成されるホームディレクトリーにパーミッションの初期値を指定するために "
+"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry> により使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:61
+msgid ""
+"Since the secrets responder can be used both externally to store general "
+"secrets, as described in the rest of this man page, but also internally by "
+"other SSSD components to store their secret material, some configuration "
+"options, like quotas can be configured per <quote>hive</quote> in a "
+"configuration subsection named after the hive. The currently supported hives "
+"are: <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:63
+#: sssd-secrets.5.xml:89
 msgid "USING THE SECRETS RESPONDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:65
+#: sssd-secrets.5.xml:91
 msgid ""
 "The UNIX socket the SSSD responder listens on is located at <filename>/var/"
 "run/secrets.socket</filename>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:84 sssd-kcm.8.xml:132
+#: sssd-secrets.5.xml:110
 #, no-wrap
 msgid ""
 "systemctl start sssd-secrets.socket\n"
@@ -13612,7 +13632,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:69
+#: sssd-secrets.5.xml:95
 msgid ""
 "The secrets responder is socket-activated by <citerefentry> "
 "<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </"
@@ -13627,12 +13647,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:96
-#, fuzzy
-#| msgid ""
-#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page for more details."
+#: sssd-secrets.5.xml:122
 msgid ""
 "The generic SSSD responder options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the secrets responder.  Please refer "
@@ -13640,24 +13655,28 @@ msgid ""
 "manvolnum> </citerefentry> manual page for a complete list. In addition, "
 "there are some secrets-specific options as well."
 msgstr ""
-"詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> マニュアルページにある "
-"<quote>dns_discovery_domain</quote> パラメーターを参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:132
+msgid ""
+"The secrets responder is configured with a global <quote>[secrets]</quote> "
+"section and an optional per-user <quote>[secrets/users/$uid]</quote> section "
+"in <filename>sssd.conf</filename>. Please note that some options, notably as "
+"the provider type, can only be specified in the per-user subsections."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:107
-#, fuzzy
-#| msgid "id_provider (string)"
+#: sssd-secrets.5.xml:141
 msgid "provider (string)"
-msgstr "id_provider (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:120
+#: sssd-secrets.5.xml:157
 msgid "local"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:123
+#: sssd-secrets.5.xml:160
 msgid ""
 "The secrets are stored in a local database, encrypted at rest with a master "
 "key. The local provider does not have any additional config options at the "
@@ -13665,161 +13684,192 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:131
+#: sssd-secrets.5.xml:168
 msgid "proxy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:134
+#: sssd-secrets.5.xml:171
 msgid ""
 "The secrets responder forwards the requests to a Custodia server. The proxy "
 "provider supports several additional options (see below)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:110
+#: sssd-secrets.5.xml:144
 msgid ""
 "This option specifies where should the secrets be stored. The secrets "
-"responder can configure a per-user subsections that define which provider "
-"store the secrets for this particular user. The per-user subsections should "
-"contain all options for that user's provider. If a per-user section does not "
-"exist, the global settings from the secret responder's section are used.  "
-"The following providers are supported: <placeholder type=\"variablelist\" id="
-"\"0\"/>"
+"responder can configure a per-user subsections (e.g. <quote>[secrets/"
+"users/123]</quote> - see bottom of this manual page for a full example using "
+"Custodia for a particular user) that define which provider store the secrets "
+"for this particular user. The per-user subsections should contain all "
+"options for that user's provider. Please note that currently the global "
+"provider is always local, the proxy provider can only be specified in a per-"
+"user section. The following providers are supported: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:143
-#, fuzzy
-#| msgid "Default: ldap"
+#: sssd-secrets.5.xml:180
 msgid "Default: local"
-msgstr "初期値: ldap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:186
+msgid ""
+"The following options affect only the secrets <quote>hive</quote> and "
+"therefore should be set in a per-hive subsection. Setting the option to 0 "
+"means \"unlimited\"."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:148
-#, fuzzy
-#| msgid "ldap_group_nesting_level (integer)"
+#: sssd-secrets.5.xml:192
 msgid "containers_nest_level (integer)"
-msgstr "ldap_group_nesting_level (整数)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:151
+#: sssd-secrets.5.xml:195
 msgid "This option specifies the maximum allowed number of nested containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:155
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-secrets.5.xml:199
 msgid "Default: 4"
-msgstr "初期値: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:160
-#, fuzzy
-#| msgid "timeout (integer)"
+#: sssd-secrets.5.xml:204
 msgid "max_secrets (integer)"
-msgstr "timeout (整数)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:163
-msgid "This option specifies the maximum number of secrets that can be stored."
+#: sssd-secrets.5.xml:207
+msgid ""
+"This option specifies the maximum number of secrets that can be stored in "
+"the hive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:167
-#, fuzzy
-#| msgid "Default: 10"
-msgid "Default: 1024"
-msgstr "初期値: 10"
+#: sssd-secrets.5.xml:211
+msgid "Default: 1024 (secrets hive), 256 (kcm hive)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:172
+#: sssd-secrets.5.xml:216
 #, fuzzy
-#| msgid "ldap_page_size (integer)"
+#| msgid "pam_id_timeout (integer)"
+msgid "max_uid_secrets (integer)"
+msgstr "pam_id_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:219
+msgid ""
+"This option specifies the maximum number of secrets that can be stored per-"
+"UID in the hive."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:223
+msgid "Default: 256 (secrets hive), 64 (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:228
 msgid "max_payload_size (integer)"
-msgstr "ldap_page_size (整数)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:175
+#: sssd-secrets.5.xml:231
 msgid ""
 "This option specifies the maximum payload size allowed for a secret payload "
 "in kilobytes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:179
-#, fuzzy
-#| msgid "Default: 1"
-msgid "Default: 16"
-msgstr "初期値: 1"
+#: sssd-secrets.5.xml:235
+msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-secrets.5.xml:244
+#, no-wrap
+msgid ""
+"[secrets/secrets]\n"
+"max_payload_size = 128\n"
+"\n"
+"[secrets/kcm]\n"
+"max_payload_size = 256\n"
+"            "
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:185
+#: sssd-secrets.5.xml:241
+msgid ""
+"For example, to adjust quotas differently for both the <quote>secrets</"
+"quote> and the <quote>kcm</quote> hives, configure the following: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:252
 msgid ""
 "The following options are only applicable for configurations that use the "
 "<quote>proxy</quote> provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:190
-#, fuzzy
-#| msgid "proxy_lib_name (string)"
+#: sssd-secrets.5.xml:257
 msgid "proxy_url (string)"
-msgstr "proxy_lib_name (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:193
+#: sssd-secrets.5.xml:260
 msgid ""
 "The URL the Custodia server is listening on. At the moment, http and https "
 "protocols are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:200
-#, fuzzy
-#| msgid "ldap[s]://&lt;host&gt;[:port]"
+#: sssd-secrets.5.xml:267
 msgid "http[s]://&lt;host&gt;[:port]"
-msgstr "ldap[s]://&lt;host&gt;[:port]"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:203
+#: sssd-secrets.5.xml:270
 msgid "Example: http://localhost:8080"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:208
-#, fuzzy
-#| msgid "auth_provider (string)"
+#: sssd-secrets.5.xml:275
 msgid "auth_type (string)"
-msgstr "auth_provider (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:211
+#: sssd-secrets.5.xml:278
 msgid ""
 "The method to use when authenticating to a Custodia server. The following "
 "authentication methods are supported:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:216
+#: sssd-secrets.5.xml:283
 msgid "basic_auth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:219
+#: sssd-secrets.5.xml:286
 msgid ""
 "Authenticate with a username and a password as set in the <quote>username</"
 "quote> and <quote>password</quote> options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:226
+#: sssd-secrets.5.xml:293
 msgid "header"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:229
+#: sssd-secrets.5.xml:296
 msgid ""
 "Authenticate with HTTP header value as defined in the "
 "<quote>auth_header_name</quote> and <quote>auth_header_value</quote> "
@@ -13827,14 +13877,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:240
-#, fuzzy
-#| msgid "ldap_user_name (string)"
+#: sssd-secrets.5.xml:307
 msgid "auth_header_name (string)"
-msgstr "ldap_user_name (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:243
+#: sssd-secrets.5.xml:310
 msgid ""
 "If set, the secrets responder would put a header with this name into the "
 "HTTP request with the value defined in the <quote>auth_header_value</quote> "
@@ -13842,95 +13890,81 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:248
+#: sssd-secrets.5.xml:315
 msgid "Example: MYSECRETNAME"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:253
-#, fuzzy
-#| msgid "ldap_autofs_entry_value (string)"
+#: sssd-secrets.5.xml:320
 msgid "auth_header_value (string)"
-msgstr "ldap_autofs_entry_value (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:256
+#: sssd-secrets.5.xml:323
 msgid ""
 "The value sssd-secrets would use for the <quote>auth_header_name</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:260
-#, fuzzy
-#| msgid "Example:"
+#: sssd-secrets.5.xml:327
 msgid "Example: mysecret"
-msgstr "例:"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:265
-#, fuzzy
-#| msgid "override_homedir (string)"
+#: sssd-secrets.5.xml:332
 msgid "forward_headers (list of strings)"
-msgstr "override_homedir (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:268
+#: sssd-secrets.5.xml:335
 msgid ""
 "The list of HTTP headers to forward to the Custodia server together with the "
 "request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:277
-#, fuzzy
-#| msgid "try_inotify (boolean)"
+#: sssd-secrets.5.xml:344
 msgid "verify_peer (boolean)"
-msgstr "try_inotify (論理値)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:280
+#: sssd-secrets.5.xml:347
 msgid ""
 "Whether peer's certificate should be verified and valid if HTTPS protocol is "
 "used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:289
-#, fuzzy
-#| msgid "try_inotify (boolean)"
+#: sssd-secrets.5.xml:356
 msgid "verify_host (boolean)"
-msgstr "try_inotify (論理値)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:292
+#: sssd-secrets.5.xml:359
 msgid ""
 "Whether peer's hostname must match with hostname in its certificate if HTTPS "
 "protocol is used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:302
-#, fuzzy
-#| msgid "ldap_sasl_authid (string)"
+#: sssd-secrets.5.xml:369
 msgid "capath (string)"
-msgstr "ldap_sasl_authid (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:305
+#: sssd-secrets.5.xml:372
 msgid ""
 "Path to directory containing stored certificate authority certificates. "
 "System default path is used if this option is not set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:315
-#, fuzzy
-#| msgid "ldap_tls_cacert (string)"
+#: sssd-secrets.5.xml:382
 msgid "cacert (string)"
-msgstr "ldap_tls_cacert (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:318
+#: sssd-secrets.5.xml:385
 msgid ""
 "Path to file containing server's certificate authority certificate. If this "
 "option is not set then the CA's certificate is looked up in <quote>capath</"
@@ -13938,14 +13972,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:328
-#, fuzzy
-#| msgid "ldap_tls_cert (string)"
+#: sssd-secrets.5.xml:395
 msgid "cert (string)"
-msgstr "ldap_tls_cert (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:331
+#: sssd-secrets.5.xml:398
 msgid ""
 "Path to file containing client's certificate if required by the server. This "
 "file may also contain private key or the private key may be in separate file "
@@ -13953,26 +13985,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:342
-#, fuzzy
-#| msgid "skel_dir (string)"
+#: sssd-secrets.5.xml:409
 msgid "key (string)"
-msgstr "skel_dir (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:345
-#, fuzzy
-#| msgid "Specifies the file that contains the client's key."
+#: sssd-secrets.5.xml:412
 msgid "Path to file containing client's private key."
-msgstr "クライアントのキーを含むファイルを指定します。"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:355
+#: sssd-secrets.5.xml:422
 msgid "USING THE REST API"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:357
+#: sssd-secrets.5.xml:424
 msgid ""
 "This section lists the available commands and includes examples using the "
 "<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> "
@@ -13987,19 +14015,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:374
+#: sssd-secrets.5.xml:441
 msgid "Listing secrets"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:377
+#: sssd-secrets.5.xml:444
 msgid ""
 "To list the available secrets, send a HTTP GET request with a trailing slash "
 "appended to the container path."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:383
+#: sssd-secrets.5.xml:450
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -14009,19 +14037,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:391
+#: sssd-secrets.5.xml:458
 msgid "Retrieving a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:394
+#: sssd-secrets.5.xml:461
 msgid ""
 "To read a value of a single secret, send a HTTP GET request without a "
 "trailing slash. The last portion of the URI is the name of the secret."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:401
+#: sssd-secrets.5.xml:468
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -14031,7 +14059,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:406
+#: sssd-secrets.5.xml:473
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -14041,21 +14069,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:399
-#, fuzzy
-#| msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
+#: sssd-secrets.5.xml:466
 msgid ""
 "Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
 "\"programlisting\" id=\"1\"/>"
-msgstr "例: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:414
+#: sssd-secrets.5.xml:481
 msgid "Setting a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:417
+#: sssd-secrets.5.xml:484
 msgid ""
 "To set a secret using the <quote>application/json</quote> type, send a HTTP "
 "PUT request with a JSON payload that includes type and value. The type "
@@ -14064,14 +14090,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:425
+#: sssd-secrets.5.xml:492
 msgid ""
 "The <quote>application/json</quote> type just sends the secret as the "
 "message payload."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:434
+#: sssd-secrets.5.xml:501
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -14082,7 +14108,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:440
+#: sssd-secrets.5.xml:507
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -14093,7 +14119,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:429
+#: sssd-secrets.5.xml:496
 msgid ""
 "The following example sets a secret named 'foo' to a value of 'foosecret' "
 "and a secret named 'bar' to a value of 'barsecret' using a different Content "
@@ -14102,12 +14128,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:449
+#: sssd-secrets.5.xml:516
 msgid "Creating a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:452
+#: sssd-secrets.5.xml:519
 msgid ""
 "Containers provide an additional namespace for this user's secrets. To "
 "create a container, send a HTTP POST request, whose URI ends with the "
@@ -14115,7 +14141,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:462
+#: sssd-secrets.5.xml:529
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -14125,20 +14151,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:459
-#, fuzzy
-#| msgid ""
-#| "The following expansions are supported: <placeholder type=\"variablelist"
-#| "\" id=\"0\"/>"
+#: sssd-secrets.5.xml:526
 msgid ""
 "The following example creates a container named 'mycontainer': <placeholder "
 "type=\"programlisting\" id=\"0\"/>"
 msgstr ""
-"以下の拡張モジュールがサポートされます: <placeholder type=\"variablelist\" "
-"id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:471
+#: sssd-secrets.5.xml:538
 #, no-wrap
 msgid ""
 "http://localhost/secrets/mycontainer/mysecret\n"
@@ -14146,28 +14166,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:468
+#: sssd-secrets.5.xml:535
 msgid ""
 "To manipulate secrets under this container, just nest the secrets underneath "
 "the container path: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:477
-#, fuzzy
-#| msgid "delete a user account"
+#: sssd-secrets.5.xml:544
 msgid "Deleting a secret or a container"
-msgstr "ユーザーアカウントを削除する"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:480
+#: sssd-secrets.5.xml:547
 msgid ""
 "To delete a secret or a container, send a HTTP DELETE request with a path to "
 "the secret or the container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:486
+#: sssd-secrets.5.xml:553
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -14177,25 +14195,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:484
-#, fuzzy
-#| msgid ""
-#| "The following expansions are supported: <placeholder type=\"variablelist"
-#| "\" id=\"0\"/>"
+#: sssd-secrets.5.xml:551
 msgid ""
 "The following example deletes a secret named 'foo'.  <placeholder type="
 "\"programlisting\" id=\"0\"/>"
 msgstr ""
-"以下の拡張モジュールがサポートされます: <placeholder type=\"variablelist\" "
-"id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:496
+#: sssd-secrets.5.xml:563
 msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:498
+#: sssd-secrets.5.xml:565
 msgid ""
 "For testing the proxy provider, you need to set up a Custodia server to "
 "proxy requests to. Please always consult the Custodia documentation, the "
@@ -14203,7 +14215,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:509
+#: sssd-secrets.5.xml:576
 #, no-wrap
 msgid ""
 "[global]\n"
@@ -14233,7 +14245,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:503
+#: sssd-secrets.5.xml:570
 msgid ""
 "This configuration will set up a Custodia server listening on http://"
 "localhost:8080, allowing anyone with header named MYSECRETNAME set to "
@@ -14243,14 +14255,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:535
+#: sssd-secrets.5.xml:602
 msgid ""
 "Then run the <replaceable>custodia</replaceable> command, pointing it at the "
 "config file as a command line argument."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:539
+#: sssd-secrets.5.xml:606
 msgid ""
 "Please note that currently it's not possible to proxy all requests globally "
 "to a Custodia instance. Instead, per-user subsections for user IDs that "
@@ -14261,7 +14273,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><programlisting>
-#: sssd-secrets.5.xml:547
+#: sssd-secrets.5.xml:614
 #, no-wrap
 msgid ""
 "[secrets]\n"
@@ -14276,11 +14288,91 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
+#: sssd-session-recording.5.xml:16
+msgid "sssd-session-recording"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-session-recording.5.xml:17
+#, fuzzy
+#| msgid "Configuring sudo with the SSSD back end"
+msgid "Configuring session recording with SSSD"
+msgstr "SSSD バックエンドを用いた sudo の設定法"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:23
 #, fuzzy
-#| msgid "sssd-krb5"
+#| msgid ""
+#| "This manual page describes the configuration of the simple access-control "
+#| "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
+#| "<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax "
+#| "reference, refer to the <quote>FILE FORMAT</quote> section of the "
+#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> manual page."
+msgid ""
+"This manual page describes how to configure <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to "
+"implement user session recording on text terminals.  For a detailed "
+"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> "
+"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+"このマニュアルは <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> に対して簡単なアクセス制御の設定を説"
+"明しています。詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> マニュアルページの <quote>ファイル形"
+"式</quote> セクションを参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:41
+msgid ""
+"SSSD can be set up to enable recording of everything specific users see or "
+"type during their sessions on text terminals. E.g.  when users log in on the "
+"console, or via SSH. SSSD itself doesn't record anything, but makes sure "
+"tlog-rec-session is started upon user login, so it can record according to "
+"its configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:48
+msgid ""
+"For users with session recording enabled, SSSD replaces the user shell with "
+"tlog-rec-session in NSS responses, and adds a variable specifying the "
+"original shell to the user environment, upon PAM session setup. This way "
+"tlog-rec-session can be started in place of the user shell, and know which "
+"actual shell to start, once it set up the recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:60
+#, fuzzy
+#| msgid "These options can be used to configure the SSH service."
+msgid "These options can be used to configure the session recording."
+msgstr "これらのオプションは SSH サービスを設定するために使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:146
+msgid ""
+"The following snippet of sssd.conf enables session recording for users "
+"\"contractor1\" and \"contractor2\", and group \"students\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-session-recording.5.xml:151
+#, no-wrap
+msgid ""
+"[session_recording]\n"
+"scope = some\n"
+"users = contractor1, contractor2\n"
+"groups = students\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
 msgid "sssd-kcm"
-msgstr "sssd-krb5"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-kcm.8.xml:17
@@ -14338,20 +14430,12 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 #: sssd-kcm.8.xml:61
-#, fuzzy
-#| msgid ""
-#| "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> for more information on configuring Kerberos."
 msgid ""
 "the SSSD implementation stores the ccaches in the SSSD <citerefentry> "
 "<refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</manvolnum> </"
 "citerefentry> secrets store, allowing the ccaches to survive KCM server "
 "restarts or machine reboots."
 msgstr ""
-"<quote>krb5</quote> は Kerberos 認証向けです。Kerberos の設定に関する詳細は "
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> を参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-kcm.8.xml:69
@@ -14377,13 +14461,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-kcm.8.xml:78
-#, fuzzy
-#| msgid ""
-#| "If the auth-module krb5 is used in an SSSD domain, the following options "
-#| "must be used. See the <citerefentry> <refentrytitle>sssd.conf</"
-#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, "
-#| "section <quote>DOMAIN SECTIONS</quote>, for details on the configuration "
-#| "of an SSSD domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
 "In order to use KCM credential cache, it must be selected as the default "
 "credential type in <citerefentry> <refentrytitle>krb5.conf</"
@@ -14391,11 +14468,6 @@ msgid ""
 "cache name must be only <quote>KCM:</quote> without any template "
 "expansions.  For example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
-"認証モジュール krb5 が SSSD ドメインにおいて使用されていると、以下のオプショ"
-"ンを使用する必要があります。 SSSD ドメインの設定における詳細は "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> マニュアルページの <quote>ドメインセクション</"
-"quote> を参照してください。  <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-kcm.8.xml:91
@@ -14414,7 +14486,6 @@ msgstr ""
 msgid ""
 "systemctl start sssd-kcm.socket\n"
 "systemctl enable sssd-kcm.socket\n"
-"systemctl enable sssd-kcm.service\n"
 "            "
 msgstr ""
 
@@ -14431,12 +14502,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-kcm.8.xml:123
+#: sssd-kcm.8.xml:122
 msgid "THE CREDENTIAL CACHE STORAGE"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:131
+#, no-wrap
+msgid ""
+"systemctl start sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.socket\n"
+"            "
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:125
+#: sssd-kcm.8.xml:124
 msgid ""
 "The credential caches are stored in the SSSD secrets service (see "
 "<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
@@ -14447,15 +14527,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:143
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the simple access-control "
-#| "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-#| "<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax "
-#| "reference, refer to the <quote>FILE FORMAT</quote> section of the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page."
+#: sssd-kcm.8.xml:141
 msgid ""
 "The KCM service is configured in the <quote>kcm</quote> section of the sssd."
 "conf file. Please note that currently, is it not sufficient to restart the "
@@ -14466,19 +14538,9 @@ msgid ""
 "<quote>FILE FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd."
 "conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
-"このマニュアルは <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> に対して簡単なアクセス制御の設定を説"
-"明しています。詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> マニュアルページの <quote>ファイル形"
-"式</quote> セクションを参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:157
-#, fuzzy
-#| msgid ""
-#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page for more details."
+#: sssd-kcm.8.xml:155
 msgid ""
 "The generic SSSD service options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the kcm service.  Please refer to "
@@ -14486,47 +14548,427 @@ msgid ""
 "manvolnum> </citerefentry> manual page for a complete list. In addition, "
 "there are some KCM-specific options as well."
 msgstr ""
-"詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> マニュアルページにある "
-"<quote>dns_discovery_domain</quote> パラメーターを参照してください。"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-kcm.8.xml:168
-#, fuzzy
-#| msgid "skel_dir (string)"
+#: sssd-kcm.8.xml:166
 msgid "socket_path (string)"
-msgstr "skel_dir (文字列)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:171
+#: sssd-kcm.8.xml:169
 msgid "The socket the KCM service will listen on."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:174
+#: sssd-kcm.8.xml:172
 msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:184
-#, fuzzy
-#| msgid ""
-#| "The IPA provider accepts the same options used by the <citerefentry> "
-#| "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> identity provider and the <citerefentry> "
-#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> authentication provider with some exceptions described "
-#| "below."
+#: sssd-kcm.8.xml:182
 msgid ""
 "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>,"
 msgstr ""
-"IPA プロバイダーは <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> 識別プロバイダーおよび "
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> 認証プロバイダーにより使用されるものと同じオプショ"
-"ンを受け付けます。いくつかの例外は以下に説明されています。"
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
+#, fuzzy
+#| msgid "sssd-simple"
+msgid "sssd-systemtap"
+msgstr "sssd-simple"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-systemtap.5.xml:17
+msgid "SSSD systemtap information"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:23
+#, fuzzy
+#| msgid ""
+#| "This manual page only describes attribute name mapping.  For detailed "
+#| "explanation of sudo related attribute semantics, see <citerefentry> "
+#| "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
+#| "citerefentry>"
+msgid ""
+"This manual page provides information about the systemtap functionality in "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+"このマニュアルページは属性名マッピングのみを説明します。 sudo に関連する属性"
+"セマンティックの詳細な説明は <citerefentry> <refentrytitle>sudoers.ldap</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry> を参照してください"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:32
+msgid ""
+"SystemTap Probe points have been added into various locations in SSSD code "
+"to assist in troubleshooting and analyzing performance related issues."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:40
+msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:46
+msgid ""
+"Probes and miscellaneous functions are defined in /usr/share/systemtap/"
+"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp "
+"respectively."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-systemtap.5.xml:57
+msgid "PROBE POINTS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:341
+msgid ""
+"The information below lists the probe points and arguments available in the "
+"following format:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:64
+#, fuzzy
+#| msgid "realm name"
+msgid "probe $name"
+msgstr "レルム名"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:67
+msgid "Description of probe point"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:70
+#, no-wrap
+msgid ""
+"variable1:datatype\n"
+"variable2:datatype\n"
+"variable3:datatype\n"
+"...\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:80
+msgid "Database Transaction Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:84
+msgid "probe sssd_transaction_start"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:87
+msgid ""
+"Start of a sysdb transaction, probes the sysdb_transaction_start() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118
+#: sssd-systemtap.5.xml:131
+#, no-wrap
+msgid ""
+"nesting:integer\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:97
+msgid "probe sssd_transaction_cancel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:100
+msgid ""
+"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel()  "
+"function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:111
+msgid "probe sssd_transaction_commit_before"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:114
+msgid "Probes the sysdb_transaction_commit_before()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:124
+msgid "probe sssd_transaction_commit_after"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:127
+msgid "Probes the sysdb_transaction_commit_after()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:141
+msgid "LDAP Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:145
+msgid "probe sdap_search_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:148
+msgid "Probes the sdap_get_generic_ext_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:152 sssd-systemtap.5.xml:167 sssd-systemtap.5.xml:196
+#, no-wrap
+msgid ""
+"base:string\n"
+"scope:integer\n"
+"filter:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:160
+msgid "probe sdap_search_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:163
+msgid "Probes the sdap_get_generic_ext_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:175
+msgid "probe sdap_deref_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:178
+msgid "Probes the sdap_deref_search_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:182
+#, no-wrap
+msgid ""
+"base_dn:string\n"
+"deref_attr:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:189
+msgid "probe sdap_deref_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:192
+msgid "Probes the sdap_deref_search_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:208
+msgid "LDAP Account Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:212
+msgid "probe sdap_acct_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:215
+msgid "Probes the sdap_acct_req_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:219 sssd-systemtap.5.xml:234
+#, no-wrap
+msgid ""
+"entry_type:int\n"
+"filter_type:int\n"
+"filter_value:string\n"
+"extra_value:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:227
+msgid "probe sdap_acct_req_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:230
+msgid "Probes the sdap_acct_req_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:246
+msgid "LDAP User Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:250
+msgid "probe sdap_search_user_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:253
+msgid "Probes the sdap_search_user_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
+#: sssd-systemtap.5.xml:293
+#, fuzzy, no-wrap
+#| msgid ""
+#| "fallback_homedir = /home/%u\n"
+#| "                            "
+msgid ""
+"filter:string\n"
+"                       "
+msgstr ""
+"fallback_homedir = /home/%u\n"
+"                            "
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:262
+msgid "probe sdap_search_user_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:265
+msgid "Probes the sdap_search_user_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:274
+msgid "probe sdap_search_user_save_begin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:277
+msgid "Probes the sdap_search_user_save_begin()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:286
+msgid "probe sdap_search_user_save_end"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:289
+msgid "Probes the sdap_search_user_save_end()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:302
+msgid "Data Provider Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:306
+msgid "probe dp_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:309
+msgid "A Data Provider request is submitted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:312
+#, no-wrap
+msgid ""
+"dp_req_domain:string\n"
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:320
+msgid "probe dp_req_done"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:323
+msgid "A Data Provider request is completed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:326
+#, no-wrap
+msgid ""
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"dp_ret:int\n"
+"dp_errorstr:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:339
+msgid "MISCELLANEOUS FUNCTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:346
+msgid "function acct_req_desc(entry_type)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:349
+msgid "Convert entry_type to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:354
+msgid ""
+"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
+"filter_value, extra_value)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:358
+msgid "Create probe string based on filter type"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:363
+msgid "function dp_target_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:366
+msgid "Convert target to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:371
+msgid "function dp_method_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:374
+msgid "Convert method to string and return string"
+msgstr ""
 
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
@@ -14608,16 +15050,10 @@ msgstr "サービス検索メカニズムに関する詳細は RFC 2782 を参�
 
 #. type: Content of: <refentryinfo>
 #: include/upstream.xml:2
-#, fuzzy
-#| msgid ""
-#| "<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-#| "fedorahosted.org/sssd</orgname>"
 msgid ""
 "<productname>SSSD</productname> <orgname>The SSSD upstream - https://pagure."
 "io/SSSD/sssd/</orgname>"
 msgstr ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
 
 #. type: Content of: outside any tag (error?)
 #: include/upstream.xml:1
@@ -14698,6 +15134,83 @@ msgid ""
 "offline mode, and then attempts to reconnect every 30 seconds."
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:53
+msgid "Failover time outs and tuning"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:55
+msgid ""
+"Resolving a server to connect to can be as simple as running a single DNS "
+"query or can involve several steps, such as finding the correct site or "
+"trying out multiple host names in case some of the configured servers are "
+"not reachable. The more complex scenarios can take some time and SSSD needs "
+"to balance between providing enough time to finish the resolution process "
+"but on the other hand, not trying for too long before falling back to "
+"offline mode. If the SSSD debug logs show that the server resolution is "
+"timing out before a live server is contacted, you can consider changing the "
+"time outs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:76
+#, fuzzy
+#| msgid "dns_resolver_timeout (integer)"
+msgid "dns_resolver_op_timeout"
+msgstr "dns_resolver_timeout (整数)"
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:80
+msgid "How long would SSSD talk to a single DNS server."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:86
+#, fuzzy
+#| msgid "dns_resolver_timeout (integer)"
+msgid "dns_resolver_timeout"
+msgstr "dns_resolver_timeout (整数)"
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:90
+msgid ""
+"How long would SSSD try to resolve a failover service. This service "
+"resolution internally might include several steps, such as resolving DNS SRV "
+"queries or locating the site."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:67
+#, fuzzy
+#| msgid ""
+#| "All of the common configuration options that apply to SSSD domains also "
+#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
+#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details.  "
+#| "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgid ""
+"This section lists the available tunables. Please refer to their description "
+"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, manual page.  <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+"SSSD ドメインに適用するすべての全体設定オプションを LDAP ドメインに適用しま"
+"す。完全な詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> マニュアルページの <quote>ドメインセ"
+"クション</quote> を参照してください。  <placeholder type=\"variablelist\" id="
+"\"0\"/>"
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:100
+msgid ""
+"For LDAP-based providers, the resolve operation is performed as part of an "
+"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"quote> timeout should be set to a larger value than "
+"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
+"value than <quote>dns_resolver_op_timeout</quote>."
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/ldap_id_mapping.xml:2
 msgid "ID MAPPING"
@@ -15004,10 +15517,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
 #: include/ldap_id_mapping.xml:249
-#, fuzzy
-#| msgid "ldap_idmap_range_size (integer)"
 msgid "ldap_idmap_helper_table_size (integer)"
-msgstr "ldap_idmap_range_size (整数)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
 #: include/ldap_id_mapping.xml:252
@@ -15254,16 +15765,10 @@ msgstr ""
 
 #. type: Content of: outside any tag (error?)
 #: include/experimental.xml:1
-#, fuzzy
-#| msgid ""
-#| "<emphasis> This is an experimental feature, please use http://"
-#| "fedorahosted.org/sssd to report any issues.  </emphasis>"
 msgid ""
 "<emphasis> This is an experimental feature, please use https://pagure.io/"
 "SSSD/sssd/ to report any issues.  </emphasis>"
 msgstr ""
-"<emphasis> これは実験的な機能です、何らかの問題を報告するには http://"
-"fedorahosted.org/sssd を使用してください。 </emphasis>"
 
 #. type: Content of: <refsect1><title>
 #: include/local.xml:2
@@ -15306,34 +15811,37 @@ msgid ""
 "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> "
 "<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+"citerefentry>, </phrase> <citerefentry> <refentrytitle>sssd-session-"
+"recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, "
+"<citerefentry> <refentrytitle>sss_cache</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
-"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
+"\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
 "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>.  <citerefentry> "
 "<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
+"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
+"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> </phrase>"
 msgstr ""
 
 #. type: Content of: <listitem><para>
@@ -15515,17 +16023,13 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13
-#, fuzzy
-#| msgid "krb5_validate (boolean)"
 msgid "krb5_validate = true"
-msgstr "krb5_validate (論理値)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:18
-#, fuzzy
-#| msgid "krb5_use_enterprise_principal (boolean)"
 msgid "krb5_use_enterprise_principal = true"
-msgstr "krb5_use_enterprise_principal (論理値)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/ad_modified_defaults.xml:24
@@ -15534,45 +16038,33 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:28
-#, fuzzy
-#| msgid "ldap_schema (string)"
 msgid "ldap_schema = ad"
-msgstr "ldap_schema (文字列)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38
-#, fuzzy
-#| msgid "ldap_force_upper_case_realm (boolean)"
 msgid "ldap_force_upper_case_realm = true"
-msgstr "ldap_force_upper_case_realm (論理値)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:38
-#, fuzzy
-#| msgid "ldap_id_mapping (boolean)"
 msgid "ldap_id_mapping = true"
-msgstr "ldap_id_mapping (論理値)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:43
-#, fuzzy
-#| msgid "ldap_sasl_mech (string)"
 msgid "ldap_sasl_mech = gssapi"
-msgstr "ldap_sasl_mech (文字列)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:48
-#, fuzzy
-#| msgid "ldap_referrals (boolean)"
 msgid "ldap_referrals = false"
-msgstr "ldap_referrals (論理値)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:53
-#, fuzzy
-#| msgid "ldap_account_expire_policy (string)"
 msgid "ldap_account_expire_policy = ad"
-msgstr "ldap_account_expire_policy (文字列)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58
@@ -15589,17 +16081,13 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:18
-#, fuzzy
-#| msgid "krb5_use_fast (string)"
 msgid "krb5_use_fast = try"
-msgstr "krb5_use_fast (文字列)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:23
-#, fuzzy
-#| msgid "krb5_canonicalize (boolean)"
 msgid "krb5_canonicalize = true"
-msgstr "krb5_canonicalize (論理値)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/ipa_modified_defaults.xml:29
@@ -15608,31 +16096,23 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:33
-#, fuzzy
-#| msgid "ldap_schema (string)"
 msgid "ldap_schema = ipa_v1"
-msgstr "ldap_schema (文字列)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:43
-#, fuzzy
-#| msgid "ldap_sasl_mech (string)"
 msgid "ldap_sasl_mech = GSSAPI"
-msgstr "ldap_sasl_mech (文字列)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:48
-#, fuzzy
-#| msgid "ldap_sasl_minssf (integer)"
 msgid "ldap_sasl_minssf = 56"
-msgstr "ldap_sasl_minssf (整数)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:53
-#, fuzzy
-#| msgid "ldap_account_expire_policy (string)"
 msgid "ldap_account_expire_policy = ipa"
-msgstr "ldap_account_expire_policy (文字列)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/ipa_modified_defaults.xml:64
@@ -15641,10 +16121,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:68
-#, fuzzy
-#| msgid "ldap_user_member_of (string)"
 msgid "ldap_user_member_of = memberOf"
-msgstr "ldap_user_member_of (文字列)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:73
@@ -15653,123 +16131,57 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:78
-#, fuzzy
-#| msgid "ldap_user_ssh_public_key (string)"
 msgid "ldap_user_ssh_public_key = ipaSshPubKey"
-msgstr "ldap_user_ssh_public_key (文字列)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:83
 msgid "ldap_user_auth_type = ipaUserAuthType"
 msgstr ""
 
-#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:88
-msgid "ldap_user_certificate = userCertificate;binary"
-msgstr ""
-
 #. type: Content of: <refsect1><refsect2><title>
-#: include/ipa_modified_defaults.xml:94
+#: include/ipa_modified_defaults.xml:89
 msgid "LDAP Provider - Group options"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:98
-#, fuzzy
-#| msgid "ldap_group_object_class (string)"
+#: include/ipa_modified_defaults.xml:93
 msgid "ldap_group_object_class = ipaUserGroup"
-msgstr "ldap_group_object_class (文字列)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:103
-#, fuzzy
-#| msgid "ldap_group_object_class (string)"
+#: include/ipa_modified_defaults.xml:98
 msgid "ldap_group_object_class_alt = posixGroup"
-msgstr "ldap_group_object_class (文字列)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:108
-#, fuzzy
-#| msgid "ldap_group_member (string)"
+#: include/ipa_modified_defaults.xml:103
 msgid "ldap_group_member = member"
-msgstr "ldap_group_member (文字列)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:113
+#: include/ipa_modified_defaults.xml:108
 msgid "ldap_group_uuid = ipaUniqueID"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:118
-#, fuzzy
-#| msgid "ldap_group_objectsid (string)"
+#: include/ipa_modified_defaults.xml:113
 msgid "ldap_group_objectsid = ipaNTSecurityIdentifier"
-msgstr "ldap_group_objectsid (文字列)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:123
+#: include/ipa_modified_defaults.xml:118
 msgid "ldap_group_external_member = ipaExternalMember"
 msgstr ""
 
 #~ msgid ""
-#~ "Comma separated list of services that are started when sssd itself starts."
-#~ msgstr "sssd 自身が開始するときに開始されるサービスのカンマ区切り一覧です。"
-
-#~ msgid "force_timeout (integer)"
-#~ msgstr "force_timeout (整数)"
-
-#~ msgid "Default: uid"
-#~ msgstr "初期値: uid"
-
-#~ msgid ""
-#~ "Please note that the default values correspond to the default schema "
-#~ "which is RFC2307."
-#~ msgstr "初期値は RFC2307 の標準スキーマに対応することに注意してください。"
-
-#~ msgid "Default: automountMap"
-#~ msgstr "初期値: automountMap"
-
-#~ msgid "Default: ou"
-#~ msgstr "初期値: ou"
-
-#~ msgid "Default: automountInformation"
-#~ msgstr "初期値: automountInformation"
-
-#~ msgid ""
-#~ "Verify with the help of krb5_keytab that the TGT obtained has not been "
-#~ "spoofed."
-#~ msgstr ""
-#~ "取得された TGT が改ざんされていないかを krb5_keytab の支援で確認します。"
-
-#~ msgid ""
-#~ "Note that this default differs from the traditional Kerberos provider "
-#~ "back end."
+#~ "<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
+#~ "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
+#~ "running."
 #~ msgstr ""
-#~ "この初期値は伝統的な Kerberos プロバイダーのバックエンドとは異なることに注"
-#~ "意してください。"
+#~ "<command>sss_debuglevel</command> は SSSD が実行中に SSSD モニターとプロバ"
+#~ "イダーのデバッグレベルを <replaceable>NEW_DEBUG_LEVEL</replaceable> に変更"
+#~ "します。"
 
-#~ msgid ""
-#~ "Specifies if the host and user principal should be canonicalized when "
-#~ "connecting to IPA LDAP and also for AS requests. This feature is "
-#~ "available with MIT Kerberos >= 1.7"
-#~ msgstr ""
-#~ "IPA LDAP と AS 要求に対して接続するとき、ホストとユーザープリンシパルを正"
-#~ "規化するかを指定します。この機能は MIT Kerberos >= 1.7 で利用可能です。"
-
-#~ msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-#~ msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-
-#~ msgid ""
-#~ "If <quote>PubkeyAgent</quote> is supported, "
-#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-#~ "manvolnum></citerefentry> can be configured to use it by using the "
-#~ "following directive for <citerefentry> <refentrytitle>sshd</"
-#~ "refentrytitle> <manvolnum>8</manvolnum></citerefentry> configuration: "
-#~ "<placeholder type=\"programlisting\" id=\"0\"/>"
-#~ msgstr ""
-#~ "<quote>PubkeyAgent</quote> がサポートされていると、 "
-#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-#~ "manvolnum></citerefentry> は  <citerefentry> <refentrytitle>sshd</"
-#~ "refentrytitle> <manvolnum>8</manvolnum></citerefentry> 設定に以下のディレ"
-#~ "クティブを置くことにより、これを使用するために設定できます: <placeholder "
-#~ "type=\"programlisting\" id=\"0\"/>"
+#~ msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+#~ msgstr "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
diff --git a/src/man/po/lv.po b/src/man/po/lv.po
index dee31197e..a8c07af21 100644
--- a/src/man/po/lv.po
+++ b/src/man/po/lv.po
@@ -7,9 +7,9 @@
 # Kristaps, 2012
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.12.90\n"
+"Project-Id-Version: sssd-docs 1.15.3\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2017-07-25 11:51+0200\n"
+"POT-Creation-Date: 2017-10-20 16:15+0200\n"
 "PO-Revision-Date: 2014-12-15 12:00-0500\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Latvian (http://www.transifex.com/projects/p/sssd/language/"
@@ -32,7 +32,8 @@ msgstr ""
 #: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
 #: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
 #: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5
-#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-kcm.8.xml:5
+#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-session-recording.5.xml:5
+#: sssd-kcm.8.xml:5 sssd-systemtap.5.xml:5
 msgid "SSSD Manual pages"
 msgstr ""
 
@@ -74,7 +75,8 @@ msgstr ""
 #: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31
 #: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
 #: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30
-#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-kcm.8.xml:21
+#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-session-recording.5.xml:21
+#: sssd-kcm.8.xml:21 sssd-systemtap.5.xml:21
 msgid "DESCRIPTION"
 msgstr "APRAKSTS"
 
@@ -89,8 +91,8 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "IESPĒJAS"
 
@@ -132,7 +134,8 @@ msgstr "sssd.conf"
 #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
 #: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11
 #: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
-#: sssd-files.5.xml:11 sssd-secrets.5.xml:11
+#: sssd-files.5.xml:11 sssd-secrets.5.xml:11 sssd-session-recording.5.xml:11
+#: sssd-systemtap.5.xml:11
 msgid "5"
 msgstr "5"
 
@@ -140,7 +143,8 @@ msgstr "5"
 #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
 #: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12
 #: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
-#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-kcm.8.xml:12
+#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-session-recording.5.xml:12
+#: sssd-kcm.8.xml:12 sssd-systemtap.5.xml:12
 msgid "File Formats and Conventions"
 msgstr ""
 
@@ -266,10 +270,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:112
-#, fuzzy
-#| msgid "timeout (integer)"
 msgid "debug (integer)"
-msgstr "noildze (vesels skaitlis)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:115
@@ -293,11 +295,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:813
-#: sssd.conf.5.xml:1422 sssd-ldap.5.xml:1695 sssd-ldap.5.xml:1792
-#: sssd-ldap.5.xml:1854 sssd-ldap.5.xml:2411 sssd-ldap.5.xml:2476
-#: sssd-ldap.5.xml:2494 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:284 sssd-secrets.5.xml:297
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
+#: sssd.conf.5.xml:1467 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1881 sssd-ldap.5.xml:2447 sssd-ldap.5.xml:2512
+#: sssd-ldap.5.xml:2530 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
+#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr ""
 
@@ -314,17 +316,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:697
-#: sssd.conf.5.xml:1376 sssd.conf.5.xml:2691 sssd-ldap.5.xml:708
-#: sssd-ldap.5.xml:1569 sssd-ldap.5.xml:1588 sssd-ldap.5.xml:1764
-#: sssd-ldap.5.xml:2181 sssd-ipa.5.xml:144 sssd-ipa.5.xml:231
-#: sssd-ipa.5.xml:496 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
+#: sssd.conf.5.xml:1400 sssd.conf.5.xml:2865 sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:1596 sssd-ldap.5.xml:1615 sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:2217 sssd-ipa.5.xml:145 sssd-ipa.5.xml:232
+#: sssd-ipa.5.xml:540 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
 #: sssd-krb5.5.xml:471
 msgid "Default: false"
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2219
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2255
+#: sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:210
+#: sssd-systemtap.5.xml:248 sssd-systemtap.5.xml:304
 msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
@@ -347,8 +351,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1328 sssd.conf.5.xml:2707
-#: sssd-ldap.5.xml:1440 include/ldap_id_mapping.xml:264
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1352 sssd.conf.5.xml:2881
+#: sssd-ldap.5.xml:1467 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr "Noklusējuma: 10"
 
@@ -363,7 +367,7 @@ msgid "The [sssd] section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:2796
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:2970
 msgid "Section parameters"
 msgstr ""
 
@@ -411,19 +415,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:589
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
 msgid "reconnection_retries (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:592
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:597
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
 msgid "Default: 3"
 msgstr ""
 
@@ -443,7 +447,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2508
 msgid "re_expression (string)"
 msgstr ""
 
@@ -463,12 +467,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2391
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2559
 msgid "full_name_format (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2394
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2562
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -476,39 +480,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2405
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2573
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2574
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2577
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2412
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2580
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2418
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2586
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2421
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2589
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2402
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2570
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -632,11 +636,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1132 sssd-ldap.5.xml:679
-#: sssd-ldap.5.xml:1528 sssd-ldap.5.xml:1540 sssd-ldap.5.xml:1622
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1156 sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:1555 sssd-ldap.5.xml:1567 sssd-ldap.5.xml:1649
 #: sssd-ad.5.xml:667 sssd-ad.5.xml:742 sssd-krb5.5.xml:410 sssd-krb5.5.xml:556
-#: sssd-secrets.5.xml:272 sssd-secrets.5.xml:310 sssd-secrets.5.xml:323
-#: sssd-secrets.5.xml:337 sssd-secrets.5.xml:348
+#: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
+#: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415
 #: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
 msgid "Default: not set"
 msgstr ""
@@ -807,8 +811,24 @@ msgid ""
 "be looked up in a random order for each parent domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:563
+msgid ""
+"Please, note that when this option is set the output format of all commands "
+"is always fully-qualified even when using short names for input.  In case "
+"the administrator wants the output not fully-qualified, the full_name_format "
+"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
+"However, keep in mind that during login, login applications often "
+"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
+"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
+"shortname is returned for a qualified input (while trying to reach a user "
+"which exists in multiple domains) might re-route the login attempt into the "
+"domain which users shortnames, making this workaround totally not "
+"recommended in cases where usernames may overlap between domains."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563 sssd.conf.5.xml:1340 sssd.conf.5.xml:2757
+#: sssd.conf.5.xml:587 sssd.conf.5.xml:1364 sssd.conf.5.xml:2931
 #: sssd-ad.5.xml:148 sssd-ad.5.xml:286 sssd-ad.5.xml:300
 msgid "Default: Not set"
 msgstr ""
@@ -825,12 +845,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:574
+#: sssd.conf.5.xml:598
 msgid "SERVICES SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:600
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -839,22 +859,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:607
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:609
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:626
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:605
+#: sssd.conf.5.xml:629
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -864,17 +884,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:614
+#: sssd.conf.5.xml:638
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:643
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:646
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -884,18 +904,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:631 sssd.conf.5.xml:663 sssd.conf.5.xml:944
-#: sssd.conf.5.xml:1198 sssd-ldap.5.xml:1267
+#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
+#: sssd.conf.5.xml:1222 sssd-ldap.5.xml:1294
 msgid "Default: 60"
 msgstr "Noklusējuma: 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:660
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:663
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -903,24 +923,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:670
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:673
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:678
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:681
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -928,12 +948,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:692
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:695
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -945,58 +965,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685 sssd.conf.5.xml:956 sssd.conf.5.xml:1514
+#: sssd.conf.5.xml:709 sssd.conf.5.xml:980 sssd.conf.5.xml:1559
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr "Noklusējuma: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:690
+#: sssd.conf.5.xml:714
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:717
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:729
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:731
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:712
+#: sssd.conf.5.xml:736
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715
+#: sssd.conf.5.xml:739
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:719
+#: sssd.conf.5.xml:743
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:748
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
+#: sssd.conf.5.xml:751
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1004,7 +1024,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:733
+#: sssd.conf.5.xml:757
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1014,7 +1034,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:767
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1023,17 +1043,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:775 sssd.conf.5.xml:1421
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:780
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:783
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1041,36 +1061,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:765 sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:789 sssd.conf.5.xml:1445
 msgid "Default: 15"
 msgstr "Noklusējuma: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:770
-#, fuzzy
-#| msgid "timeout (integer)"
+#: sssd.conf.5.xml:794
 msgid "local_negative_timeout (integer)"
-msgstr "noildze (vesels skaitlis)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:773
+#: sssd.conf.5.xml:797
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778 sssd.conf.5.xml:1186 sssd.conf.5.xml:2641 sssd.8.xml:79
+#: sssd.conf.5.xml:802 sssd.conf.5.xml:1210 sssd.conf.5.xml:2815 sssd.8.xml:79
 msgid "Default: 0"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:807
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:786
+#: sssd.conf.5.xml:810
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1079,7 +1097,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:817
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1088,41 +1106,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:801
+#: sssd.conf.5.xml:825
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:830
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:833
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:820
+#: sssd.conf.5.xml:844
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:847
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:852
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:834
+#: sssd.conf.5.xml:858
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1130,23 +1148,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1265 sssd.conf.5.xml:1284
+#: sssd.conf.5.xml:856 sssd.conf.5.xml:1289 sssd.conf.5.xml:1308
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:862
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:868
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:871
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1154,47 +1172,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:877
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:883
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:886
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:889
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:869
+#: sssd.conf.5.xml:893
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:898
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:879
+#: sssd.conf.5.xml:903
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:906
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1202,105 +1220,105 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:913
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:892
+#: sssd.conf.5.xml:916
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:920
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:925
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:904
+#: sssd.conf.5.xml:928
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:909
+#: sssd.conf.5.xml:933
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:936
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:940
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:945
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:948
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:954
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:937 sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:961 sssd.conf.5.xml:1215
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1218
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:973
 msgid "memcache_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:952
+#: sssd.conf.5.xml:976
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:983
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:967 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:991 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:994
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1311,96 +1329,96 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1007
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1012
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:993
+#: sssd.conf.5.xml:1017
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:996
+#: sssd.conf.5.xml:1020
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1025 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1004
+#: sssd.conf.5.xml:1028
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1012
+#: sssd.conf.5.xml:1036
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1038
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1043
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1022
+#: sssd.conf.5.xml:1046
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027 sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1051 sssd.conf.5.xml:1064
 msgid "Default: 0 (No limit)"
 msgstr "Noklusējuma: 0 (bez ierobežojuma)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1057
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1060
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1070
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1073
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1078
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1408,124 +1426,122 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1084 sssd.conf.5.xml:1182
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1090
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1093
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1098
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1101
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1104
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1108
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1111
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.8.xml:63
+#: sssd.conf.5.xml:1115 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Noklusējuma: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
-#, fuzzy
-#| msgid "timeout (integer)"
+#: sssd.conf.5.xml:1121
 msgid "pam_response_filter (integer)"
-msgstr "noildze (vesels skaitlis)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1124
 msgid ""
-"A comma separated list of strings which allows to remove (filter) data send "
+"A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
-"responses send to pam_sss e.g. messages displayed to the user or environment "
+"responses sent to pam_sss e.g. messages displayed to the user or environment "
 "variables which should be set by pam_sss."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1132
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1139
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1116
-msgid "Do not sent any environment variables to any service."
+#: sssd.conf.5.xml:1140
+msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1143
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
-msgid "Do not sent environment variable var_name to any service."
+#: sssd.conf.5.xml:1144
+msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1148
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1125
-msgid "Do not sent environment variable var_name to service."
+#: sssd.conf.5.xml:1149
+msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1137
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1159
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1165
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1168
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1533,7 +1549,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1174
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1542,17 +1558,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1188
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1167 sssd.conf.5.xml:1866
+#: sssd.conf.5.xml:1191 sssd.conf.5.xml:2010
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1194
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1560,26 +1576,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1869
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2013
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1205
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1227
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1206
+#: sssd.conf.5.xml:1230
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1589,74 +1605,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1240
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1220
+#: sssd.conf.5.xml:1244
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1251
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1254
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1258
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1238
+#: sssd.conf.5.xml:1262
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1242
+#: sssd.conf.5.xml:1266
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1246 sssd.conf.5.xml:1271 sssd.conf.5.xml:1290
-#: sssd.conf.5.xml:1663 sssd.conf.5.xml:2577 sssd-ldap.5.xml:1823
+#: sssd.conf.5.xml:1270 sssd.conf.5.xml:1295 sssd.conf.5.xml:1314
+#: sssd.conf.5.xml:1807 sssd.conf.5.xml:2751 sssd-ldap.5.xml:1850
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1275
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1254
+#: sssd.conf.5.xml:1278
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1283
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:1291
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1664,19 +1680,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1276
+#: sssd.conf.5.xml:1300
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1303
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1310
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1684,12 +1700,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1319
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1322
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1697,60 +1713,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1304 sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1078
-#: sssd-ldap.5.xml:1369 sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1896
+#: sssd.conf.5.xml:1328 sssd-ldap.5.xml:1078 sssd-ldap.5.xml:1105
+#: sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1417 sssd-ldap.5.xml:1923
 #: include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1309
+#: sssd.conf.5.xml:1333
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1312
+#: sssd.conf.5.xml:1336
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1340
 msgid "Default: /etc/pki/nssdb (NSS version)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
-#, fuzzy
-#| msgid "timeout (integer)"
+#: sssd.conf.5.xml:1345
 msgid "p11_child_timeout (integer)"
-msgstr "noildze (vesels skaitlis)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1348
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1357
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1360
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1349
+#: sssd.conf.5.xml:1373
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1351
+#: sssd.conf.5.xml:1375
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1761,34 +1775,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1392
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1371
+#: sssd.conf.5.xml:1395
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1407
+#, fuzzy
+#| msgid "timeout (integer)"
+msgid "sudo_threshold (integer)"
+msgstr "noildze (vesels skaitlis)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1410
+msgid ""
+"Maximum number of expired rules that can be refreshed at once. If number of "
+"expired rules is below threshold, those rules are refreshed with "
+"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
+"<quote>full refresh</quote> of sudo rules is triggered instead. This "
+"threshold number also applies to IPA sudo command and command group searches."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1429
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1431
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1390
+#: sssd.conf.5.xml:1435
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1393
+#: sssd.conf.5.xml:1438
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1796,70 +1827,68 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1409
+#: sssd.conf.5.xml:1454
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1411
+#: sssd.conf.5.xml:1456
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1415
+#: sssd.conf.5.xml:1460
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1463
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1427
+#: sssd.conf.5.xml:1472
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430
+#: sssd.conf.5.xml:1475
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1434
+#: sssd.conf.5.xml:1479
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1484
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1487
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1447
-#, fuzzy
-#| msgid "Default: /etc/krb5.keytab"
+#: sssd.conf.5.xml:1492
 msgid "Default: /etc/pki/nssdb"
-msgstr "Noklusējuma: /etc/krb5.keytab"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1455
+#: sssd.conf.5.xml:1500
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1457
+#: sssd.conf.5.xml:1502
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1870,7 +1899,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1466
+#: sssd.conf.5.xml:1511
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1881,24 +1910,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1519
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1525
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1484 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1529 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1487
+#: sssd.conf.5.xml:1532
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1906,12 +1935,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1538
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1497
+#: sssd.conf.5.xml:1542
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -1920,31 +1949,144 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
-#, fuzzy
-#| msgid "timeout (integer)"
+#: sssd.conf.5.xml:1551
 msgid "pac_lifetime (integer)"
-msgstr "noildze (vesels skaitlis)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1554
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1567
+msgid "Session recording configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1569
+msgid ""
+"Session recording works in conjunction with <citerefentry> "
+"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>, a part of tlog package, to log what users see and type when "
+"they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
+"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1582
+msgid "These options can be used to configure session recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1586 sssd-session-recording.5.xml:64
+msgid "scope (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:71
+msgid "\"none\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:74
+msgid "No users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1601 sssd-session-recording.5.xml:79
+msgid "\"some\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1604 sssd-session-recording.5.xml:82
+msgid ""
+"Users/groups specified by <replaceable>users</replaceable> and "
+"<replaceable>groups</replaceable> options are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1613 sssd-session-recording.5.xml:91
+msgid "\"all\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1616 sssd-session-recording.5.xml:94
+msgid "All users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1589 sssd-session-recording.5.xml:67
+msgid ""
+"One of the following strings specifying the scope of session recording: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:101
+#, fuzzy
+#| msgid "Default: 1"
+msgid "Default: \"none\""
+msgstr "Noklusējuma: 1"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1628 sssd-session-recording.5.xml:106
+msgid "users (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1631 sssd-session-recording.5.xml:109
+msgid ""
+"A comma-separated list of users which should have session recording enabled. "
+"Matches user names as returned by NSS. I.e. after the possible space "
+"replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1637 sssd-session-recording.5.xml:115
+msgid "Default: Empty. Matches no users."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1642 sssd-session-recording.5.xml:120
+msgid "groups (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1645 sssd-session-recording.5.xml:123
+msgid ""
+"A comma-separated list of groups, members of which should have session "
+"recording enabled. Matches group names as returned by NSS. I.e. after the "
+"possible space replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1651 sssd-session-recording.5.xml:129
+msgid ""
+"NOTE: using this option (having it set to anything) has a considerable "
+"performance cost, because each uncached request for a user requires "
+"retrieving and matching the groups the user is member of."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:136
+msgid "Default: Empty. Matches no groups."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1668
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1531
+#: sssd.conf.5.xml:1675
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1534
+#: sssd.conf.5.xml:1678
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -1953,14 +2095,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1542
+#: sssd.conf.5.xml:1686
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546
+#: sssd.conf.5.xml:1690
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -1969,40 +2111,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1698
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1702
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1562
-#, fuzzy
-#| msgid "Default: posixGroup"
+#: sssd.conf.5.xml:1706
 msgid "Default: posix"
-msgstr "Noklusējuma: posixGroup"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1568
+#: sssd.conf.5.xml:1712
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1715
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1720
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2011,46 +2151,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1727
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1731
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1737
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596
+#: sssd.conf.5.xml:1740
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1744
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603
+#: sssd.conf.5.xml:1747
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1821 sssd.conf.5.xml:1988
+#: sssd.conf.5.xml:1750 sssd.conf.5.xml:1965 sssd.conf.5.xml:2132
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1609
+#: sssd.conf.5.xml:1753
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2062,14 +2202,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1766
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1771
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2078,39 +2218,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:1779
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1643
+#: sssd.conf.5.xml:1787
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1650
+#: sssd.conf.5.xml:1794
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1651
+#: sssd.conf.5.xml:1795
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1798
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1799
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1790
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2119,19 +2259,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1813
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672
+#: sssd.conf.5.xml:1816
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1820
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2142,151 +2282,151 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1689
+#: sssd.conf.5.xml:1833
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1695
+#: sssd.conf.5.xml:1839
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1698
+#: sssd.conf.5.xml:1842
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1702 sssd.conf.5.xml:1715 sssd.conf.5.xml:1728
-#: sssd.conf.5.xml:1741 sssd.conf.5.xml:1754 sssd.conf.5.xml:1768
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1846 sssd.conf.5.xml:1859 sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1885 sssd.conf.5.xml:1898 sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1926
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1708
+#: sssd.conf.5.xml:1852
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1711
+#: sssd.conf.5.xml:1855
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1721
+#: sssd.conf.5.xml:1865
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1868
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1878
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1881
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1891
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1750
+#: sssd.conf.5.xml:1894
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1760
+#: sssd.conf.5.xml:1904
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1763
+#: sssd.conf.5.xml:1907
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1774
+#: sssd.conf.5.xml:1918
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1921
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1932
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1791
+#: sssd.conf.5.xml:1935
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1796
+#: sssd.conf.5.xml:1940
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1944
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1804 sssd-ldap.5.xml:746 sssd-ipa.5.xml:247
+#: sssd.conf.5.xml:1948 sssd-ldap.5.xml:746 sssd-ipa.5.xml:248
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1810
+#: sssd.conf.5.xml:1954
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1957
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1961
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1827
+#: sssd.conf.5.xml:1971
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1830
+#: sssd.conf.5.xml:1974
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2294,24 +2434,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1981
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1986
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1992
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1995
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2320,17 +2460,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1858
+#: sssd.conf.5.xml:2002
 msgid "Default: 0 (unlimited)"
 msgstr "Noklusējuma: 0 (neierobežots)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:2007
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1874
+#: sssd.conf.5.xml:2018
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2339,33 +2479,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1881
+#: sssd.conf.5.xml:2025
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:2031
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2034
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1894
+#: sssd.conf.5.xml:2038
 msgid "<quote>proxy</quote>: Support a legacy NSS provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897 sssd.conf.5.xml:2034
+#: sssd.conf.5.xml:2041 sssd.conf.5.xml:2178
 msgid "<quote>local</quote>: SSSD internal provider for local users"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:2045
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2373,8 +2513,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1909 sssd.conf.5.xml:2014 sssd.conf.5.xml:2069
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2053 sssd.conf.5.xml:2158 sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2383,8 +2523,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1918 sssd.conf.5.xml:2023 sssd.conf.5.xml:2078
-#: sssd.conf.5.xml:2141
+#: sssd.conf.5.xml:2062 sssd.conf.5.xml:2167 sssd.conf.5.xml:2222
+#: sssd.conf.5.xml:2285
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2392,19 +2532,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2073
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:2076
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2081
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2413,7 +2553,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1945
+#: sssd.conf.5.xml:2089
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2421,22 +2561,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1952
+#: sssd.conf.5.xml:2096
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2102
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1961
+#: sssd.conf.5.xml:2105
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2108
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2448,7 +2588,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1982
+#: sssd.conf.5.xml:2126
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2456,19 +2596,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1993
+#: sssd.conf.5.xml:2137
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1996
+#: sssd.conf.5.xml:2140
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000 sssd.conf.5.xml:2062
+#: sssd.conf.5.xml:2144 sssd.conf.5.xml:2206
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2476,7 +2616,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2007
+#: sssd.conf.5.xml:2151
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2484,30 +2624,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2175
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2182
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2041
+#: sssd.conf.5.xml:2185
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2191
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2194
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2515,19 +2655,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
+#: sssd.conf.5.xml:2200
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059
+#: sssd.conf.5.xml:2203
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2086
+#: sssd.conf.5.xml:2230
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2536,7 +2676,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2093
+#: sssd.conf.5.xml:2237
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -2544,29 +2684,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2244
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2247
 msgid "Default: <quote>permit</quote>"
 msgstr "Noklusējuma: <quote>atļaut</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2108
+#: sssd.conf.5.xml:2252
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2111
+#: sssd.conf.5.xml:2255
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2116
+#: sssd.conf.5.xml:2260
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2574,7 +2714,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2124
+#: sssd.conf.5.xml:2268
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2582,35 +2722,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2149
+#: sssd.conf.5.xml:2293
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2153
+#: sssd.conf.5.xml:2297
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2300
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2163
+#: sssd.conf.5.xml:2307
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2166
+#: sssd.conf.5.xml:2310
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2314
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2618,32 +2758,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2178
+#: sssd.conf.5.xml:2322
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2326
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2186
+#: sssd.conf.5.xml:2330
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189 sssd.conf.5.xml:2267 sssd.conf.5.xml:2308
-#: sssd.conf.5.xml:2333
+#: sssd.conf.5.xml:2333 sssd.conf.5.xml:2411 sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2501
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2337
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2654,12 +2794,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2210
+#: sssd.conf.5.xml:2354
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2357
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -2667,7 +2807,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2219
+#: sssd.conf.5.xml:2363
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2675,31 +2815,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2227
+#: sssd.conf.5.xml:2371
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2230
+#: sssd.conf.5.xml:2374
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2380
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2383
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2245
+#: sssd.conf.5.xml:2389
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2707,7 +2847,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2254
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2716,23 +2856,54 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2263
+#: sssd.conf.5.xml:2407
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2417
+msgid "session_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2420
+msgid ""
+"The provider which configures and manages user session related tasks. The "
+"only user session task currently provided is the integration with Fleet "
+"Commander, which works only with IPA.  Supported session providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2427
+msgid "<quote>ipa</quote> to allow performing user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2431
+msgid ""
+"<quote>none</quote> does not perform any kind of user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2435
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can perform "
+"session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2442
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2445
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2449
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2740,7 +2911,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2288
+#: sssd.conf.5.xml:2456
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2748,7 +2919,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2296
+#: sssd.conf.5.xml:2464
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2756,24 +2927,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2305
+#: sssd.conf.5.xml:2473
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2483
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2486
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2322
+#: sssd.conf.5.xml:2490
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2781,12 +2952,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2330
+#: sssd.conf.5.xml:2498
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2343
+#: sssd.conf.5.xml:2511
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -2796,7 +2967,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2520
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2805,29 +2976,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2525
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2528
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2363
+#: sssd.conf.5.xml:2531
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2366
+#: sssd.conf.5.xml:2534
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2371
+#: sssd.conf.5.xml:2539
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2835,7 +3006,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2377
+#: sssd.conf.5.xml:2545
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2843,137 +3014,145 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2384
+#: sssd.conf.5.xml:2552
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2431
+#: sssd.conf.5.xml:2599
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "Noklusējuma: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2437
+#: sssd.conf.5.xml:2605
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2440
+#: sssd.conf.5.xml:2608
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2444
+#: sssd.conf.5.xml:2612
 msgid "Supported values:"
 msgstr "Atbalstītās vērtības:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2447
+#: sssd.conf.5.xml:2615
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2450
+#: sssd.conf.5.xml:2618
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2621
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2456
+#: sssd.conf.5.xml:2624
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2459
+#: sssd.conf.5.xml:2627
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2633
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2468
+#: sssd.conf.5.xml:2636
+msgid ""
+"Defines the amount of time (in seconds) to wait for a reply from the "
+"internal fail over service before assuming that the service is unreachable. "
+"If this timeout is reached, the domain will continue to operate in offline "
+"mode."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2643
 msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
+"Please see the section <quote>FAILOVER</quote> for more information about "
+"the service resolution."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2474 sssd-ldap.5.xml:1251 sssd-ldap.5.xml:1293
-#: sssd-ldap.5.xml:1311 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2648 sssd-ldap.5.xml:1278 sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1338 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr "Noklusējuma: 6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2654
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2483
+#: sssd.conf.5.xml:2657
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2661
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2493
+#: sssd.conf.5.xml:2667
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2496
+#: sssd.conf.5.xml:2670
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2502
+#: sssd.conf.5.xml:2676
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2510
+#: sssd.conf.5.xml:2684
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2513
+#: sssd.conf.5.xml:2687
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2519
+#: sssd.conf.5.xml:2693
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2695
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2525
+#: sssd.conf.5.xml:2699
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2528
+#: sssd.conf.5.xml:2702
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -2981,7 +3160,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2505
+#: sssd.conf.5.xml:2679
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -2989,17 +3168,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2540
+#: sssd.conf.5.xml:2714
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2546
+#: sssd.conf.5.xml:2720
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2549
+#: sssd.conf.5.xml:2723
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3007,34 +3186,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2729
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2558
+#: sssd.conf.5.xml:2732
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2561 sssd-ldap.5.xml:1084
+#: sssd.conf.5.xml:2735 sssd-ldap.5.xml:1111
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2564
+#: sssd.conf.5.xml:2738
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2567
+#: sssd.conf.5.xml:2741
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2573
+#: sssd.conf.5.xml:2747
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3042,32 +3221,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2571 sssd-secrets.5.xml:381
+#: sssd.conf.5.xml:2745 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2580
+#: sssd.conf.5.xml:2754
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2587
+#: sssd.conf.5.xml:2761
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2772
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2599
+#: sssd.conf.5.xml:2773
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2764
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3077,36 +3256,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:2778
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:2782
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2613
+#: sssd.conf.5.xml:2787
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2616
+#: sssd.conf.5.xml:2790
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2622
-#, fuzzy
-#| msgid "timeout (integer)"
+#: sssd.conf.5.xml:2796
 msgid "cached_auth_timeout (int)"
-msgstr "noildze (vesels skaitlis)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2625
+#: sssd.conf.5.xml:2799
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3114,12 +3291,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2805
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2635
+#: sssd.conf.5.xml:2809
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3127,7 +3304,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1670
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3135,29 +3312,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2653
+#: sssd.conf.5.xml:2827
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2656
+#: sssd.conf.5.xml:2830
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2659
+#: sssd.conf.5.xml:2833
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2841
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2670
+#: sssd.conf.5.xml:2844
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3165,12 +3342,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2680
+#: sssd.conf.5.xml:2854
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2683
+#: sssd.conf.5.xml:2857
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3179,12 +3356,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2697
+#: sssd.conf.5.xml:2871
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2700
+#: sssd.conf.5.xml:2874
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3192,19 +3369,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2823
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2890
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2892
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3221,7 +3398,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2738
+#: sssd.conf.5.xml:2912
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3229,17 +3406,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2744
+#: sssd.conf.5.xml:2918
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2746
+#: sssd.conf.5.xml:2920
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2749
+#: sssd.conf.5.xml:2923
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3248,18 +3425,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2937
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
-"through the NSS responder. In addition, the application domains also "
-"requests the telephoneNumber attribute, stores it as the phone attribute in "
-"the cache and makes the phone attribute reachable through the D-Bus "
-"interface."
+"through the NSS responder. In addition, the application domain also requests "
+"the telephoneNumber attribute, stores it as the phone attribute in the cache "
+"and makes the phone attribute reachable through the D-Bus interface."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:2771
+#: sssd.conf.5.xml:2945
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3279,12 +3455,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2963
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2791
+#: sssd.conf.5.xml:2965
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3292,73 +3468,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2798
+#: sssd.conf.5.xml:2972
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2975
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2805
+#: sssd.conf.5.xml:2979
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr "Noklusējuma: <filename>/bin/bash</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2810
+#: sssd.conf.5.xml:2984
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2987
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2992
 msgid "Default: <filename>/home</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2823
+#: sssd.conf.5.xml:2997
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:3000
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830 sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:3004 sssd.conf.5.xml:3016
 msgid "Default: TRUE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2835
+#: sssd.conf.5.xml:3009
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2838
+#: sssd.conf.5.xml:3012
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2847
+#: sssd.conf.5.xml:3021
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2850
+#: sssd.conf.5.xml:3024
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3366,17 +3542,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2858
+#: sssd.conf.5.xml:3032
 msgid "Default: 077"
 msgstr "Noklusējuma: 077"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:3037
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2866
+#: sssd.conf.5.xml:3040
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3385,17 +3561,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2876
+#: sssd.conf.5.xml:3050
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr "Noklusējuma: <filename>/etc/skel</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2881
+#: sssd.conf.5.xml:3055
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2884
+#: sssd.conf.5.xml:3058
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3403,17 +3579,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2891
+#: sssd.conf.5.xml:3065
 msgid "Default: <filename>/var/mail</filename>"
 msgstr "Noklusējuma: <filename>/var/mail</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:3070
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2899
+#: sssd.conf.5.xml:3073
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3421,86 +3597,85 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2905
+#: sssd.conf.5.xml:3079
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2915
+#: sssd.conf.5.xml:3089
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:3091
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
 "<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
-"replaceable>]</quote>.  Currently supported options in the trusted domain "
-"section are:"
+"replaceable>]</quote>.  Where DOMAIN_NAME is the actual joined-to base "
+"domain. Please refer to examples below for explanation.  Currently supported "
+"options in the trusted domain section are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2922
+#: sssd.conf.5.xml:3098
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:3099
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2924
+#: sssd.conf.5.xml:3100
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2925
+#: sssd.conf.5.xml:3101
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:3102
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2927
+#: sssd.conf.5.xml:3103
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2928
+#: sssd.conf.5.xml:3104
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2929
+#: sssd.conf.5.xml:3105
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2930
+#: sssd.conf.5.xml:3106
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2932
+#: sssd.conf.5.xml:3108
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2938 sssd-ldap.5.xml:2662 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:673 sssd-ad.5.xml:1018 sssd-krb5.5.xml:570
-#: sss_rpcidmapd.5.xml:98 sssd-files.5.xml:71
-msgid "EXAMPLE"
-msgstr "PIEMĒRS"
+#: sssd.conf.5.xml:3114 idmap_sss.8.xml:43
+msgid "EXAMPLES"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2944
+#: sssd.conf.5.xml:3120
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3530,14 +3705,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2940
+#: sssd.conf.5.xml:3116
 msgid ""
-"The following example shows a typical SSSD config. It does not describe "
+"1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 "id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:3153
+#, no-wrap
+msgid ""
+"[domain/ipa.com/child.ad.com]\n"
+"use_fully_qualified_names = false\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3147
+msgid ""
+"2. The following example shows configuration of IPA AD trust where the AD "
+"forest consists of two domains in a parent-child structure.  Suppose IPA "
+"domain (ipa.com) has trust with AD domain(ad.com).  ad.com has child domain "
+"(child.ad.com). To enable shortnames in the child domain the following "
+"configuration should be used.  <placeholder type=\"programlisting\" id=\"0\"/"
+">"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
 msgid "sssd-ldap"
@@ -3578,7 +3772,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:75 sssd-ad.5.xml:99
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
-#: sssd-secrets.5.xml:94 sssd-kcm.8.xml:141
+#: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
 msgstr "KONFIGURĒŠANAS IESPĒJAS"
 
@@ -3598,7 +3792,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:197
+#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:264
 msgid "The format of the URI must match the format defined in RFC 2732:"
 msgstr ""
 
@@ -3878,7 +4072,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:893
+#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:920
 msgid "Default: gidNumber"
 msgstr ""
 
@@ -3956,7 +4150,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:919
+#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:946
 msgid ""
 "Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
 "IPA"
@@ -3975,7 +4169,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:961
 msgid "Default: objectSid for ActiveDirectory, not set for other servers."
 msgstr ""
 
@@ -3985,14 +4179,14 @@ msgid "ldap_user_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:944 sssd-ldap.5.xml:1167
+#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:971 sssd-ldap.5.xml:1194
 msgid ""
 "The LDAP attribute that contains timestamp of the last modification of the "
 "parent object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:948 sssd-ldap.5.xml:1174
+#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:975 sssd-ldap.5.xml:1201
 msgid "Default: modifyTimestamp"
 msgstr ""
 
@@ -4387,8 +4581,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1199
-#: sssd-ldap.5.xml:2240 sssd-ipa.5.xml:544
+#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1152 sssd-ldap.5.xml:1226
+#: sssd-ldap.5.xml:2276 sssd-ipa.5.xml:588
 msgid "Default: cn"
 msgstr ""
 
@@ -4475,132 +4669,167 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:833
-msgid "ldap_user_certificate (string)"
+msgid "ldap_user_authorized_rhost (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:836
-msgid "Name of the LDAP attribute containing the X509 certificate of the user."
+msgid ""
+"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
+"presence of the rhost attribute in the user's LDAP entry to determine access "
+"privilege. Similarly to host verification process."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:840
-msgid "Default: no set in the general case, userCertificate;binary for IPA"
+#: sssd-ldap.5.xml:843
+msgid ""
+"An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
+"explicit allow (rhost) and finally for allow_all (*)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:848
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>rhost</quote> in order for the "
+"ldap_user_authorized_rhost option to work."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:855
+#, fuzzy
+#| msgid "Default: 1"
+msgid "Default: rhost"
+msgstr "Noklusējuma: 1"
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:847
+#: sssd-ldap.5.xml:861
+msgid "ldap_user_certificate (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "Name of the LDAP attribute containing the X509 certificate of the user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:868
+#, fuzzy
+#| msgid "Default: filter"
+msgid "Default: userCertificate;binary"
+msgstr "Noklusējuma: filtrēt"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:874
 msgid "ldap_user_email (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:850
+#: sssd-ldap.5.xml:877
 msgid "Name of the LDAP attribute containing the email address of the user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-#, fuzzy
-#| msgid "Default: uid"
+#: sssd-ldap.5.xml:881
 msgid "Default: mail"
-msgstr "Noklusējuma: uid"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:860
+#: sssd-ldap.5.xml:887
 msgid "ldap_group_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:890
 msgid "The object class of a group entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:893
 msgid "Default: posixGroup"
 msgstr "Noklusējuma: posixGroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:872
+#: sssd-ldap.5.xml:899
 msgid "ldap_group_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:875
+#: sssd-ldap.5.xml:902
 msgid "The LDAP attribute that corresponds to the group name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:879
+#: sssd-ldap.5.xml:906
 msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:886
+#: sssd-ldap.5.xml:913
 msgid "ldap_group_gid_number (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:916
 msgid "The LDAP attribute that corresponds to the group's id."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:926
 msgid "ldap_group_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:902
+#: sssd-ldap.5.xml:929
 msgid "The LDAP attribute that contains the names of the group's members."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:933
 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:939
 msgid "ldap_group_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:942
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:953
 msgid "ldap_group_objectsid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:929
+#: sssd-ldap.5.xml:956
 msgid ""
 "The LDAP attribute that contains the objectSID of an LDAP group object. This "
 "is usually only necessary for ActiveDirectory servers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:968
 msgid "ldap_group_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:981
 msgid "ldap_group_type (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:957
+#: sssd-ldap.5.xml:984
 msgid ""
 "The LDAP attribute that contains an integer value indicating the type of the "
 "group and maybe other flags."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:962
+#: sssd-ldap.5.xml:989
 msgid ""
 "This attribute is currently only used by the AD provider to determine if a "
 "group is a domain local groups and has to be filtered out for trusted "
@@ -4608,34 +4837,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:968
+#: sssd-ldap.5.xml:995
 msgid "Default: groupType in the AD provider, otherwise not set"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:975
+#: sssd-ldap.5.xml:1002
 msgid "ldap_group_external_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:978
+#: sssd-ldap.5.xml:1005
 msgid ""
 "The LDAP attribute that references group members that are defined in an "
 "external domain. At the moment, only IPA's external members are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:1011
 msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1018
 msgid "ldap_group_nesting_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1021
 msgid ""
 "If ldap_schema is set to a schema format that supports nested groups (e.g. "
 "RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -4643,7 +4872,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
+#: sssd-ldap.5.xml:1028
 msgid ""
 "Note: This option specifies the guaranteed level of nested groups to be "
 "processed for any lookup. However, nested groups beyond this limit "
@@ -4653,7 +4882,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1037
 msgid ""
 "If ldap_group_nesting_level is set to 0 then no nested groups are processed "
 "at all. However, when connected to Active-Directory Server 2008 and later "
@@ -4663,17 +4892,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1046
 msgid "Default: 2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1025
+#: sssd-ldap.5.xml:1052
 msgid "ldap_groups_use_matching_rule_in_chain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1028
+#: sssd-ldap.5.xml:1055
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which may speed up group lookup operations on deployments with "
@@ -4681,14 +4910,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1034
+#: sssd-ldap.5.xml:1061
 msgid ""
 "In most common cases, it is best to leave this option disabled. It generally "
 "only provides a performance increase on very complex nestings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039 sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1093
 msgid ""
 "If this option is enabled, SSSD will use it if it detects that the server "
 "supports it during initial connection. So \"True\" here essentially means "
@@ -4696,7 +4925,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1072
+#: sssd-ldap.5.xml:1072 sssd-ldap.5.xml:1099
 msgid ""
 "Note: This feature is currently known to work only with Active Directory "
 "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4705,12 +4934,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1057
+#: sssd-ldap.5.xml:1084
 msgid "ldap_initgroups_use_matching_rule_in_chain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1087
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which might speed up initgroups operations (most notably when "
@@ -4718,168 +4947,168 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1114
 msgid ""
 "This options enables or disables use of Token-Groups attribute when "
 "performing initgroup for users from Active Directory Server 2008 and later."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1092
+#: sssd-ldap.5.xml:1119
 msgid "Default: True for AD and IPA otherwise False."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1125
 msgid "ldap_netgroup_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1101
+#: sssd-ldap.5.xml:1128
 msgid "The object class of a netgroup entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1104
+#: sssd-ldap.5.xml:1131
 msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1108
+#: sssd-ldap.5.xml:1135
 msgid "Default: nisNetgroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1114
+#: sssd-ldap.5.xml:1141
 msgid "ldap_netgroup_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1117
+#: sssd-ldap.5.xml:1144
 msgid "The LDAP attribute that corresponds to the netgroup name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1121
+#: sssd-ldap.5.xml:1148
 msgid "In IPA provider, ipa_netgroup_name should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1131
+#: sssd-ldap.5.xml:1158
 msgid "ldap_netgroup_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1134
+#: sssd-ldap.5.xml:1161
 msgid "The LDAP attribute that contains the names of the netgroup's members."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1165
 msgid "In IPA provider, ipa_netgroup_member should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1142
+#: sssd-ldap.5.xml:1169
 msgid "Default: memberNisNetgroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1175
 msgid "ldap_netgroup_triple (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1178
 msgid ""
 "The LDAP attribute that contains the (host, user, domain) netgroup triples."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1155 sssd-ldap.5.xml:1171
+#: sssd-ldap.5.xml:1182 sssd-ldap.5.xml:1198
 msgid "This option is not available in IPA provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1158
+#: sssd-ldap.5.xml:1185
 msgid "Default: nisNetgroupTriple"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1191
 msgid "ldap_netgroup_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1207
 msgid "ldap_service_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1210
 msgid "The object class of a service entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1186
+#: sssd-ldap.5.xml:1213
 msgid "Default: ipService"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1192
+#: sssd-ldap.5.xml:1219
 msgid "ldap_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1195
+#: sssd-ldap.5.xml:1222
 msgid ""
 "The LDAP attribute that contains the name of service attributes and their "
 "aliases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1205
+#: sssd-ldap.5.xml:1232
 msgid "ldap_service_port (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1235
 msgid "The LDAP attribute that contains the port managed by this service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1239
 msgid "Default: ipServicePort"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1245
 msgid "ldap_service_proto (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1248
 msgid ""
 "The LDAP attribute that contains the protocols understood by this service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1252
 msgid "Default: ipServiceProtocol"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1231
+#: sssd-ldap.5.xml:1258
 msgid "ldap_service_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1236
+#: sssd-ldap.5.xml:1263
 msgid "ldap_search_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1266
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches are allowed to run "
 "before they are cancelled and cached results are returned (and offline mode "
@@ -4887,7 +5116,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1245
+#: sssd-ldap.5.xml:1272
 msgid ""
 "Note: this option is subject to change in future versions of the SSSD. It "
 "will likely be replaced at some point by a series of timeouts for specific "
@@ -4895,12 +5124,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1257
+#: sssd-ldap.5.xml:1284
 msgid "ldap_enumeration_search_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1260
+#: sssd-ldap.5.xml:1287
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches for user and group "
 "enumerations are allowed to run before they are cancelled and cached results "
@@ -4908,12 +5137,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1273
+#: sssd-ldap.5.xml:1300
 msgid "ldap_network_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1303
 msgid ""
 "Specifies the timeout (in seconds) after which the <citerefentry> "
 "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4924,12 +5153,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1326
 msgid "ldap_opt_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1329
 msgid ""
 "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
 "will abort if no response is received. Also controls the timeout when "
@@ -4938,12 +5167,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1344
 msgid "ldap_connection_expire_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1347
 msgid ""
 "Specifies a timeout (in seconds) that a connection to an LDAP server will be "
 "maintained. After this time, the connection will be re-established. If used "
@@ -4952,34 +5181,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1328 sssd-ldap.5.xml:2397
+#: sssd-ldap.5.xml:1355 sssd-ldap.5.xml:2433
 msgid "Default: 900 (15 minutes)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1361
 msgid "ldap_page_size (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1364
 msgid ""
 "Specify the number of records to retrieve from LDAP in a single request. "
 "Some LDAP servers enforce a maximum limit per-request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1342
+#: sssd-ldap.5.xml:1369
 msgid "Default: 1000"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1375
 msgid "ldap_disable_paging (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1378
 msgid ""
 "Disable the LDAP paging control. This option should be used if the LDAP "
 "server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4987,14 +5216,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1384
 msgid ""
 "Example: OpenLDAP servers with the paging control module installed on the "
 "server but not enabled will report it in the RootDSE but be unable to use it."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1363
+#: sssd-ldap.5.xml:1390
 msgid ""
 "Example: 389 DS has a bug where it can only support a one paging control at "
 "a time on a single connection. On busy clients, this can result in some "
@@ -5002,17 +5231,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1375
+#: sssd-ldap.5.xml:1402
 msgid "ldap_disable_range_retrieval (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1378
+#: sssd-ldap.5.xml:1405
 msgid "Disable Active Directory range retrieval."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1381
+#: sssd-ldap.5.xml:1408
 msgid ""
 "Active Directory limits the number of members to be retrieved in a single "
 "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -5022,12 +5251,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1396
+#: sssd-ldap.5.xml:1423
 msgid "ldap_sasl_minssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1426
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -5035,17 +5264,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1432
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1439
 msgid "ldap_deref_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1415
+#: sssd-ldap.5.xml:1442
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -5053,13 +5282,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1448
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1452
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -5068,7 +5297,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1433
+#: sssd-ldap.5.xml:1460
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -5076,26 +5305,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1473
 msgid "ldap_tls_reqcert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1449
+#: sssd-ldap.5.xml:1476
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1482
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1486
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5103,7 +5332,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466
+#: sssd-ldap.5.xml:1493
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5111,7 +5340,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1472
+#: sssd-ldap.5.xml:1499
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -5119,41 +5348,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1478
+#: sssd-ldap.5.xml:1505
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1509
 msgid "Default: hard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1515
 msgid "ldap_tls_cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1518
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1496 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1523 sssd-ldap.5.xml:1541 sssd-ldap.5.xml:1582
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1530
 msgid "ldap_tls_cacertdir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1533
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -5162,32 +5391,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1548
 msgid "ldap_tls_cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1524
+#: sssd-ldap.5.xml:1551
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1534
+#: sssd-ldap.5.xml:1561
 msgid "ldap_tls_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1564
 msgid "Specifies the file that contains the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1573
 msgid "ldap_tls_cipher_suite (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1576
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -5195,24 +5424,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1589
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1565
+#: sssd-ldap.5.xml:1592
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem class="
 "\"protocol\">tls</systemitem> to protect the channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1602
 msgid "ldap_id_mapping (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1605
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -5220,17 +5449,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1584
+#: sssd-ldap.5.xml:1611
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1621
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1624
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -5241,29 +5470,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1636
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1642
 msgid "ldap_sasl_mech (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1645
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
 "supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1655
 msgid "ldap_sasl_authid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1658
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI is used, this "
 "represents the Kerberos principal used for authentication to the directory.  "
@@ -5272,17 +5501,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1666
 msgid "Default: host/hostname@REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1672
 msgid "ldap_sasl_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1648
+#: sssd-ldap.5.xml:1675
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -5290,49 +5519,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1681
 msgid "Default: the value of krb5_realm."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1687
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1663
+#: sssd-ldap.5.xml:1690
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1668
+#: sssd-ldap.5.xml:1695
 msgid "Default: false;"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1701
 msgid "ldap_krb5_keytab (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1677
+#: sssd-ldap.5.xml:1704
 msgid "Specify the keytab to use when using SASL/GSSAPI."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1680
+#: sssd-ldap.5.xml:1707
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1686
+#: sssd-ldap.5.xml:1713
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1689
+#: sssd-ldap.5.xml:1716
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -5340,27 +5569,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1728
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1704
+#: sssd-ldap.5.xml:1731
 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1708 sssd-ad.5.xml:914
+#: sssd-ldap.5.xml:1735 sssd-ad.5.xml:914
 msgid "Default: 86400 (24 hours)"
 msgstr "Noklusējuma: 86400 (24 stundas)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1714 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1741 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1717
+#: sssd-ldap.5.xml:1744
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -5372,7 +5601,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1756 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -5380,7 +5609,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1761 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -5388,39 +5617,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1743 sssd-ipa.5.xml:418 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1770 sssd-ipa.5.xml:432 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1746
+#: sssd-ldap.5.xml:1773
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1749
+#: sssd-ldap.5.xml:1776
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1755 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1782 sssd-krb5.5.xml:462
 msgid "krb5_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1785
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1770 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1797 sssd-krb5.5.xml:477
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1773 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1800 sssd-krb5.5.xml:480
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -5430,7 +5659,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1811 sssd-krb5.5.xml:491
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -5438,26 +5667,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1825
 msgid "ldap_pwd_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1828
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1806
+#: sssd-ldap.5.xml:1833
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1811
+#: sssd-ldap.5.xml:1838
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -5465,7 +5694,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1817
+#: sssd-ldap.5.xml:1844
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5473,31 +5702,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1826
+#: sssd-ldap.5.xml:1853
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1861
 msgid "ldap_referrals (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1864
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1868
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1873
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5506,56 +5735,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1887
 msgid "ldap_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1890
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1894
 msgid "Default: ldap"
 msgstr "Noklusējuma: ldap"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1900
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1876
+#: sssd-ldap.5.xml:1903
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1881
+#: sssd-ldap.5.xml:1908
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1887
+#: sssd-ldap.5.xml:1914
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1890
+#: sssd-ldap.5.xml:1917
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1902
+#: sssd-ldap.5.xml:1929
 msgid "ldap_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1932
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -5571,12 +5800,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1952
 msgid "Example:"
 msgstr "Piemērs:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1928
+#: sssd-ldap.5.xml:1955
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -5585,14 +5814,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1959
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1964
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -5601,24 +5830,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1945 sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:1972 sssd-ldap.5.xml:2029
 msgid "Default: Empty"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1951
+#: sssd-ldap.5.xml:1978
 msgid "ldap_account_expire_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1981
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1958
+#: sssd-ldap.5.xml:1985
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5626,19 +5855,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1965
+#: sssd-ldap.5.xml:1992
 msgid "The following values are allowed:"
 msgstr "Atļautas šādas vērtības:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1995
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1973
+#: sssd-ldap.5.xml:2000
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5647,7 +5876,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:2007
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5655,7 +5884,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1986
+#: sssd-ldap.5.xml:2013
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5664,7 +5893,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2022
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -5672,22 +5901,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2035
 msgid "ldap_access_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2011
+#: sssd-ldap.5.xml:2038
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2042
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2045
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5697,14 +5926,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2028
+#: sssd-ldap.5.xml:2055
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2062
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5717,12 +5946,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2052
+#: sssd-ldap.5.xml:2079
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2056
+#: sssd-ldap.5.xml:2083
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5732,7 +5961,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2093
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5742,49 +5971,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2101
 msgid ""
 "Note If user password is expired no explicit message is prompted by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2105
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2083
+#: sssd-ldap.5.xml:2110
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2115
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2092
+#: sssd-ldap.5.xml:2119
+msgid ""
+"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
+"remote host can access"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2123
+msgid ""
+"Please note, rhost field in pam is set by application, it is better to check "
+"what the application sends to pam, before enabling this access control option"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2128
 msgid "Default: filter"
 msgstr "Noklusējuma: filtrēt"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2095
+#: sssd-ldap.5.xml:2131
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2102
+#: sssd-ldap.5.xml:2138
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2105
+#: sssd-ldap.5.xml:2141
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -5793,74 +6036,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2113
+#: sssd-ldap.5.xml:2149
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2152
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2122
+#: sssd-ldap.5.xml:2158
 msgid "ldap_deref (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2125
+#: sssd-ldap.5.xml:2161
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2130
+#: sssd-ldap.5.xml:2166
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2134
+#: sssd-ldap.5.xml:2170
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2139
+#: sssd-ldap.5.xml:2175
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2144
+#: sssd-ldap.5.xml:2180
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2149
+#: sssd-ldap.5.xml:2185
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2157
+#: sssd-ldap.5.xml:2193
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2196
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2200
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -5871,7 +6114,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2175
+#: sssd-ldap.5.xml:2211
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -5879,26 +6122,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2223 sssd-ifp.5.xml:136
 #, fuzzy
 #| msgid "timeout (integer)"
-msgid "wildcart_limit (integer)"
+msgid "wildcard_limit (integer)"
 msgstr "noildze (vesels skaitlis)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2226
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2194
+#: sssd-ldap.5.xml:2230
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2234
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
@@ -5913,12 +6156,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2244
 msgid "SUDO OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2210
+#: sssd-ldap.5.xml:2246
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5926,208 +6169,208 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2221
+#: sssd-ldap.5.xml:2257
 msgid "ldap_sudorule_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2260
 msgid "The object class of a sudo rule entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2227
+#: sssd-ldap.5.xml:2263
 msgid "Default: sudoRole"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2233
+#: sssd-ldap.5.xml:2269
 msgid "ldap_sudorule_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2272
 msgid "The LDAP attribute that corresponds to the sudo rule name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2246
+#: sssd-ldap.5.xml:2282
 msgid "ldap_sudorule_command (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2249
+#: sssd-ldap.5.xml:2285
 msgid "The LDAP attribute that corresponds to the command name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2253
+#: sssd-ldap.5.xml:2289
 msgid "Default: sudoCommand"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2259
+#: sssd-ldap.5.xml:2295
 msgid "ldap_sudorule_host (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2262
+#: sssd-ldap.5.xml:2298
 msgid ""
 "The LDAP attribute that corresponds to the host name (or host IP address, "
 "host IP network, or host netgroup)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2303
 msgid "Default: sudoHost"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2273
+#: sssd-ldap.5.xml:2309
 msgid "ldap_sudorule_user (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2276
+#: sssd-ldap.5.xml:2312
 msgid ""
 "The LDAP attribute that corresponds to the user name (or UID, group name or "
 "user's netgroup)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2316
 msgid "Default: sudoUser"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2286
+#: sssd-ldap.5.xml:2322
 msgid "ldap_sudorule_option (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2289
+#: sssd-ldap.5.xml:2325
 msgid "The LDAP attribute that corresponds to the sudo options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2329
 msgid "Default: sudoOption"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2335
 msgid "ldap_sudorule_runasuser (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2302
+#: sssd-ldap.5.xml:2338
 msgid ""
 "The LDAP attribute that corresponds to the user name that commands may be "
 "run as."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2306
+#: sssd-ldap.5.xml:2342
 msgid "Default: sudoRunAsUser"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2312
+#: sssd-ldap.5.xml:2348
 msgid "ldap_sudorule_runasgroup (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2351
 msgid ""
 "The LDAP attribute that corresponds to the group name or group GID that "
 "commands may be run as."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2319
+#: sssd-ldap.5.xml:2355
 msgid "Default: sudoRunAsGroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2361
 msgid "ldap_sudorule_notbefore (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2328
+#: sssd-ldap.5.xml:2364
 msgid ""
 "The LDAP attribute that corresponds to the start date/time for when the sudo "
 "rule is valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2332
+#: sssd-ldap.5.xml:2368
 msgid "Default: sudoNotBefore"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2338
+#: sssd-ldap.5.xml:2374
 msgid "ldap_sudorule_notafter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2341
+#: sssd-ldap.5.xml:2377
 msgid ""
 "The LDAP attribute that corresponds to the expiration date/time, after which "
 "the sudo rule will no longer be valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2346
+#: sssd-ldap.5.xml:2382
 msgid "Default: sudoNotAfter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2352
+#: sssd-ldap.5.xml:2388
 msgid "ldap_sudorule_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2391
 msgid "The LDAP attribute that corresponds to the ordering index of the rule."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2359
+#: sssd-ldap.5.xml:2395
 msgid "Default: sudoOrder"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2365
+#: sssd-ldap.5.xml:2401
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2368
+#: sssd-ldap.5.xml:2404
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2373
+#: sssd-ldap.5.xml:2409
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2378
+#: sssd-ldap.5.xml:2414
 msgid "Default: 21600 (6 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2420
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387
+#: sssd-ldap.5.xml:2423
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest USN "
@@ -6135,101 +6378,101 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2429
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2403
+#: sssd-ldap.5.xml:2439
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2406
+#: sssd-ldap.5.xml:2442
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2417
+#: sssd-ldap.5.xml:2453
 msgid "ldap_sudo_hostnames (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2420
+#: sssd-ldap.5.xml:2456
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2425
+#: sssd-ldap.5.xml:2461
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2430 sssd-ldap.5.xml:2453 sssd-ldap.5.xml:2471
-#: sssd-ldap.5.xml:2489
+#: sssd-ldap.5.xml:2466 sssd-ldap.5.xml:2489 sssd-ldap.5.xml:2507
+#: sssd-ldap.5.xml:2525
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2435 sssd-ldap.5.xml:2458
+#: sssd-ldap.5.xml:2471 sssd-ldap.5.xml:2494
 msgid "Default: not specified"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2477
 msgid "ldap_sudo_ip (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2444
+#: sssd-ldap.5.xml:2480
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2449
+#: sssd-ldap.5.xml:2485
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2464
+#: sssd-ldap.5.xml:2500
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2467
+#: sssd-ldap.5.xml:2503
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2482
+#: sssd-ldap.5.xml:2518
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2485
+#: sssd-ldap.5.xml:2521
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2501
+#: sssd-ldap.5.xml:2537
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -6238,111 +6481,111 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2547
 msgid "AUTOFS OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2513
+#: sssd-ldap.5.xml:2549
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2555
 msgid "ldap_autofs_map_master_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2522
+#: sssd-ldap.5.xml:2558
 msgid "The name of the automount master map in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2525
+#: sssd-ldap.5.xml:2561
 msgid "Default: auto.master"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2532
+#: sssd-ldap.5.xml:2568
 msgid "ldap_autofs_map_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2535
+#: sssd-ldap.5.xml:2571
 msgid "The object class of an automount map entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2538
+#: sssd-ldap.5.xml:2574
 msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2546
+#: sssd-ldap.5.xml:2582
 msgid "ldap_autofs_map_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2549
+#: sssd-ldap.5.xml:2585
 msgid "The name of an automount map entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2552
+#: sssd-ldap.5.xml:2588
 msgid ""
 "Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2596
 msgid "ldap_autofs_entry_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2563
+#: sssd-ldap.5.xml:2599
 msgid ""
 "The object class of an automount entry in LDAP. The entry usually "
 "corresponds to a mount point."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2568
+#: sssd-ldap.5.xml:2604
 msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2576
+#: sssd-ldap.5.xml:2612
 msgid "ldap_autofs_entry_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2579 sssd-ldap.5.xml:2594
+#: sssd-ldap.5.xml:2615 sssd-ldap.5.xml:2630
 msgid ""
 "The key of an automount entry in LDAP. The entry usually corresponds to a "
 "mount point."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2583
+#: sssd-ldap.5.xml:2619
 msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2627
 msgid "ldap_autofs_entry_value (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2598
+#: sssd-ldap.5.xml:2634
 msgid ""
 "Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
 "automountInformation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2517
+#: sssd-ldap.5.xml:2553
 msgid ""
 "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
 "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -6351,56 +6594,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2609
+#: sssd-ldap.5.xml:2645
 msgid "ADVANCED OPTIONS"
 msgstr "PAPLAŠINĀTĀS IESPĒJAS"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2616
+#: sssd-ldap.5.xml:2652
 msgid "ldap_netgroup_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2621
+#: sssd-ldap.5.xml:2657
 msgid "ldap_user_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2626
+#: sssd-ldap.5.xml:2662
 msgid "ldap_group_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2631
+#: sssd-ldap.5.xml:2667
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2633
+#: sssd-ldap.5.xml:2669
 msgid ""
-"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
+"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
 "memberships, even with no GID mapping. It is recommended to disable this "
 "feature, if group names are not being displayed correctly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2640
+#: sssd-ldap.5.xml:2676
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2642
+#: sssd-ldap.5.xml:2678
 msgid "ldap_sudo_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2647
+#: sssd-ldap.5.xml:2683
 msgid "ldap_autofs_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2611
+#: sssd-ldap.5.xml:2647
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -6408,8 +6651,15 @@ msgid ""
 "\"variablelist\" id=\"1\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2698 sssd-simple.5.xml:131 sssd-ipa.5.xml:717
+#: sssd-ad.5.xml:1018 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+msgid "EXAMPLE"
+msgstr "PIEMĒRS"
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2664
+#: sssd-ldap.5.xml:2700
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -6417,7 +6667,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2670
+#: sssd-ldap.5.xml:2706
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -6430,26 +6680,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2669 sssd-ldap.5.xml:2687 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:681 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 include/ldap_id_mapping.xml:105
+#: sssd-ldap.5.xml:2705 sssd-ldap.5.xml:2723 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2681
+#: sssd-ldap.5.xml:2717
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2683
+#: sssd-ldap.5.xml:2719
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2688
+#: sssd-ldap.5.xml:2724
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -6465,13 +6716,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2703 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2739 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1041 sssd.8.xml:195 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "PIEZĪMES"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2705
+#: sssd-ldap.5.xml:2741
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -6628,10 +6879,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:166
-#, fuzzy
-#| msgid "<option>forward_pass</option>"
 msgid "<option>allow_missing_name</option>"
-msgstr "<option>forward_pass</option>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:170
@@ -6661,10 +6910,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:190
-#, fuzzy
-#| msgid "<option>retry=N</option>"
 msgid "<option>prompt_always</option>"
-msgstr "<option>retry=N</option>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:194
@@ -6976,9 +7223,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:45
 msgid ""
-"The rules are process by priority while the number '0' (zero)  indicates the "
-"highest priority. The higher the number the lower is the priority. A missing "
-"value indicates the lowest priority."
+"The rules are processed by priority while the number '0' (zero)  indicates "
+"the highest priority. The higher the number the lower is the priority. A "
+"missing value indicates the lowest priority."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
@@ -7062,7 +7309,7 @@ msgstr ""
 #: sss-certmap.5.xml:112
 msgid ""
 "This option can be used to specify which key usage values the certificate "
-"should have. The following value can be used in a comma separate list:"
+"should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
@@ -7439,7 +7686,7 @@ msgid ""
 "exception is the proxy provider which is not of relevance here). Because of "
 "this the mapping rule is based on LDAP search filter syntax with templates "
 "to add certificate content to the filter. It is expected that the filter "
-"will only contain the specific data needed for the mapping an that the "
+"will only contain the specific data needed for the mapping and that the "
 "caller will embed it in another filter to do the actual search. Because of "
 "this the filter string should start and stop with '(' and ')' respectively."
 msgstr ""
@@ -7459,8 +7706,8 @@ msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
 "is that the user specific data in LDAP might change for various reasons "
-"would would break the mapping. On the other hand it would be hard to break "
-"the mapping on purpose for a specific user."
+"would break the mapping. On the other hand it would be hard to break the "
+"mapping on purpose for a specific user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -7554,7 +7801,7 @@ msgstr ""
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
-"represent the first part of the principal before the '@' sign."
+"represents the first part of the principal before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7572,8 +7819,8 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:459
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by pkinit. The 'short_name' component represent the first part of the "
+"This template will add the Kerberos principal which is given by the SAN used "
+"by pkinit. The 'short_name' component represents the first part of the "
 "principal before the '@' sign."
 msgstr ""
 
@@ -7592,9 +7839,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:473
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by AD. The 'short_name' component represent the first part of the "
-"principal before the '@' sign."
+"This template will add the Kerberos principal which is given by the SAN used "
+"by AD. The 'short_name' component represent the first part of the principal "
+"before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -7607,7 +7854,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
-"represent the first part of the address before the '@' sign."
+"represents the first part of the address before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7627,7 +7874,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
-"component represent the first part of the name before the first '.' sign."
+"component represents the first part of the name before the first '.' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7743,7 +7990,7 @@ msgstr ""
 #: sss-certmap.5.xml:367
 msgid ""
 "The templates to add certificate data to the search filter are based on "
-"Python-style formatting strings. They consists of a keyword in curly braces "
+"Python-style formatting strings. They consist of a keyword in curly braces "
 "with an optional sub-component specifier separated by a '.' or an optional "
 "conversion/formatting option separated by a '!'.  Allowed values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -7863,16 +8110,17 @@ msgstr ""
 #: sssd-ipa.5.xml:113
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
+"fully qualified name used in the IPA domain to identify this host.  The "
+"hostname must be fully qualified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121 sssd-ad.5.xml:843
+#: sssd-ipa.5.xml:122 sssd-ad.5.xml:843
 msgid "dyndns_update (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:125
 msgid ""
 "Optional. This option tells SSSD to automatically update the DNS server "
 "built into FreeIPA with the IP address of this client. The update is secured "
@@ -7882,14 +8130,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:133 sssd-ad.5.xml:857
+#: sssd-ipa.5.xml:134 sssd-ad.5.xml:857
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:139
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_update</"
@@ -7897,12 +8145,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:150 sssd-ad.5.xml:868
+#: sssd-ipa.5.xml:151 sssd-ad.5.xml:868
 msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:153 sssd-ad.5.xml:871
+#: sssd-ipa.5.xml:154 sssd-ad.5.xml:871
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -7910,7 +8158,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:159
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
@@ -7918,17 +8166,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:164
+#: sssd-ipa.5.xml:165
 msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:170 sssd-ad.5.xml:882
+#: sssd-ipa.5.xml:171 sssd-ad.5.xml:882
 msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173 sssd-ad.5.xml:885
+#: sssd-ipa.5.xml:174 sssd-ad.5.xml:885
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -7937,7 +8185,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180
+#: sssd-ipa.5.xml:181
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -7945,24 +8193,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:186
+#: sssd-ipa.5.xml:187
 msgid ""
 "Default: Use the IP addresses of the interface which is used for IPA LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:190 sssd-ad.5.xml:896
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:896
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196 sssd-ad.5.xml:947
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:947
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199 sssd-ad.5.xml:950
+#: sssd-ipa.5.xml:200 sssd-ad.5.xml:950
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -7970,24 +8218,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:205 sssd-ad.5.xml:956
-#, fuzzy
-#| msgid "Default: 1"
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:956
 msgid "Default: GSS-TSIG"
-msgstr "Noklusējuma: 1"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:212
 msgid "ipa_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:197
+#: sssd-ipa.5.xml:215 sssd-ad.5.xml:197
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:218
+#: sssd-ipa.5.xml:219
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, then the SSSD will first attempt location "
@@ -7999,12 +8245,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:237 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:238 sssd-ad.5.xml:902
 msgid "dyndns_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:240
+#: sssd-ipa.5.xml:241
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -8012,234 +8258,278 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:920
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:920
 msgid "dyndns_update_ptr (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:923
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:923
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:261
+#: sssd-ipa.5.xml:262
 msgid ""
 "This option should be False in most IPA deployments as the IPA server "
 "generates the PTR records automatically when forward records are changed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:268
 msgid "Default: False (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273 sssd-ad.5.xml:934
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:934
 msgid "dyndns_force_tcp (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276 sssd-ad.5.xml:937
+#: sssd-ipa.5.xml:277 sssd-ad.5.xml:937
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:941
+#: sssd-ipa.5.xml:281 sssd-ad.5.xml:941
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:286 sssd-ad.5.xml:962
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:962
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:289 sssd-ad.5.xml:965
+#: sssd-ipa.5.xml:290 sssd-ad.5.xml:965
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:294 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:295 sssd-ad.5.xml:970
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:299 sssd-ad.5.xml:975
+#: sssd-ipa.5.xml:300 sssd-ad.5.xml:975
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:304 sssd-ad.5.xml:980
+#: sssd-ipa.5.xml:305 sssd-ad.5.xml:980
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:310
-msgid "ipa_hbac_search_base (string)"
+#: sssd-ipa.5.xml:311
+msgid "ipa_deskprofile_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Optional. Use the given string as search base for HBAC related objects."
+#: sssd-ipa.5.xml:314
+msgid ""
+"Optional. Use the given string as search base for Desktop Profile related "
+"objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:317
+#: sssd-ipa.5.xml:318 sssd-ipa.5.xml:331
 msgid "Default: Use base DN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:324
+msgid "ipa_hbac_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:327
+msgid "Optional. Use the given string as search base for HBAC related objects."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:337
 msgid "ipa_host_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:326
+#: sssd-ipa.5.xml:340
 msgid "Optional. Use the given string as search base for host objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:330 sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 sssd-ipa.5.xml:387
-#: sssd-ipa.5.xml:406
+#: sssd-ipa.5.xml:344 sssd-ipa.5.xml:363 sssd-ipa.5.xml:382 sssd-ipa.5.xml:401
+#: sssd-ipa.5.xml:420
 msgid ""
 "See <quote>ldap_search_base</quote> for information about configuring "
 "multiple search bases."
 msgstr ""
 
 #. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:335 sssd-ipa.5.xml:354 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 include/ldap_search_bases.xml:27
 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:356
 msgid "ipa_selinux_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:345
+#: sssd-ipa.5.xml:359
 msgid "Optional. Use the given string as search base for SELinux user maps."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:375
 msgid "ipa_subdomains_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364
+#: sssd-ipa.5.xml:378
 msgid "Optional. Use the given string as search base for trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:373
+#: sssd-ipa.5.xml:387
 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:380
+#: sssd-ipa.5.xml:394
 msgid "ipa_master_domain_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:383
+#: sssd-ipa.5.xml:397
 msgid "Optional. Use the given string as search base for master domain object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:406
 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:399
+#: sssd-ipa.5.xml:413
 msgid "ipa_views_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:402
+#: sssd-ipa.5.xml:416
 msgid "Optional. Use the given string as search base for views containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:411
+#: sssd-ipa.5.xml:425
 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:435
 msgid ""
 "The name of the Kerberos realm. This is optional and defaults to the value "
 "of <quote>ipa_domain</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:425
+#: sssd-ipa.5.xml:439
 msgid ""
 "The name of the Kerberos realm has a special meaning in IPA - it is "
 "converted into the base DN to use for performing LDAP operations."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:433 sssd-ad.5.xml:989
+#: sssd-ipa.5.xml:447 sssd-ad.5.xml:989
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:436 sssd-ad.5.xml:992
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:992
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:440 sssd-ad.5.xml:996
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:996
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:444 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1000
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:465
+msgid "ipa_deskprofile_refresh (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:468
 msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server. This will reduce the latency and load on the IPA server if there "
+"are many desktop profiles requests made in a short period."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ipa.5.xml:477 sssd-ad.5.xml:408
+#: sssd-ipa.5.xml:475 sssd-ipa.5.xml:505 sssd-ipa.5.xml:521 sssd-ad.5.xml:408
 msgid "Default: 5 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:481
+msgid "ipa_deskprofile_request_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:484
+msgid ""
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server in case the last request did not return any rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:489
+#, fuzzy
+#| msgid "Default: 0 (unlimited)"
+msgid "Default: 60 (minutes)"
+msgstr "Noklusējuma: 0 (neierobežots)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:495
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:498
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:511
 msgid "ipa_hbac_selinux (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:470
+#: sssd-ipa.5.xml:514
 msgid ""
 "The amount of time between lookups of the SELinux maps against the IPA "
 "server. This will reduce the latency and load on the IPA server if there are "
@@ -8247,192 +8537,192 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:527
 msgid "ipa_server_mode (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:486
+#: sssd-ipa.5.xml:530
 msgid ""
 "This option will be set by the IPA installer (ipa-server-install) "
 "automatically and denotes if SSSD is running on an IPA server or not."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:535
 msgid ""
 "On an IPA server SSSD will lookup users and groups from trusted domains "
 "directly while on a client it will ask an IPA server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:502
+#: sssd-ipa.5.xml:546
 msgid "ipa_automount_location (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:505
+#: sssd-ipa.5.xml:549
 msgid "The automounter location this IPA client will be using"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508
+#: sssd-ipa.5.xml:552
 msgid "Default: The location named \"default\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:516
+#: sssd-ipa.5.xml:560
 msgid "VIEWS AND OVERRIDES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:525
+#: sssd-ipa.5.xml:569
 msgid "ipa_view_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:572
 msgid "Objectclass of the view container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:575
 msgid "Default: nsContainer"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:537
+#: sssd-ipa.5.xml:581
 msgid "ipa_view_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:540
+#: sssd-ipa.5.xml:584
 msgid "Name of the attribute holding the name of the view."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:550
+#: sssd-ipa.5.xml:594
 msgid "ipa_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:597
 msgid "Objectclass of the override objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:556
+#: sssd-ipa.5.xml:600
 msgid "Default: ipaOverrideAnchor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:606
 msgid "ipa_anchor_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:565
+#: sssd-ipa.5.xml:609
 msgid ""
 "Name of the attribute containing the reference to the original object in a "
 "remote domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:613
 msgid "Default: ipaAnchorUUID"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:619
 msgid "ipa_user_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:578
+#: sssd-ipa.5.xml:622
 msgid ""
 "Name of the objectclass for user overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:583
+#: sssd-ipa.5.xml:627
 msgid "User overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:586
+#: sssd-ipa.5.xml:630
 msgid "ldap_user_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:589
+#: sssd-ipa.5.xml:633
 msgid "ldap_user_uid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:592
+#: sssd-ipa.5.xml:636
 msgid "ldap_user_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:595
+#: sssd-ipa.5.xml:639
 msgid "ldap_user_gecos"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:598
+#: sssd-ipa.5.xml:642
 msgid "ldap_user_home_directory"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:601
+#: sssd-ipa.5.xml:645
 msgid "ldap_user_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:604
+#: sssd-ipa.5.xml:648
 msgid "ldap_user_ssh_public_key"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:653
 msgid "Default: ipaUserOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:615
+#: sssd-ipa.5.xml:659
 msgid "ipa_group_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:618
+#: sssd-ipa.5.xml:662
 msgid ""
 "Name of the objectclass for group overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:623
+#: sssd-ipa.5.xml:667
 msgid "Group overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:626
+#: sssd-ipa.5.xml:670
 msgid "ldap_group_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:629
+#: sssd-ipa.5.xml:673
 msgid "ldap_group_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
+#: sssd-ipa.5.xml:678
 msgid "Default: ipaGroupOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:518
+#: sssd-ipa.5.xml:562
 msgid ""
 "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
 "later version. Since all paths and objectclasses are fixed on the server "
@@ -8442,19 +8732,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:646
+#: sssd-ipa.5.xml:690
 msgid "SUBDOMAINS PROVIDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:692
 msgid ""
 "The IPA subdomains provider behaves slightly differently if it is configured "
 "explicitly or implicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:652
+#: sssd-ipa.5.xml:696
 msgid ""
 "If the option 'subdomains_provider = ipa' is found in the domain section of "
 "sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -8462,7 +8752,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:658
+#: sssd-ipa.5.xml:702
 msgid ""
 "If the option 'subdomains_provider' is not set in the domain section of sssd."
 "conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -8474,7 +8764,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:675
+#: sssd-ipa.5.xml:719
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -8482,7 +8772,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:682
+#: sssd-ipa.5.xml:726
 #, no-wrap
 msgid ""
 "[domain/example.com]\n"
@@ -9358,10 +9648,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:819
-#, fuzzy
-#| msgid "Default: 300"
 msgid "Default: 30 days"
-msgstr "Noklusējuma: 300"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:825
@@ -9372,18 +9660,16 @@ msgstr ""
 #: sssd-ad.5.xml:828
 msgid ""
 "This option should only be used to test the machine account renewal task. "
-"The option expect 2 integers seperated by a colon (':'). The first integer "
+"The option expects 2 integers separated by a colon (':'). The first integer "
 "defines the interval in seconds how often the task is run. The second "
-"specifies the inital timeout in seconds before the task is run for the first "
-"time after startup."
+"specifies the initial timeout in seconds before the task is run for the "
+"first time after startup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:837
-#, fuzzy
-#| msgid "Default: 86400 (24 hours)"
 msgid "Default: 86400:750 (24h and 15m)"
-msgstr "Noklusējuma: 86400 (24 stundas)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:846
@@ -9481,8 +9767,8 @@ msgid ""
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
+#. type: Content of: <reference><refentry><refmeta><refentrytitle>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
 msgid "sssd-sudo"
 msgstr ""
 
@@ -9805,12 +10091,12 @@ msgid "Run in the foreground, don't become a daemon."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117 sss_debuglevel.8.xml:42
+#: sssd.8.xml:117
 msgid "<option>-c</option>,<option>--config</option>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121 sss_debuglevel.8.xml:46
+#: sssd.8.xml:121
 msgid ""
 "Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
 "conf</filename>. For reference on the config file syntax and options, "
@@ -9983,10 +10269,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_override.8.xml:10 sss_override.8.xml:15
-#, fuzzy
-#| msgid "sss_userdel"
 msgid "sss_override"
-msgstr "sss_userdel"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_override.8.xml:16
@@ -10238,10 +10522,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sss_override.8.xml:261 sssctl.8.xml:50
-#, fuzzy
-#| msgid "CONFIGURATION OPTIONS"
 msgid "COMMON OPTIONS"
-msgstr "KONFIGURĒŠANAS IESPĒJAS"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:263 sssctl.8.xml:52
@@ -11484,7 +11766,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_debuglevel.8.xml:16
-msgid "change debug level while SSSD is running"
+msgid "[DEPRECATED] change debug level while SSSD is running"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
@@ -11498,14 +11780,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_debuglevel.8.xml:32
 msgid ""
-"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
-"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
-"running."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_debuglevel.8.xml:59
-msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl "
+"debug-level command. Please refer to the <command>sssctl</command> man page "
+"for more information on sssctl usage."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
@@ -11902,7 +12179,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><title>
-#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:182 include/seealso.xml:2
+#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:180 include/seealso.xml:2
 msgid "SEE ALSO"
 msgstr "SKATĪT ARĪ"
 
@@ -12075,7 +12352,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: idmap_sss.8.xml:16
-msgid "SSSSD's idmap_sss Backend for Winbind"
+msgid "SSSD's idmap_sss Backend for Winbind"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
@@ -12087,10 +12364,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: idmap_sss.8.xml:29
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "IDMAP OPTIONS"
-msgstr "IESPĒJAS"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: idmap_sss.8.xml:33
@@ -12104,13 +12379,6 @@ msgid ""
 "authoritative."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><title>
-#: idmap_sss.8.xml:43
-#, fuzzy
-#| msgid "EXAMPLE"
-msgid "EXAMPLES"
-msgstr "PIEMĒRS"
-
 #. type: Content of: <reference><refentry><refsect1><para>
 #: idmap_sss.8.xml:45
 msgid ""
@@ -12168,10 +12436,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-files.5.xml:10 sssd-files.5.xml:16
-#, fuzzy
-#| msgid "sssd-simple"
 msgid "sssd-files"
-msgstr "sssd-simple"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-files.5.xml:17
@@ -12228,10 +12494,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-secrets.5.xml:10 sssd-secrets.5.xml:16
-#, fuzzy
-#| msgid "sssd-simple"
 msgid "sssd-secrets"
-msgstr "sssd-simple"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-secrets.5.xml:17
@@ -12280,20 +12544,53 @@ msgid ""
 "nested."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:69
+msgid "secrets"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:70
+msgid "secrets for general usage"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:73
+msgid "kcm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:75
+msgid ""
+"used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:61
+msgid ""
+"Since the secrets responder can be used both externally to store general "
+"secrets, as described in the rest of this man page, but also internally by "
+"other SSSD components to store their secret material, some configuration "
+"options, like quotas can be configured per <quote>hive</quote> in a "
+"configuration subsection named after the hive. The currently supported hives "
+"are: <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:63
+#: sssd-secrets.5.xml:89
 msgid "USING THE SECRETS RESPONDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:65
+#: sssd-secrets.5.xml:91
 msgid ""
 "The UNIX socket the SSSD responder listens on is located at <filename>/var/"
 "run/secrets.socket</filename>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:84 sssd-kcm.8.xml:132
+#: sssd-secrets.5.xml:110
 #, no-wrap
 msgid ""
 "systemctl start sssd-secrets.socket\n"
@@ -12303,7 +12600,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:69
+#: sssd-secrets.5.xml:95
 msgid ""
 "The secrets responder is socket-activated by <citerefentry> "
 "<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </"
@@ -12318,7 +12615,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:96
+#: sssd-secrets.5.xml:122
 msgid ""
 "The generic SSSD responder options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the secrets responder.  Please refer "
@@ -12327,18 +12624,27 @@ msgid ""
 "there are some secrets-specific options as well."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:132
+msgid ""
+"The secrets responder is configured with a global <quote>[secrets]</quote> "
+"section and an optional per-user <quote>[secrets/users/$uid]</quote> section "
+"in <filename>sssd.conf</filename>. Please note that some options, notably as "
+"the provider type, can only be specified in the per-user subsections."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:107
+#: sssd-secrets.5.xml:141
 msgid "provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:120
+#: sssd-secrets.5.xml:157
 msgid "local"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:123
+#: sssd-secrets.5.xml:160
 msgid ""
 "The secrets are stored in a local database, encrypted at rest with a master "
 "key. The local provider does not have any additional config options at the "
@@ -12346,151 +12652,192 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:131
+#: sssd-secrets.5.xml:168
 msgid "proxy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:134
+#: sssd-secrets.5.xml:171
 msgid ""
 "The secrets responder forwards the requests to a Custodia server. The proxy "
 "provider supports several additional options (see below)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:110
+#: sssd-secrets.5.xml:144
 msgid ""
 "This option specifies where should the secrets be stored. The secrets "
-"responder can configure a per-user subsections that define which provider "
-"store the secrets for this particular user. The per-user subsections should "
-"contain all options for that user's provider. If a per-user section does not "
-"exist, the global settings from the secret responder's section are used.  "
-"The following providers are supported: <placeholder type=\"variablelist\" id="
-"\"0\"/>"
+"responder can configure a per-user subsections (e.g. <quote>[secrets/"
+"users/123]</quote> - see bottom of this manual page for a full example using "
+"Custodia for a particular user) that define which provider store the secrets "
+"for this particular user. The per-user subsections should contain all "
+"options for that user's provider. Please note that currently the global "
+"provider is always local, the proxy provider can only be specified in a per-"
+"user section. The following providers are supported: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:143
-#, fuzzy
-#| msgid "Default: ldap"
+#: sssd-secrets.5.xml:180
 msgid "Default: local"
-msgstr "Noklusējuma: ldap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:186
+msgid ""
+"The following options affect only the secrets <quote>hive</quote> and "
+"therefore should be set in a per-hive subsection. Setting the option to 0 "
+"means \"unlimited\"."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:148
+#: sssd-secrets.5.xml:192
 msgid "containers_nest_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:151
+#: sssd-secrets.5.xml:195
 msgid "This option specifies the maximum allowed number of nested containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:155
-#, fuzzy
-#| msgid "Default: 1"
+#: sssd-secrets.5.xml:199
 msgid "Default: 4"
-msgstr "Noklusējuma: 1"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:160
+#: sssd-secrets.5.xml:204
+msgid "max_secrets (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:207
+msgid ""
+"This option specifies the maximum number of secrets that can be stored in "
+"the hive."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:211
+msgid "Default: 1024 (secrets hive), 256 (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:216
 #, fuzzy
 #| msgid "timeout (integer)"
-msgid "max_secrets (integer)"
+msgid "max_uid_secrets (integer)"
 msgstr "noildze (vesels skaitlis)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:163
-msgid "This option specifies the maximum number of secrets that can be stored."
+#: sssd-secrets.5.xml:219
+msgid ""
+"This option specifies the maximum number of secrets that can be stored per-"
+"UID in the hive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:167
-#, fuzzy
-#| msgid "Default: 10"
-msgid "Default: 1024"
-msgstr "Noklusējuma: 10"
+#: sssd-secrets.5.xml:223
+msgid "Default: 256 (secrets hive), 64 (kcm hive)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:172
+#: sssd-secrets.5.xml:228
 msgid "max_payload_size (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:175
+#: sssd-secrets.5.xml:231
 msgid ""
 "This option specifies the maximum payload size allowed for a secret payload "
 "in kilobytes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:179
-#, fuzzy
-#| msgid "Default: 1"
-msgid "Default: 16"
-msgstr "Noklusējuma: 1"
+#: sssd-secrets.5.xml:235
+msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-secrets.5.xml:244
+#, no-wrap
+msgid ""
+"[secrets/secrets]\n"
+"max_payload_size = 128\n"
+"\n"
+"[secrets/kcm]\n"
+"max_payload_size = 256\n"
+"            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:241
+msgid ""
+"For example, to adjust quotas differently for both the <quote>secrets</"
+"quote> and the <quote>kcm</quote> hives, configure the following: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:185
+#: sssd-secrets.5.xml:252
 msgid ""
 "The following options are only applicable for configurations that use the "
 "<quote>proxy</quote> provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:190
+#: sssd-secrets.5.xml:257
 msgid "proxy_url (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:193
+#: sssd-secrets.5.xml:260
 msgid ""
 "The URL the Custodia server is listening on. At the moment, http and https "
 "protocols are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:200
+#: sssd-secrets.5.xml:267
 msgid "http[s]://&lt;host&gt;[:port]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:203
+#: sssd-secrets.5.xml:270
 msgid "Example: http://localhost:8080"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:208
+#: sssd-secrets.5.xml:275
 msgid "auth_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:211
+#: sssd-secrets.5.xml:278
 msgid ""
 "The method to use when authenticating to a Custodia server. The following "
 "authentication methods are supported:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:216
+#: sssd-secrets.5.xml:283
 msgid "basic_auth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:219
+#: sssd-secrets.5.xml:286
 msgid ""
 "Authenticate with a username and a password as set in the <quote>username</"
 "quote> and <quote>password</quote> options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:226
+#: sssd-secrets.5.xml:293
 msgid "header"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:229
+#: sssd-secrets.5.xml:296
 msgid ""
 "Authenticate with HTTP header value as defined in the "
 "<quote>auth_header_name</quote> and <quote>auth_header_value</quote> "
@@ -12498,12 +12845,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:240
+#: sssd-secrets.5.xml:307
 msgid "auth_header_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:243
+#: sssd-secrets.5.xml:310
 msgid ""
 "If set, the secrets responder would put a header with this name into the "
 "HTTP request with the value defined in the <quote>auth_header_value</quote> "
@@ -12511,83 +12858,81 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:248
+#: sssd-secrets.5.xml:315
 msgid "Example: MYSECRETNAME"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:253
+#: sssd-secrets.5.xml:320
 msgid "auth_header_value (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:256
+#: sssd-secrets.5.xml:323
 msgid ""
 "The value sssd-secrets would use for the <quote>auth_header_name</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:260
-#, fuzzy
-#| msgid "Example:"
+#: sssd-secrets.5.xml:327
 msgid "Example: mysecret"
-msgstr "Piemērs:"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:265
+#: sssd-secrets.5.xml:332
 msgid "forward_headers (list of strings)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:268
+#: sssd-secrets.5.xml:335
 msgid ""
 "The list of HTTP headers to forward to the Custodia server together with the "
 "request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:277
+#: sssd-secrets.5.xml:344
 msgid "verify_peer (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:280
+#: sssd-secrets.5.xml:347
 msgid ""
 "Whether peer's certificate should be verified and valid if HTTPS protocol is "
 "used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:289
+#: sssd-secrets.5.xml:356
 msgid "verify_host (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:292
+#: sssd-secrets.5.xml:359
 msgid ""
 "Whether peer's hostname must match with hostname in its certificate if HTTPS "
 "protocol is used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:302
+#: sssd-secrets.5.xml:369
 msgid "capath (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:305
+#: sssd-secrets.5.xml:372
 msgid ""
 "Path to directory containing stored certificate authority certificates. "
 "System default path is used if this option is not set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:315
+#: sssd-secrets.5.xml:382
 msgid "cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:318
+#: sssd-secrets.5.xml:385
 msgid ""
 "Path to file containing server's certificate authority certificate. If this "
 "option is not set then the CA's certificate is looked up in <quote>capath</"
@@ -12595,12 +12940,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:328
+#: sssd-secrets.5.xml:395
 msgid "cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:331
+#: sssd-secrets.5.xml:398
 msgid ""
 "Path to file containing client's certificate if required by the server. This "
 "file may also contain private key or the private key may be in separate file "
@@ -12608,22 +12953,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:342
+#: sssd-secrets.5.xml:409
 msgid "key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:345
+#: sssd-secrets.5.xml:412
 msgid "Path to file containing client's private key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:355
+#: sssd-secrets.5.xml:422
 msgid "USING THE REST API"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:357
+#: sssd-secrets.5.xml:424
 msgid ""
 "This section lists the available commands and includes examples using the "
 "<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> "
@@ -12638,19 +12983,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:374
+#: sssd-secrets.5.xml:441
 msgid "Listing secrets"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:377
+#: sssd-secrets.5.xml:444
 msgid ""
 "To list the available secrets, send a HTTP GET request with a trailing slash "
 "appended to the container path."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:383
+#: sssd-secrets.5.xml:450
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12660,19 +13005,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:391
+#: sssd-secrets.5.xml:458
 msgid "Retrieving a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:394
+#: sssd-secrets.5.xml:461
 msgid ""
 "To read a value of a single secret, send a HTTP GET request without a "
 "trailing slash. The last portion of the URI is the name of the secret."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:401
+#: sssd-secrets.5.xml:468
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12682,7 +13027,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:406
+#: sssd-secrets.5.xml:473
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -12692,19 +13037,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:399
+#: sssd-secrets.5.xml:466
 msgid ""
 "Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
 "\"programlisting\" id=\"1\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:414
+#: sssd-secrets.5.xml:481
 msgid "Setting a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:417
+#: sssd-secrets.5.xml:484
 msgid ""
 "To set a secret using the <quote>application/json</quote> type, send a HTTP "
 "PUT request with a JSON payload that includes type and value. The type "
@@ -12713,14 +13058,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:425
+#: sssd-secrets.5.xml:492
 msgid ""
 "The <quote>application/json</quote> type just sends the secret as the "
 "message payload."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:434
+#: sssd-secrets.5.xml:501
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12731,7 +13076,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:440
+#: sssd-secrets.5.xml:507
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -12742,7 +13087,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:429
+#: sssd-secrets.5.xml:496
 msgid ""
 "The following example sets a secret named 'foo' to a value of 'foosecret' "
 "and a secret named 'bar' to a value of 'barsecret' using a different Content "
@@ -12751,12 +13096,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:449
+#: sssd-secrets.5.xml:516
 msgid "Creating a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:452
+#: sssd-secrets.5.xml:519
 msgid ""
 "Containers provide an additional namespace for this user's secrets. To "
 "create a container, send a HTTP POST request, whose URI ends with the "
@@ -12764,7 +13109,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:462
+#: sssd-secrets.5.xml:529
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12774,14 +13119,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:459
+#: sssd-secrets.5.xml:526
 msgid ""
 "The following example creates a container named 'mycontainer': <placeholder "
 "type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:471
+#: sssd-secrets.5.xml:538
 #, no-wrap
 msgid ""
 "http://localhost/secrets/mycontainer/mysecret\n"
@@ -12789,28 +13134,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:468
+#: sssd-secrets.5.xml:535
 msgid ""
 "To manipulate secrets under this container, just nest the secrets underneath "
 "the container path: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:477
-#, fuzzy
-#| msgid "delete a user account"
+#: sssd-secrets.5.xml:544
 msgid "Deleting a secret or a container"
-msgstr "dzēst lietotāja kontu"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:480
+#: sssd-secrets.5.xml:547
 msgid ""
 "To delete a secret or a container, send a HTTP DELETE request with a path to "
 "the secret or the container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:486
+#: sssd-secrets.5.xml:553
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12820,19 +13163,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:484
+#: sssd-secrets.5.xml:551
 msgid ""
 "The following example deletes a secret named 'foo'.  <placeholder type="
 "\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:496
+#: sssd-secrets.5.xml:563
 msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:498
+#: sssd-secrets.5.xml:565
 msgid ""
 "For testing the proxy provider, you need to set up a Custodia server to "
 "proxy requests to. Please always consult the Custodia documentation, the "
@@ -12840,7 +13183,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:509
+#: sssd-secrets.5.xml:576
 #, no-wrap
 msgid ""
 "[global]\n"
@@ -12870,7 +13213,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:503
+#: sssd-secrets.5.xml:570
 msgid ""
 "This configuration will set up a Custodia server listening on http://"
 "localhost:8080, allowing anyone with header named MYSECRETNAME set to "
@@ -12880,14 +13223,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:535
+#: sssd-secrets.5.xml:602
 msgid ""
 "Then run the <replaceable>custodia</replaceable> command, pointing it at the "
 "config file as a command line argument."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:539
+#: sssd-secrets.5.xml:606
 msgid ""
 "Please note that currently it's not possible to proxy all requests globally "
 "to a Custodia instance. Instead, per-user subsections for user IDs that "
@@ -12898,7 +13241,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><programlisting>
-#: sssd-secrets.5.xml:547
+#: sssd-secrets.5.xml:614
 #, no-wrap
 msgid ""
 "[secrets]\n"
@@ -12913,11 +13256,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-session-recording.5.xml:16
+msgid "sssd-session-recording"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-session-recording.5.xml:17
+msgid "Configuring session recording with SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:23
+msgid ""
+"This manual page describes how to configure <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to "
+"implement user session recording on text terminals.  For a detailed "
+"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> "
+"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:41
+msgid ""
+"SSSD can be set up to enable recording of everything specific users see or "
+"type during their sessions on text terminals. E.g.  when users log in on the "
+"console, or via SSH. SSSD itself doesn't record anything, but makes sure "
+"tlog-rec-session is started upon user login, so it can record according to "
+"its configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:48
+msgid ""
+"For users with session recording enabled, SSSD replaces the user shell with "
+"tlog-rec-session in NSS responses, and adds a variable specifying the "
+"original shell to the user environment, upon PAM session setup. This way "
+"tlog-rec-session can be started in place of the user shell, and know which "
+"actual shell to start, once it set up the recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:60
+msgid "These options can be used to configure the session recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:146
+msgid ""
+"The following snippet of sssd.conf enables session recording for users "
+"\"contractor1\" and \"contractor2\", and group \"students\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-session-recording.5.xml:151
+#, no-wrap
+msgid ""
+"[session_recording]\n"
+"scope = some\n"
+"users = contractor1, contractor2\n"
+"groups = students\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
-#, fuzzy
-#| msgid "sssd-krb5"
 msgid "sssd-kcm"
-msgstr "sssd-krb5"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-kcm.8.xml:17
@@ -13031,7 +13437,6 @@ msgstr ""
 msgid ""
 "systemctl start sssd-kcm.socket\n"
 "systemctl enable sssd-kcm.socket\n"
-"systemctl enable sssd-kcm.service\n"
 "            "
 msgstr ""
 
@@ -13048,12 +13453,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-kcm.8.xml:123
+#: sssd-kcm.8.xml:122
 msgid "THE CREDENTIAL CACHE STORAGE"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:131
+#, no-wrap
+msgid ""
+"systemctl start sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.socket\n"
+"            "
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:125
+#: sssd-kcm.8.xml:124
 msgid ""
 "The credential caches are stored in the SSSD secrets service (see "
 "<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
@@ -13064,7 +13478,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:143
+#: sssd-kcm.8.xml:141
 msgid ""
 "The KCM service is configured in the <quote>kcm</quote> section of the sssd."
 "conf file. Please note that currently, is it not sufficient to restart the "
@@ -13077,7 +13491,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:157
+#: sssd-kcm.8.xml:155
 msgid ""
 "The generic SSSD service options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the kcm service.  Please refer to "
@@ -13087,28 +13501,410 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-kcm.8.xml:168
+#: sssd-kcm.8.xml:166
 msgid "socket_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:171
+#: sssd-kcm.8.xml:169
 msgid "The socket the KCM service will listen on."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:174
+#: sssd-kcm.8.xml:172
 msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:184
+#: sssd-kcm.8.xml:182
 msgid ""
 "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>,"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
+#, fuzzy
+#| msgid "sssd-simple"
+msgid "sssd-systemtap"
+msgstr "sssd-simple"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-systemtap.5.xml:17
+msgid "SSSD systemtap information"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:23
+msgid ""
+"This manual page provides information about the systemtap functionality in "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:32
+msgid ""
+"SystemTap Probe points have been added into various locations in SSSD code "
+"to assist in troubleshooting and analyzing performance related issues."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:40
+msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:46
+msgid ""
+"Probes and miscellaneous functions are defined in /usr/share/systemtap/"
+"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp "
+"respectively."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-systemtap.5.xml:57
+msgid "PROBE POINTS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:341
+msgid ""
+"The information below lists the probe points and arguments available in the "
+"following format:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:64
+msgid "probe $name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:67
+msgid "Description of probe point"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:70
+#, no-wrap
+msgid ""
+"variable1:datatype\n"
+"variable2:datatype\n"
+"variable3:datatype\n"
+"...\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:80
+msgid "Database Transaction Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:84
+msgid "probe sssd_transaction_start"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:87
+msgid ""
+"Start of a sysdb transaction, probes the sysdb_transaction_start() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118
+#: sssd-systemtap.5.xml:131
+#, no-wrap
+msgid ""
+"nesting:integer\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:97
+msgid "probe sssd_transaction_cancel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:100
+msgid ""
+"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel()  "
+"function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:111
+msgid "probe sssd_transaction_commit_before"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:114
+msgid "Probes the sysdb_transaction_commit_before()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:124
+msgid "probe sssd_transaction_commit_after"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:127
+msgid "Probes the sysdb_transaction_commit_after()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:141
+msgid "LDAP Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:145
+msgid "probe sdap_search_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:148
+msgid "Probes the sdap_get_generic_ext_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:152 sssd-systemtap.5.xml:167 sssd-systemtap.5.xml:196
+#, no-wrap
+msgid ""
+"base:string\n"
+"scope:integer\n"
+"filter:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:160
+msgid "probe sdap_search_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:163
+msgid "Probes the sdap_get_generic_ext_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:175
+msgid "probe sdap_deref_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:178
+msgid "Probes the sdap_deref_search_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:182
+#, no-wrap
+msgid ""
+"base_dn:string\n"
+"deref_attr:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:189
+msgid "probe sdap_deref_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:192
+msgid "Probes the sdap_deref_search_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:208
+msgid "LDAP Account Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:212
+msgid "probe sdap_acct_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:215
+msgid "Probes the sdap_acct_req_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:219 sssd-systemtap.5.xml:234
+#, no-wrap
+msgid ""
+"entry_type:int\n"
+"filter_type:int\n"
+"filter_value:string\n"
+"extra_value:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:227
+msgid "probe sdap_acct_req_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:230
+msgid "Probes the sdap_acct_req_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:246
+msgid "LDAP User Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:250
+msgid "probe sdap_search_user_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:253
+msgid "Probes the sdap_search_user_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
+#: sssd-systemtap.5.xml:293
+#, no-wrap
+msgid ""
+"filter:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:262
+msgid "probe sdap_search_user_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:265
+msgid "Probes the sdap_search_user_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:274
+msgid "probe sdap_search_user_save_begin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:277
+msgid "Probes the sdap_search_user_save_begin()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:286
+msgid "probe sdap_search_user_save_end"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:289
+msgid "Probes the sdap_search_user_save_end()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:302
+msgid "Data Provider Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:306
+msgid "probe dp_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:309
+msgid "A Data Provider request is submitted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:312
+#, no-wrap
+msgid ""
+"dp_req_domain:string\n"
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:320
+msgid "probe dp_req_done"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:323
+msgid "A Data Provider request is completed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:326
+#, no-wrap
+msgid ""
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"dp_ret:int\n"
+"dp_errorstr:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:339
+msgid "MISCELLANEOUS FUNCTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:346
+msgid "function acct_req_desc(entry_type)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:349
+msgid "Convert entry_type to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:354
+msgid ""
+"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
+"filter_value, extra_value)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:358
+msgid "Create probe string based on filter type"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:363
+msgid "function dp_target_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:366
+msgid "Convert target to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:371
+msgid "function dp_method_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:374
+msgid "Convert method to string and return string"
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
 msgid "SERVICE DISCOVERY"
@@ -13258,6 +14054,67 @@ msgid ""
 "offline mode, and then attempts to reconnect every 30 seconds."
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:53
+msgid "Failover time outs and tuning"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:55
+msgid ""
+"Resolving a server to connect to can be as simple as running a single DNS "
+"query or can involve several steps, such as finding the correct site or "
+"trying out multiple host names in case some of the configured servers are "
+"not reachable. The more complex scenarios can take some time and SSSD needs "
+"to balance between providing enough time to finish the resolution process "
+"but on the other hand, not trying for too long before falling back to "
+"offline mode. If the SSSD debug logs show that the server resolution is "
+"timing out before a live server is contacted, you can consider changing the "
+"time outs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:76
+msgid "dns_resolver_op_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:80
+msgid "How long would SSSD talk to a single DNS server."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:86
+msgid "dns_resolver_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:90
+msgid ""
+"How long would SSSD try to resolve a failover service. This service "
+"resolution internally might include several steps, such as resolving DNS SRV "
+"queries or locating the site."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:67
+msgid ""
+"This section lists the available tunables. Please refer to their description "
+"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, manual page.  <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:100
+msgid ""
+"For LDAP-based providers, the resolve operation is performed as part of an "
+"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"quote> timeout should be set to a larger value than "
+"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
+"value than <quote>dns_resolver_op_timeout</quote>."
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/ldap_id_mapping.xml:2
 msgid "ID MAPPING"
@@ -13837,34 +14694,37 @@ msgid ""
 "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> "
 "<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+"citerefentry>, </phrase> <citerefentry> <refentrytitle>sssd-session-"
+"recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, "
+"<citerefentry> <refentrytitle>sss_cache</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
-"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
+"\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
 "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>.  <citerefentry> "
 "<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
+"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
+"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> </phrase>"
 msgstr ""
 
 #. type: Content of: <listitem><para>
@@ -14155,42 +15015,37 @@ msgstr ""
 msgid "ldap_user_auth_type = ipaUserAuthType"
 msgstr ""
 
-#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:88
-msgid "ldap_user_certificate = userCertificate;binary"
-msgstr ""
-
 #. type: Content of: <refsect1><refsect2><title>
-#: include/ipa_modified_defaults.xml:94
+#: include/ipa_modified_defaults.xml:89
 msgid "LDAP Provider - Group options"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:98
+#: include/ipa_modified_defaults.xml:93
 msgid "ldap_group_object_class = ipaUserGroup"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:103
+#: include/ipa_modified_defaults.xml:98
 msgid "ldap_group_object_class_alt = posixGroup"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:108
+#: include/ipa_modified_defaults.xml:103
 msgid "ldap_group_member = member"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:113
+#: include/ipa_modified_defaults.xml:108
 msgid "ldap_group_uuid = ipaUniqueID"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:118
+#: include/ipa_modified_defaults.xml:113
 msgid "ldap_group_objectsid = ipaNTSecurityIdentifier"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:123
+#: include/ipa_modified_defaults.xml:118
 msgid "ldap_group_external_member = ipaExternalMember"
 msgstr ""
diff --git a/src/man/po/nl.po b/src/man/po/nl.po
index 3003e3b9e..5dfa4a940 100644
--- a/src/man/po/nl.po
+++ b/src/man/po/nl.po
@@ -6,9 +6,9 @@
 # Wijnand Modderman-Lenstra <accounts-transifex@maze.io>, 2011
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.12.90\n"
+"Project-Id-Version: sssd-docs 1.15.3\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2017-07-25 11:51+0200\n"
+"POT-Creation-Date: 2017-10-20 16:15+0200\n"
 "PO-Revision-Date: 2014-12-15 12:02-0500\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/"
@@ -30,7 +30,8 @@ msgstr ""
 #: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
 #: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
 #: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5
-#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-kcm.8.xml:5
+#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-session-recording.5.xml:5
+#: sssd-kcm.8.xml:5 sssd-systemtap.5.xml:5
 msgid "SSSD Manual pages"
 msgstr "SSSD handleiding"
 
@@ -75,7 +76,8 @@ msgstr ""
 #: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31
 #: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
 #: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30
-#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-kcm.8.xml:21
+#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-session-recording.5.xml:21
+#: sssd-kcm.8.xml:21 sssd-systemtap.5.xml:21
 msgid "DESCRIPTION"
 msgstr "OMSCHRIJVING"
 
@@ -92,8 +94,8 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "OPTIES"
 
@@ -144,7 +146,8 @@ msgstr "sssd.conf"
 #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
 #: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11
 #: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
-#: sssd-files.5.xml:11 sssd-secrets.5.xml:11
+#: sssd-files.5.xml:11 sssd-secrets.5.xml:11 sssd-session-recording.5.xml:11
+#: sssd-systemtap.5.xml:11
 msgid "5"
 msgstr "5"
 
@@ -152,7 +155,8 @@ msgstr "5"
 #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
 #: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12
 #: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
-#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-kcm.8.xml:12
+#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-session-recording.5.xml:12
+#: sssd-kcm.8.xml:12 sssd-systemtap.5.xml:12
 msgid "File Formats and Conventions"
 msgstr "Bestandsformaten en conventies"
 
@@ -289,10 +293,8 @@ msgstr "debug_level (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:112
-#, fuzzy
-#| msgid "debug_level (integer)"
 msgid "debug (integer)"
-msgstr "debug_level (numeriek)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:115
@@ -316,11 +318,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:813
-#: sssd.conf.5.xml:1422 sssd-ldap.5.xml:1695 sssd-ldap.5.xml:1792
-#: sssd-ldap.5.xml:1854 sssd-ldap.5.xml:2411 sssd-ldap.5.xml:2476
-#: sssd-ldap.5.xml:2494 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:284 sssd-secrets.5.xml:297
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
+#: sssd.conf.5.xml:1467 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1881 sssd-ldap.5.xml:2447 sssd-ldap.5.xml:2512
+#: sssd-ldap.5.xml:2530 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
+#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr "Standaard: true"
 
@@ -337,17 +339,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:697
-#: sssd.conf.5.xml:1376 sssd.conf.5.xml:2691 sssd-ldap.5.xml:708
-#: sssd-ldap.5.xml:1569 sssd-ldap.5.xml:1588 sssd-ldap.5.xml:1764
-#: sssd-ldap.5.xml:2181 sssd-ipa.5.xml:144 sssd-ipa.5.xml:231
-#: sssd-ipa.5.xml:496 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
+#: sssd.conf.5.xml:1400 sssd.conf.5.xml:2865 sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:1596 sssd-ldap.5.xml:1615 sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:2217 sssd-ipa.5.xml:145 sssd-ipa.5.xml:232
+#: sssd-ipa.5.xml:540 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
 #: sssd-krb5.5.xml:471
 msgid "Default: false"
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2219
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2255
+#: sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:210
+#: sssd-systemtap.5.xml:248 sssd-systemtap.5.xml:304
 msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
@@ -370,8 +374,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1328 sssd.conf.5.xml:2707
-#: sssd-ldap.5.xml:1440 include/ldap_id_mapping.xml:264
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1352 sssd.conf.5.xml:2881
+#: sssd-ldap.5.xml:1467 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr ""
 
@@ -386,7 +390,7 @@ msgid "The [sssd] section"
 msgstr "De [sssd] sectie"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:2796
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:2970
 msgid "Section parameters"
 msgstr "Sectie parameters"
 
@@ -436,12 +440,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:589
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
 msgid "reconnection_retries (integer)"
 msgstr "reconnection_retries (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:592
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
@@ -450,7 +454,7 @@ msgstr ""
 "Data Aanbieder crashed of opnieuw start voordat dit opgegeven wordt"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:597
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
 msgid "Default: 3"
 msgstr "Standaard: 3"
 
@@ -470,7 +474,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2508
 msgid "re_expression (string)"
 msgstr "re_expression (tekst)"
 
@@ -490,12 +494,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2391
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2559
 msgid "full_name_format (string)"
 msgstr "full_name_format (tekst)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2394
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2562
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -503,39 +507,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2405
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2573
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2574
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2577
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2412
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2580
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2418
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2586
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2421
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2589
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2402
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2570
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -673,11 +677,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1132 sssd-ldap.5.xml:679
-#: sssd-ldap.5.xml:1528 sssd-ldap.5.xml:1540 sssd-ldap.5.xml:1622
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1156 sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:1555 sssd-ldap.5.xml:1567 sssd-ldap.5.xml:1649
 #: sssd-ad.5.xml:667 sssd-ad.5.xml:742 sssd-krb5.5.xml:410 sssd-krb5.5.xml:556
-#: sssd-secrets.5.xml:272 sssd-secrets.5.xml:310 sssd-secrets.5.xml:323
-#: sssd-secrets.5.xml:337 sssd-secrets.5.xml:348
+#: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
+#: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415
 #: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
 msgid "Default: not set"
 msgstr ""
@@ -713,10 +717,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:448
-#, fuzzy
-#| msgid "re_expression (string)"
 msgid "certificate_verification (string)"
-msgstr "re_expression (tekst)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:456
@@ -800,10 +802,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:513
-#, fuzzy
-#| msgid "try_inotify (boolean)"
 msgid "disable_netlink (boolean)"
-msgstr "try_inotify (bool)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:516
@@ -852,8 +852,24 @@ msgid ""
 "be looked up in a random order for each parent domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:563
+msgid ""
+"Please, note that when this option is set the output format of all commands "
+"is always fully-qualified even when using short names for input.  In case "
+"the administrator wants the output not fully-qualified, the full_name_format "
+"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
+"However, keep in mind that during login, login applications often "
+"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
+"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
+"shortname is returned for a qualified input (while trying to reach a user "
+"which exists in multiple domains) might re-route the login attempt into the "
+"domain which users shortnames, making this workaround totally not "
+"recommended in cases where usernames may overlap between domains."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563 sssd.conf.5.xml:1340 sssd.conf.5.xml:2757
+#: sssd.conf.5.xml:587 sssd.conf.5.xml:1364 sssd.conf.5.xml:2931
 #: sssd-ad.5.xml:148 sssd-ad.5.xml:286 sssd-ad.5.xml:300
 msgid "Default: Not set"
 msgstr ""
@@ -870,12 +886,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:574
+#: sssd.conf.5.xml:598
 msgid "SERVICES SECTIONS"
 msgstr "SERVICES SECTIE"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:600
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -884,22 +900,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:607
 msgid "General service configuration options"
 msgstr "Algemene service configuratie-opties"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:609
 msgid "These options can be used to configure any service."
 msgstr "Deze opties kunnen gebruikt worden om services te configureren."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:626
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:605
+#: sssd.conf.5.xml:629
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -909,17 +925,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:614
+#: sssd.conf.5.xml:638
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:643
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:646
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -929,18 +945,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:631 sssd.conf.5.xml:663 sssd.conf.5.xml:944
-#: sssd.conf.5.xml:1198 sssd-ldap.5.xml:1267
+#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
+#: sssd.conf.5.xml:1222 sssd-ldap.5.xml:1294
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:660
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:663
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -948,24 +964,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:670
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:673
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:678
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:681
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -973,12 +989,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:692
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:695
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -990,30 +1006,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685 sssd.conf.5.xml:956 sssd.conf.5.xml:1514
+#: sssd.conf.5.xml:709 sssd.conf.5.xml:980 sssd.conf.5.xml:1559
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:690
+#: sssd.conf.5.xml:714
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:717
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:729
 msgid "NSS configuration options"
 msgstr "NSS configuratie-opties"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:731
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
@@ -1021,12 +1037,12 @@ msgstr ""
 "configurere."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:712
+#: sssd.conf.5.xml:736
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715
+#: sssd.conf.5.xml:739
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
@@ -1035,17 +1051,17 @@ msgstr ""
 "over alle gebruikers)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:719
+#: sssd.conf.5.xml:743
 msgid "Default: 120"
 msgstr "Standaard: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:748
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr "entry_cache_nowait_percentage (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
+#: sssd.conf.5.xml:751
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1053,7 +1069,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:733
+#: sssd.conf.5.xml:757
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1063,7 +1079,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:767
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1072,17 +1088,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:775 sssd.conf.5.xml:1421
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:780
 msgid "entry_negative_timeout (integer)"
 msgstr "entry_negative_timeout (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:783
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1090,36 +1106,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:765 sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:789 sssd.conf.5.xml:1445
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:770
-#, fuzzy
-#| msgid "entry_negative_timeout (integer)"
+#: sssd.conf.5.xml:794
 msgid "local_negative_timeout (integer)"
-msgstr "entry_negative_timeout (numeriek)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:773
+#: sssd.conf.5.xml:797
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778 sssd.conf.5.xml:1186 sssd.conf.5.xml:2641 sssd.8.xml:79
+#: sssd.conf.5.xml:802 sssd.conf.5.xml:1210 sssd.conf.5.xml:2815 sssd.8.xml:79
 msgid "Default: 0"
 msgstr "Standaard: 0"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:807
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:786
+#: sssd.conf.5.xml:810
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1128,7 +1142,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:817
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1137,41 +1151,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:801
+#: sssd.conf.5.xml:825
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:830
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:833
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:820
+#: sssd.conf.5.xml:844
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:847
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:852
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:834
+#: sssd.conf.5.xml:858
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1179,23 +1193,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1265 sssd.conf.5.xml:1284
+#: sssd.conf.5.xml:856 sssd.conf.5.xml:1289 sssd.conf.5.xml:1308
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:862
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:868
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:871
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1203,47 +1217,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:877
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:883
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:886
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:889
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:869
+#: sssd.conf.5.xml:893
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:898
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:879
+#: sssd.conf.5.xml:903
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:906
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1251,105 +1265,105 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:913
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:892
+#: sssd.conf.5.xml:916
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:920
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:925
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:904
+#: sssd.conf.5.xml:928
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:909
+#: sssd.conf.5.xml:933
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:936
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:940
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:945
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:948
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:954
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:937 sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:961 sssd.conf.5.xml:1215
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1218
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:973
 msgid "memcache_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:952
+#: sssd.conf.5.xml:976
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:983
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:967 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:991 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:994
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1360,96 +1374,96 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1007
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1012
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:993
+#: sssd.conf.5.xml:1017
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:996
+#: sssd.conf.5.xml:1020
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1025 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1004
+#: sssd.conf.5.xml:1028
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1012
+#: sssd.conf.5.xml:1036
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1038
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1043
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1022
+#: sssd.conf.5.xml:1046
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027 sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1051 sssd.conf.5.xml:1064
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1057
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1060
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1070
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1073
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1078
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1457,124 +1471,122 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1084 sssd.conf.5.xml:1182
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1090
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1093
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1098
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1101
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1104
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1108
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1111
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.8.xml:63
+#: sssd.conf.5.xml:1115 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
-#, fuzzy
-#| msgid "config_file_version (integer)"
+#: sssd.conf.5.xml:1121
 msgid "pam_response_filter (integer)"
-msgstr "config_file_version (numeriek)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1124
 msgid ""
-"A comma separated list of strings which allows to remove (filter) data send "
+"A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
-"responses send to pam_sss e.g. messages displayed to the user or environment "
+"responses sent to pam_sss e.g. messages displayed to the user or environment "
 "variables which should be set by pam_sss."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1132
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1139
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1116
-msgid "Do not sent any environment variables to any service."
+#: sssd.conf.5.xml:1140
+msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1143
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
-msgid "Do not sent environment variable var_name to any service."
+#: sssd.conf.5.xml:1144
+msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1148
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1125
-msgid "Do not sent environment variable var_name to service."
+#: sssd.conf.5.xml:1149
+msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1137
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1159
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1165
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1168
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1582,7 +1594,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1174
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1591,17 +1603,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1188
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1167 sssd.conf.5.xml:1866
+#: sssd.conf.5.xml:1191 sssd.conf.5.xml:2010
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1194
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1609,26 +1621,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1869
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2013
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1205
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1227
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1206
+#: sssd.conf.5.xml:1230
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1638,74 +1650,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1240
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1220
+#: sssd.conf.5.xml:1244
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1251
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1254
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1258
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1238
+#: sssd.conf.5.xml:1262
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1242
+#: sssd.conf.5.xml:1266
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1246 sssd.conf.5.xml:1271 sssd.conf.5.xml:1290
-#: sssd.conf.5.xml:1663 sssd.conf.5.xml:2577 sssd-ldap.5.xml:1823
+#: sssd.conf.5.xml:1270 sssd.conf.5.xml:1295 sssd.conf.5.xml:1314
+#: sssd.conf.5.xml:1807 sssd.conf.5.xml:2751 sssd-ldap.5.xml:1850
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1275
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1254
+#: sssd.conf.5.xml:1278
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1283
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:1291
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1713,19 +1725,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1276
+#: sssd.conf.5.xml:1300
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1303
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1310
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1733,12 +1745,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1319
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1322
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1746,62 +1758,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1304 sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1078
-#: sssd-ldap.5.xml:1369 sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1896
+#: sssd.conf.5.xml:1328 sssd-ldap.5.xml:1078 sssd-ldap.5.xml:1105
+#: sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1417 sssd-ldap.5.xml:1923
 #: include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1309
-#, fuzzy
-#| msgid "full_name_format (string)"
+#: sssd.conf.5.xml:1333
 msgid "pam_cert_db_path (string)"
-msgstr "full_name_format (tekst)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1312
+#: sssd.conf.5.xml:1336
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1340
 msgid "Default: /etc/pki/nssdb (NSS version)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
-#, fuzzy
-#| msgid "enum_cache_timeout (integer)"
+#: sssd.conf.5.xml:1345
 msgid "p11_child_timeout (integer)"
-msgstr "enum_cache_timeout (numeriek)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1348
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1357
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1360
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1349
+#: sssd.conf.5.xml:1373
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1351
+#: sssd.conf.5.xml:1375
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1812,34 +1820,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1392
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1371
+#: sssd.conf.5.xml:1395
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1407
+#, fuzzy
+#| msgid "debug_level (integer)"
+msgid "sudo_threshold (integer)"
+msgstr "debug_level (numeriek)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1410
+msgid ""
+"Maximum number of expired rules that can be refreshed at once. If number of "
+"expired rules is below threshold, those rules are refreshed with "
+"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
+"<quote>full refresh</quote> of sudo rules is triggered instead. This "
+"threshold number also applies to IPA sudo command and command group searches."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1429
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1431
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1390
+#: sssd.conf.5.xml:1435
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1393
+#: sssd.conf.5.xml:1438
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1847,68 +1872,68 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1409
+#: sssd.conf.5.xml:1454
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1411
+#: sssd.conf.5.xml:1456
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1415
+#: sssd.conf.5.xml:1460
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1463
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1427
+#: sssd.conf.5.xml:1472
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430
+#: sssd.conf.5.xml:1475
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1434
+#: sssd.conf.5.xml:1479
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1484
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1487
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1447
+#: sssd.conf.5.xml:1492
 msgid "Default: /etc/pki/nssdb"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1455
+#: sssd.conf.5.xml:1500
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1457
+#: sssd.conf.5.xml:1502
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1919,7 +1944,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1466
+#: sssd.conf.5.xml:1511
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1930,24 +1955,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1519
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1525
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1484 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1529 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1487
+#: sssd.conf.5.xml:1532
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1955,12 +1980,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1538
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1497
+#: sssd.conf.5.xml:1542
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -1969,31 +1994,162 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
-#, fuzzy
-#| msgid "enum_cache_timeout (integer)"
+#: sssd.conf.5.xml:1551
 msgid "pac_lifetime (integer)"
-msgstr "enum_cache_timeout (numeriek)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1554
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1567
+#, fuzzy
+#| msgid "General service configuration options"
+msgid "Session recording configuration options"
+msgstr "Algemene service configuratie-opties"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1569
+msgid ""
+"Session recording works in conjunction with <citerefentry> "
+"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>, a part of tlog package, to log what users see and type when "
+"they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
+"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1582
+#, fuzzy
+#| msgid "These options can be used to configure any service."
+msgid "These options can be used to configure session recording."
+msgstr "Deze opties kunnen gebruikt worden om services te configureren."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1586 sssd-session-recording.5.xml:64
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "scope (string)"
+msgstr "re_expression (tekst)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:71
+msgid "\"none\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:74
+msgid "No users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1601 sssd-session-recording.5.xml:79
+msgid "\"some\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1604 sssd-session-recording.5.xml:82
+#, fuzzy
+#| msgid ""
+#| "Append this group to groups specified by the <replaceable>GROUPS</"
+#| "replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter "
+#| "is a comma separated list of group names."
+msgid ""
+"Users/groups specified by <replaceable>users</replaceable> and "
+"<replaceable>groups</replaceable> options are recorded."
+msgstr ""
+"Voeg deze groep toe aan de groepen opgegeven met de  <replaceable>GROEPEN</"
+"replaceable> parameter.  De <replaceable>GROEPEN</replaceable> parameter is "
+"een kommagescheiden lijst van groepnamen."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1613 sssd-session-recording.5.xml:91
+msgid "\"all\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1616 sssd-session-recording.5.xml:94
+msgid "All users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1589 sssd-session-recording.5.xml:67
+msgid ""
+"One of the following strings specifying the scope of session recording: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:101
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: \"none\""
+msgstr "Standaard: 3"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1628 sssd-session-recording.5.xml:106
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "users (string)"
+msgstr "re_expression (tekst)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1631 sssd-session-recording.5.xml:109
+msgid ""
+"A comma-separated list of users which should have session recording enabled. "
+"Matches user names as returned by NSS. I.e. after the possible space "
+"replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1637 sssd-session-recording.5.xml:115
+msgid "Default: Empty. Matches no users."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1642 sssd-session-recording.5.xml:120
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "groups (string)"
+msgstr "re_expression (tekst)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1645 sssd-session-recording.5.xml:123
+msgid ""
+"A comma-separated list of groups, members of which should have session "
+"recording enabled. Matches group names as returned by NSS. I.e. after the "
+"possible space replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1651 sssd-session-recording.5.xml:129
+msgid ""
+"NOTE: using this option (having it set to anything) has a considerable "
+"performance cost, because each uncached request for a user requires "
+"retrieving and matching the groups the user is member of."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:136
+msgid "Default: Empty. Matches no groups."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1668
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1531
+#: sssd.conf.5.xml:1675
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1534
+#: sssd.conf.5.xml:1678
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -2002,14 +2158,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1542
+#: sssd.conf.5.xml:1686
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546
+#: sssd.conf.5.xml:1690
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -2018,40 +2174,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1698
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1702
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1562
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd.conf.5.xml:1706
 msgid "Default: posix"
-msgstr "Standaard: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1568
+#: sssd.conf.5.xml:1712
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1715
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1720
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2060,46 +2214,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1727
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1731
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1737
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596
+#: sssd.conf.5.xml:1740
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1744
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603
+#: sssd.conf.5.xml:1747
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1821 sssd.conf.5.xml:1988
+#: sssd.conf.5.xml:1750 sssd.conf.5.xml:1965 sssd.conf.5.xml:2132
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1609
+#: sssd.conf.5.xml:1753
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2111,14 +2265,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1766
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1771
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2127,39 +2281,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:1779
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1643
+#: sssd.conf.5.xml:1787
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1650
+#: sssd.conf.5.xml:1794
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1651
+#: sssd.conf.5.xml:1795
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1798
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1799
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1790
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2168,19 +2322,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1813
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672
+#: sssd.conf.5.xml:1816
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1820
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2191,151 +2345,151 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1689
+#: sssd.conf.5.xml:1833
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1695
+#: sssd.conf.5.xml:1839
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1698
+#: sssd.conf.5.xml:1842
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1702 sssd.conf.5.xml:1715 sssd.conf.5.xml:1728
-#: sssd.conf.5.xml:1741 sssd.conf.5.xml:1754 sssd.conf.5.xml:1768
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1846 sssd.conf.5.xml:1859 sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1885 sssd.conf.5.xml:1898 sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1926
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1708
+#: sssd.conf.5.xml:1852
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1711
+#: sssd.conf.5.xml:1855
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1721
+#: sssd.conf.5.xml:1865
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1868
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1878
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1881
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1891
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1750
+#: sssd.conf.5.xml:1894
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1760
+#: sssd.conf.5.xml:1904
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1763
+#: sssd.conf.5.xml:1907
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1774
+#: sssd.conf.5.xml:1918
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1921
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1932
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1791
+#: sssd.conf.5.xml:1935
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1796
+#: sssd.conf.5.xml:1940
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1944
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1804 sssd-ldap.5.xml:746 sssd-ipa.5.xml:247
+#: sssd.conf.5.xml:1948 sssd-ldap.5.xml:746 sssd-ipa.5.xml:248
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1810
+#: sssd.conf.5.xml:1954
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1957
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1961
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1827
+#: sssd.conf.5.xml:1971
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1830
+#: sssd.conf.5.xml:1974
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2343,24 +2497,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1981
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1986
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1992
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1995
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2369,17 +2523,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1858
+#: sssd.conf.5.xml:2002
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:2007
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1874
+#: sssd.conf.5.xml:2018
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2388,33 +2542,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1881
+#: sssd.conf.5.xml:2025
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:2031
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2034
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1894
+#: sssd.conf.5.xml:2038
 msgid "<quote>proxy</quote>: Support a legacy NSS provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897 sssd.conf.5.xml:2034
+#: sssd.conf.5.xml:2041 sssd.conf.5.xml:2178
 msgid "<quote>local</quote>: SSSD internal provider for local users"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:2045
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2422,8 +2576,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1909 sssd.conf.5.xml:2014 sssd.conf.5.xml:2069
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2053 sssd.conf.5.xml:2158 sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2432,8 +2586,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1918 sssd.conf.5.xml:2023 sssd.conf.5.xml:2078
-#: sssd.conf.5.xml:2141
+#: sssd.conf.5.xml:2062 sssd.conf.5.xml:2167 sssd.conf.5.xml:2222
+#: sssd.conf.5.xml:2285
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2441,19 +2595,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2073
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:2076
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2081
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2462,7 +2616,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1945
+#: sssd.conf.5.xml:2089
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2470,22 +2624,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1952
+#: sssd.conf.5.xml:2096
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2102
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1961
+#: sssd.conf.5.xml:2105
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2108
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2497,7 +2651,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1982
+#: sssd.conf.5.xml:2126
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2505,19 +2659,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1993
+#: sssd.conf.5.xml:2137
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1996
+#: sssd.conf.5.xml:2140
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000 sssd.conf.5.xml:2062
+#: sssd.conf.5.xml:2144 sssd.conf.5.xml:2206
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2525,7 +2679,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2007
+#: sssd.conf.5.xml:2151
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2533,30 +2687,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2175
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2182
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2041
+#: sssd.conf.5.xml:2185
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2191
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2194
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2564,19 +2718,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
+#: sssd.conf.5.xml:2200
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059
+#: sssd.conf.5.xml:2203
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2086
+#: sssd.conf.5.xml:2230
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2585,7 +2739,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2093
+#: sssd.conf.5.xml:2237
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -2593,29 +2747,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2244
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2247
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2108
+#: sssd.conf.5.xml:2252
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2111
+#: sssd.conf.5.xml:2255
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2116
+#: sssd.conf.5.xml:2260
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2623,7 +2777,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2124
+#: sssd.conf.5.xml:2268
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2631,35 +2785,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2149
+#: sssd.conf.5.xml:2293
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2153
+#: sssd.conf.5.xml:2297
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2300
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2163
+#: sssd.conf.5.xml:2307
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2166
+#: sssd.conf.5.xml:2310
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2314
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2667,32 +2821,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2178
+#: sssd.conf.5.xml:2322
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2326
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2186
+#: sssd.conf.5.xml:2330
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189 sssd.conf.5.xml:2267 sssd.conf.5.xml:2308
-#: sssd.conf.5.xml:2333
+#: sssd.conf.5.xml:2333 sssd.conf.5.xml:2411 sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2501
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2337
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2703,12 +2857,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2210
+#: sssd.conf.5.xml:2354
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2357
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -2716,7 +2870,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2219
+#: sssd.conf.5.xml:2363
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2724,31 +2878,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2227
+#: sssd.conf.5.xml:2371
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2230
+#: sssd.conf.5.xml:2374
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2380
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2383
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2245
+#: sssd.conf.5.xml:2389
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2756,7 +2910,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2254
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2765,23 +2919,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2263
+#: sssd.conf.5.xml:2407
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2417
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "session_provider (string)"
+msgstr "re_expression (tekst)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2420
+msgid ""
+"The provider which configures and manages user session related tasks. The "
+"only user session task currently provided is the integration with Fleet "
+"Commander, which works only with IPA.  Supported session providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2427
+msgid "<quote>ipa</quote> to allow performing user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2431
+msgid ""
+"<quote>none</quote> does not perform any kind of user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2435
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can perform "
+"session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2442
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2445
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2449
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2789,7 +2976,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2288
+#: sssd.conf.5.xml:2456
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2797,7 +2984,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2296
+#: sssd.conf.5.xml:2464
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2805,24 +2992,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2305
+#: sssd.conf.5.xml:2473
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2483
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2486
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2322
+#: sssd.conf.5.xml:2490
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2830,12 +3017,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2330
+#: sssd.conf.5.xml:2498
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2343
+#: sssd.conf.5.xml:2511
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -2845,7 +3032,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2520
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2854,29 +3041,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2525
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2528
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2363
+#: sssd.conf.5.xml:2531
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2366
+#: sssd.conf.5.xml:2534
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2371
+#: sssd.conf.5.xml:2539
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2887,7 +3074,7 @@ msgstr ""
 "het domein alles daarna\""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2377
+#: sssd.conf.5.xml:2545
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2895,7 +3082,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2384
+#: sssd.conf.5.xml:2552
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
@@ -2904,130 +3091,138 @@ msgstr ""
 "(?P&lt;name&gt;) om subpatronen aan te geven."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2431
+#: sssd.conf.5.xml:2599
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "Standaard: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2437
+#: sssd.conf.5.xml:2605
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2440
+#: sssd.conf.5.xml:2608
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2444
+#: sssd.conf.5.xml:2612
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2447
+#: sssd.conf.5.xml:2615
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2450
+#: sssd.conf.5.xml:2618
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2621
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2456
+#: sssd.conf.5.xml:2624
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2459
+#: sssd.conf.5.xml:2627
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2633
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2468
+#: sssd.conf.5.xml:2636
 msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
+"Defines the amount of time (in seconds) to wait for a reply from the "
+"internal fail over service before assuming that the service is unreachable. "
+"If this timeout is reached, the domain will continue to operate in offline "
+"mode."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2474 sssd-ldap.5.xml:1251 sssd-ldap.5.xml:1293
-#: sssd-ldap.5.xml:1311 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2643
+msgid ""
+"Please see the section <quote>FAILOVER</quote> for more information about "
+"the service resolution."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2648 sssd-ldap.5.xml:1278 sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1338 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2654
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2483
+#: sssd.conf.5.xml:2657
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2661
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2493
+#: sssd.conf.5.xml:2667
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2496
+#: sssd.conf.5.xml:2670
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2502
+#: sssd.conf.5.xml:2676
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2510
+#: sssd.conf.5.xml:2684
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2513
+#: sssd.conf.5.xml:2687
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2519
+#: sssd.conf.5.xml:2693
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2695
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2525
+#: sssd.conf.5.xml:2699
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2528
+#: sssd.conf.5.xml:2702
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -3035,7 +3230,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2505
+#: sssd.conf.5.xml:2679
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -3043,17 +3238,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2540
+#: sssd.conf.5.xml:2714
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2546
+#: sssd.conf.5.xml:2720
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2549
+#: sssd.conf.5.xml:2723
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3061,34 +3256,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2729
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2558
+#: sssd.conf.5.xml:2732
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2561 sssd-ldap.5.xml:1084
+#: sssd.conf.5.xml:2735 sssd-ldap.5.xml:1111
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2564
+#: sssd.conf.5.xml:2738
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2567
+#: sssd.conf.5.xml:2741
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2573
+#: sssd.conf.5.xml:2747
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3096,32 +3291,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2571 sssd-secrets.5.xml:381
+#: sssd.conf.5.xml:2745 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2580
+#: sssd.conf.5.xml:2754
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2587
+#: sssd.conf.5.xml:2761
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2772
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2599
+#: sssd.conf.5.xml:2773
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2764
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3131,36 +3326,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:2778
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:2782
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2613
+#: sssd.conf.5.xml:2787
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2616
+#: sssd.conf.5.xml:2790
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2622
-#, fuzzy
-#| msgid "enum_cache_timeout (integer)"
+#: sssd.conf.5.xml:2796
 msgid "cached_auth_timeout (int)"
-msgstr "enum_cache_timeout (numeriek)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2625
+#: sssd.conf.5.xml:2799
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3168,12 +3361,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2805
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2635
+#: sssd.conf.5.xml:2809
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3181,7 +3374,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1670
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3189,29 +3382,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2653
+#: sssd.conf.5.xml:2827
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2656
+#: sssd.conf.5.xml:2830
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2659
+#: sssd.conf.5.xml:2833
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2841
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2670
+#: sssd.conf.5.xml:2844
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3219,12 +3412,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2680
+#: sssd.conf.5.xml:2854
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2683
+#: sssd.conf.5.xml:2857
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3233,12 +3426,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2697
+#: sssd.conf.5.xml:2871
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2700
+#: sssd.conf.5.xml:2874
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3246,19 +3439,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2823
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2890
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2892
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3275,7 +3468,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2738
+#: sssd.conf.5.xml:2912
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3283,21 +3476,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2744
-#, fuzzy
-#| msgid "Section parameters"
+#: sssd.conf.5.xml:2918
 msgid "Application domain parameters"
-msgstr "Sectie parameters"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2746
-#, fuzzy
-#| msgid "full_name_format (string)"
+#: sssd.conf.5.xml:2920
 msgid "inherit_from (string)"
-msgstr "full_name_format (tekst)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2749
+#: sssd.conf.5.xml:2923
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3306,18 +3495,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2937
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
-"through the NSS responder. In addition, the application domains also "
-"requests the telephoneNumber attribute, stores it as the phone attribute in "
-"the cache and makes the phone attribute reachable through the D-Bus "
-"interface."
+"through the NSS responder. In addition, the application domain also requests "
+"the telephoneNumber attribute, stores it as the phone attribute in the cache "
+"and makes the phone attribute reachable through the D-Bus interface."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:2771
+#: sssd.conf.5.xml:2945
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3337,12 +3525,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2963
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2791
+#: sssd.conf.5.xml:2965
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3350,73 +3538,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2798
+#: sssd.conf.5.xml:2972
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2975
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2805
+#: sssd.conf.5.xml:2979
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2810
+#: sssd.conf.5.xml:2984
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2987
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2992
 msgid "Default: <filename>/home</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2823
+#: sssd.conf.5.xml:2997
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:3000
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830 sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:3004 sssd.conf.5.xml:3016
 msgid "Default: TRUE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2835
+#: sssd.conf.5.xml:3009
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2838
+#: sssd.conf.5.xml:3012
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2847
+#: sssd.conf.5.xml:3021
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2850
+#: sssd.conf.5.xml:3024
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3424,17 +3612,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2858
+#: sssd.conf.5.xml:3032
 msgid "Default: 077"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:3037
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2866
+#: sssd.conf.5.xml:3040
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3443,17 +3631,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2876
+#: sssd.conf.5.xml:3050
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2881
+#: sssd.conf.5.xml:3055
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2884
+#: sssd.conf.5.xml:3058
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3461,17 +3649,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2891
+#: sssd.conf.5.xml:3065
 msgid "Default: <filename>/var/mail</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:3070
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2899
+#: sssd.conf.5.xml:3073
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3479,86 +3667,85 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2905
+#: sssd.conf.5.xml:3079
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2915
+#: sssd.conf.5.xml:3089
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:3091
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
 "<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
-"replaceable>]</quote>.  Currently supported options in the trusted domain "
-"section are:"
+"replaceable>]</quote>.  Where DOMAIN_NAME is the actual joined-to base "
+"domain. Please refer to examples below for explanation.  Currently supported "
+"options in the trusted domain section are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2922
+#: sssd.conf.5.xml:3098
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:3099
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2924
+#: sssd.conf.5.xml:3100
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2925
+#: sssd.conf.5.xml:3101
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:3102
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2927
+#: sssd.conf.5.xml:3103
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2928
+#: sssd.conf.5.xml:3104
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2929
+#: sssd.conf.5.xml:3105
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2930
+#: sssd.conf.5.xml:3106
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2932
+#: sssd.conf.5.xml:3108
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2938 sssd-ldap.5.xml:2662 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:673 sssd-ad.5.xml:1018 sssd-krb5.5.xml:570
-#: sss_rpcidmapd.5.xml:98 sssd-files.5.xml:71
-msgid "EXAMPLE"
+#: sssd.conf.5.xml:3114 idmap_sss.8.xml:43
+msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2944
+#: sssd.conf.5.xml:3120
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3588,14 +3775,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2940
+#: sssd.conf.5.xml:3116
 msgid ""
-"The following example shows a typical SSSD config. It does not describe "
+"1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 "id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:3153
+#, no-wrap
+msgid ""
+"[domain/ipa.com/child.ad.com]\n"
+"use_fully_qualified_names = false\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3147
+msgid ""
+"2. The following example shows configuration of IPA AD trust where the AD "
+"forest consists of two domains in a parent-child structure.  Suppose IPA "
+"domain (ipa.com) has trust with AD domain(ad.com).  ad.com has child domain "
+"(child.ad.com). To enable shortnames in the child domain the following "
+"configuration should be used.  <placeholder type=\"programlisting\" id=\"0\"/"
+">"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
 msgid "sssd-ldap"
@@ -3636,7 +3842,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:75 sssd-ad.5.xml:99
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
-#: sssd-secrets.5.xml:94 sssd-kcm.8.xml:141
+#: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
 msgstr ""
 
@@ -3656,7 +3862,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:197
+#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:264
 msgid "The format of the URI must match the format defined in RFC 2732:"
 msgstr ""
 
@@ -3936,7 +4142,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:893
+#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:920
 msgid "Default: gidNumber"
 msgstr ""
 
@@ -4014,7 +4220,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:919
+#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:946
 msgid ""
 "Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
 "IPA"
@@ -4033,7 +4239,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:961
 msgid "Default: objectSid for ActiveDirectory, not set for other servers."
 msgstr ""
 
@@ -4043,14 +4249,14 @@ msgid "ldap_user_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:944 sssd-ldap.5.xml:1167
+#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:971 sssd-ldap.5.xml:1194
 msgid ""
 "The LDAP attribute that contains timestamp of the last modification of the "
 "parent object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:948 sssd-ldap.5.xml:1174
+#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:975 sssd-ldap.5.xml:1201
 msgid "Default: modifyTimestamp"
 msgstr ""
 
@@ -4445,8 +4651,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1199
-#: sssd-ldap.5.xml:2240 sssd-ipa.5.xml:544
+#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1152 sssd-ldap.5.xml:1226
+#: sssd-ldap.5.xml:2276 sssd-ipa.5.xml:588
 msgid "Default: cn"
 msgstr ""
 
@@ -4533,134 +4739,165 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:833
-msgid "ldap_user_certificate (string)"
+msgid "ldap_user_authorized_rhost (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:836
+msgid ""
+"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
+"presence of the rhost attribute in the user's LDAP entry to determine access "
+"privilege. Similarly to host verification process."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:843
+msgid ""
+"An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
+"explicit allow (rhost) and finally for allow_all (*)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:848
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>rhost</quote> in order for the "
+"ldap_user_authorized_rhost option to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:855
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: rhost"
+msgstr "Standaard: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:861
+msgid "ldap_user_certificate (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
 msgid "Name of the LDAP attribute containing the X509 certificate of the user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:840
-msgid "Default: no set in the general case, userCertificate;binary for IPA"
+#: sssd-ldap.5.xml:868
+msgid "Default: userCertificate;binary"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:847
-#, fuzzy
-#| msgid "full_name_format (string)"
+#: sssd-ldap.5.xml:874
 msgid "ldap_user_email (string)"
-msgstr "full_name_format (tekst)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:850
+#: sssd-ldap.5.xml:877
 msgid "Name of the LDAP attribute containing the email address of the user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-ldap.5.xml:881
 msgid "Default: mail"
-msgstr "Standaard: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:860
+#: sssd-ldap.5.xml:887
 msgid "ldap_group_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:890
 msgid "The object class of a group entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:893
 msgid "Default: posixGroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:872
+#: sssd-ldap.5.xml:899
 msgid "ldap_group_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:875
+#: sssd-ldap.5.xml:902
 msgid "The LDAP attribute that corresponds to the group name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:879
+#: sssd-ldap.5.xml:906
 msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:886
+#: sssd-ldap.5.xml:913
 msgid "ldap_group_gid_number (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:916
 msgid "The LDAP attribute that corresponds to the group's id."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:926
 msgid "ldap_group_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:902
+#: sssd-ldap.5.xml:929
 msgid "The LDAP attribute that contains the names of the group's members."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:933
 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:939
 msgid "ldap_group_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:942
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:953
 msgid "ldap_group_objectsid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:929
+#: sssd-ldap.5.xml:956
 msgid ""
 "The LDAP attribute that contains the objectSID of an LDAP group object. This "
 "is usually only necessary for ActiveDirectory servers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:968
 msgid "ldap_group_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:981
 msgid "ldap_group_type (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:957
+#: sssd-ldap.5.xml:984
 msgid ""
 "The LDAP attribute that contains an integer value indicating the type of the "
 "group and maybe other flags."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:962
+#: sssd-ldap.5.xml:989
 msgid ""
 "This attribute is currently only used by the AD provider to determine if a "
 "group is a domain local groups and has to be filtered out for trusted "
@@ -4668,34 +4905,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:968
+#: sssd-ldap.5.xml:995
 msgid "Default: groupType in the AD provider, otherwise not set"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:975
+#: sssd-ldap.5.xml:1002
 msgid "ldap_group_external_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:978
+#: sssd-ldap.5.xml:1005
 msgid ""
 "The LDAP attribute that references group members that are defined in an "
 "external domain. At the moment, only IPA's external members are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:1011
 msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1018
 msgid "ldap_group_nesting_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1021
 msgid ""
 "If ldap_schema is set to a schema format that supports nested groups (e.g. "
 "RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -4703,7 +4940,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
+#: sssd-ldap.5.xml:1028
 msgid ""
 "Note: This option specifies the guaranteed level of nested groups to be "
 "processed for any lookup. However, nested groups beyond this limit "
@@ -4713,7 +4950,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1037
 msgid ""
 "If ldap_group_nesting_level is set to 0 then no nested groups are processed "
 "at all. However, when connected to Active-Directory Server 2008 and later "
@@ -4723,17 +4960,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1046
 msgid "Default: 2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1025
+#: sssd-ldap.5.xml:1052
 msgid "ldap_groups_use_matching_rule_in_chain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1028
+#: sssd-ldap.5.xml:1055
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which may speed up group lookup operations on deployments with "
@@ -4741,14 +4978,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1034
+#: sssd-ldap.5.xml:1061
 msgid ""
 "In most common cases, it is best to leave this option disabled. It generally "
 "only provides a performance increase on very complex nestings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039 sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1093
 msgid ""
 "If this option is enabled, SSSD will use it if it detects that the server "
 "supports it during initial connection. So \"True\" here essentially means "
@@ -4756,7 +4993,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1072
+#: sssd-ldap.5.xml:1072 sssd-ldap.5.xml:1099
 msgid ""
 "Note: This feature is currently known to work only with Active Directory "
 "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4765,12 +5002,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1057
+#: sssd-ldap.5.xml:1084
 msgid "ldap_initgroups_use_matching_rule_in_chain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1087
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which might speed up initgroups operations (most notably when "
@@ -4778,168 +5015,168 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1114
 msgid ""
 "This options enables or disables use of Token-Groups attribute when "
 "performing initgroup for users from Active Directory Server 2008 and later."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1092
+#: sssd-ldap.5.xml:1119
 msgid "Default: True for AD and IPA otherwise False."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1125
 msgid "ldap_netgroup_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1101
+#: sssd-ldap.5.xml:1128
 msgid "The object class of a netgroup entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1104
+#: sssd-ldap.5.xml:1131
 msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1108
+#: sssd-ldap.5.xml:1135
 msgid "Default: nisNetgroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1114
+#: sssd-ldap.5.xml:1141
 msgid "ldap_netgroup_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1117
+#: sssd-ldap.5.xml:1144
 msgid "The LDAP attribute that corresponds to the netgroup name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1121
+#: sssd-ldap.5.xml:1148
 msgid "In IPA provider, ipa_netgroup_name should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1131
+#: sssd-ldap.5.xml:1158
 msgid "ldap_netgroup_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1134
+#: sssd-ldap.5.xml:1161
 msgid "The LDAP attribute that contains the names of the netgroup's members."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1165
 msgid "In IPA provider, ipa_netgroup_member should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1142
+#: sssd-ldap.5.xml:1169
 msgid "Default: memberNisNetgroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1175
 msgid "ldap_netgroup_triple (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1178
 msgid ""
 "The LDAP attribute that contains the (host, user, domain) netgroup triples."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1155 sssd-ldap.5.xml:1171
+#: sssd-ldap.5.xml:1182 sssd-ldap.5.xml:1198
 msgid "This option is not available in IPA provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1158
+#: sssd-ldap.5.xml:1185
 msgid "Default: nisNetgroupTriple"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1191
 msgid "ldap_netgroup_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1207
 msgid "ldap_service_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1210
 msgid "The object class of a service entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1186
+#: sssd-ldap.5.xml:1213
 msgid "Default: ipService"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1192
+#: sssd-ldap.5.xml:1219
 msgid "ldap_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1195
+#: sssd-ldap.5.xml:1222
 msgid ""
 "The LDAP attribute that contains the name of service attributes and their "
 "aliases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1205
+#: sssd-ldap.5.xml:1232
 msgid "ldap_service_port (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1235
 msgid "The LDAP attribute that contains the port managed by this service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1239
 msgid "Default: ipServicePort"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1245
 msgid "ldap_service_proto (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1248
 msgid ""
 "The LDAP attribute that contains the protocols understood by this service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1252
 msgid "Default: ipServiceProtocol"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1231
+#: sssd-ldap.5.xml:1258
 msgid "ldap_service_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1236
+#: sssd-ldap.5.xml:1263
 msgid "ldap_search_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1266
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches are allowed to run "
 "before they are cancelled and cached results are returned (and offline mode "
@@ -4947,7 +5184,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1245
+#: sssd-ldap.5.xml:1272
 msgid ""
 "Note: this option is subject to change in future versions of the SSSD. It "
 "will likely be replaced at some point by a series of timeouts for specific "
@@ -4955,12 +5192,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1257
+#: sssd-ldap.5.xml:1284
 msgid "ldap_enumeration_search_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1260
+#: sssd-ldap.5.xml:1287
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches for user and group "
 "enumerations are allowed to run before they are cancelled and cached results "
@@ -4968,12 +5205,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1273
+#: sssd-ldap.5.xml:1300
 msgid "ldap_network_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1303
 msgid ""
 "Specifies the timeout (in seconds) after which the <citerefentry> "
 "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4984,12 +5221,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1326
 msgid "ldap_opt_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1329
 msgid ""
 "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
 "will abort if no response is received. Also controls the timeout when "
@@ -4998,12 +5235,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1344
 msgid "ldap_connection_expire_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1347
 msgid ""
 "Specifies a timeout (in seconds) that a connection to an LDAP server will be "
 "maintained. After this time, the connection will be re-established. If used "
@@ -5012,34 +5249,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1328 sssd-ldap.5.xml:2397
+#: sssd-ldap.5.xml:1355 sssd-ldap.5.xml:2433
 msgid "Default: 900 (15 minutes)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1361
 msgid "ldap_page_size (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1364
 msgid ""
 "Specify the number of records to retrieve from LDAP in a single request. "
 "Some LDAP servers enforce a maximum limit per-request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1342
+#: sssd-ldap.5.xml:1369
 msgid "Default: 1000"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1375
 msgid "ldap_disable_paging (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1378
 msgid ""
 "Disable the LDAP paging control. This option should be used if the LDAP "
 "server reports that it supports the LDAP paging control in its RootDSE but "
@@ -5047,14 +5284,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1384
 msgid ""
 "Example: OpenLDAP servers with the paging control module installed on the "
 "server but not enabled will report it in the RootDSE but be unable to use it."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1363
+#: sssd-ldap.5.xml:1390
 msgid ""
 "Example: 389 DS has a bug where it can only support a one paging control at "
 "a time on a single connection. On busy clients, this can result in some "
@@ -5062,17 +5299,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1375
+#: sssd-ldap.5.xml:1402
 msgid "ldap_disable_range_retrieval (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1378
+#: sssd-ldap.5.xml:1405
 msgid "Disable Active Directory range retrieval."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1381
+#: sssd-ldap.5.xml:1408
 msgid ""
 "Active Directory limits the number of members to be retrieved in a single "
 "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -5082,12 +5319,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1396
+#: sssd-ldap.5.xml:1423
 msgid "ldap_sasl_minssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1426
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -5095,17 +5332,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1432
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1439
 msgid "ldap_deref_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1415
+#: sssd-ldap.5.xml:1442
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -5113,13 +5350,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1448
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1452
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -5128,7 +5365,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1433
+#: sssd-ldap.5.xml:1460
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -5136,26 +5373,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1473
 msgid "ldap_tls_reqcert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1449
+#: sssd-ldap.5.xml:1476
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1482
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1486
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5163,7 +5400,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466
+#: sssd-ldap.5.xml:1493
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5171,7 +5408,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1472
+#: sssd-ldap.5.xml:1499
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -5179,41 +5416,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1478
+#: sssd-ldap.5.xml:1505
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1509
 msgid "Default: hard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1515
 msgid "ldap_tls_cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1518
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1496 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1523 sssd-ldap.5.xml:1541 sssd-ldap.5.xml:1582
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1530
 msgid "ldap_tls_cacertdir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1533
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -5222,32 +5459,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1548
 msgid "ldap_tls_cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1524
+#: sssd-ldap.5.xml:1551
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1534
+#: sssd-ldap.5.xml:1561
 msgid "ldap_tls_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1564
 msgid "Specifies the file that contains the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1573
 msgid "ldap_tls_cipher_suite (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1576
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -5255,24 +5492,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1589
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1565
+#: sssd-ldap.5.xml:1592
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem class="
 "\"protocol\">tls</systemitem> to protect the channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1602
 msgid "ldap_id_mapping (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1605
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -5280,17 +5517,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1584
+#: sssd-ldap.5.xml:1611
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1621
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1624
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -5301,29 +5538,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1636
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1642
 msgid "ldap_sasl_mech (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1645
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
 "supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1655
 msgid "ldap_sasl_authid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1658
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI is used, this "
 "represents the Kerberos principal used for authentication to the directory.  "
@@ -5332,17 +5569,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1666
 msgid "Default: host/hostname@REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1672
 msgid "ldap_sasl_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1648
+#: sssd-ldap.5.xml:1675
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -5350,49 +5587,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1681
 msgid "Default: the value of krb5_realm."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1687
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1663
+#: sssd-ldap.5.xml:1690
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1668
+#: sssd-ldap.5.xml:1695
 msgid "Default: false;"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1701
 msgid "ldap_krb5_keytab (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1677
+#: sssd-ldap.5.xml:1704
 msgid "Specify the keytab to use when using SASL/GSSAPI."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1680
+#: sssd-ldap.5.xml:1707
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1686
+#: sssd-ldap.5.xml:1713
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1689
+#: sssd-ldap.5.xml:1716
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -5400,27 +5637,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1728
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1704
+#: sssd-ldap.5.xml:1731
 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1708 sssd-ad.5.xml:914
+#: sssd-ldap.5.xml:1735 sssd-ad.5.xml:914
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1714 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1741 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1717
+#: sssd-ldap.5.xml:1744
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -5432,7 +5669,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1756 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -5440,7 +5677,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1761 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -5448,39 +5685,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1743 sssd-ipa.5.xml:418 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1770 sssd-ipa.5.xml:432 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1746
+#: sssd-ldap.5.xml:1773
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1749
+#: sssd-ldap.5.xml:1776
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1755 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1782 sssd-krb5.5.xml:462
 msgid "krb5_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1785
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1770 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1797 sssd-krb5.5.xml:477
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1773 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1800 sssd-krb5.5.xml:480
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -5490,7 +5727,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1811 sssd-krb5.5.xml:491
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -5498,26 +5735,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1825
 msgid "ldap_pwd_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1828
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1806
+#: sssd-ldap.5.xml:1833
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1811
+#: sssd-ldap.5.xml:1838
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -5525,7 +5762,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1817
+#: sssd-ldap.5.xml:1844
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5533,31 +5770,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1826
+#: sssd-ldap.5.xml:1853
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1861
 msgid "ldap_referrals (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1864
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1868
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1873
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5566,56 +5803,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1887
 msgid "ldap_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1890
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1894
 msgid "Default: ldap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1900
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1876
+#: sssd-ldap.5.xml:1903
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1881
+#: sssd-ldap.5.xml:1908
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1887
+#: sssd-ldap.5.xml:1914
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1890
+#: sssd-ldap.5.xml:1917
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1902
+#: sssd-ldap.5.xml:1929
 msgid "ldap_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1932
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -5631,12 +5868,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1952
 msgid "Example:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1928
+#: sssd-ldap.5.xml:1955
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -5645,14 +5882,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1959
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1964
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -5661,24 +5898,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1945 sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:1972 sssd-ldap.5.xml:2029
 msgid "Default: Empty"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1951
+#: sssd-ldap.5.xml:1978
 msgid "ldap_account_expire_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1981
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1958
+#: sssd-ldap.5.xml:1985
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5686,19 +5923,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1965
+#: sssd-ldap.5.xml:1992
 msgid "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1995
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1973
+#: sssd-ldap.5.xml:2000
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5707,7 +5944,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:2007
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5715,7 +5952,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1986
+#: sssd-ldap.5.xml:2013
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5724,7 +5961,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2022
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -5732,22 +5969,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2035
 msgid "ldap_access_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2011
+#: sssd-ldap.5.xml:2038
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2042
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2045
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5757,14 +5994,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2028
+#: sssd-ldap.5.xml:2055
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2062
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5777,12 +6014,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2052
+#: sssd-ldap.5.xml:2079
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2056
+#: sssd-ldap.5.xml:2083
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5792,7 +6029,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2093
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5802,49 +6039,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2101
 msgid ""
 "Note If user password is expired no explicit message is prompted by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2105
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2083
+#: sssd-ldap.5.xml:2110
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2115
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2092
+#: sssd-ldap.5.xml:2119
+msgid ""
+"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
+"remote host can access"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2123
+msgid ""
+"Please note, rhost field in pam is set by application, it is better to check "
+"what the application sends to pam, before enabling this access control option"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2128
 msgid "Default: filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2095
+#: sssd-ldap.5.xml:2131
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2102
+#: sssd-ldap.5.xml:2138
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2105
+#: sssd-ldap.5.xml:2141
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -5853,74 +6104,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2113
+#: sssd-ldap.5.xml:2149
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2152
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2122
+#: sssd-ldap.5.xml:2158
 msgid "ldap_deref (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2125
+#: sssd-ldap.5.xml:2161
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2130
+#: sssd-ldap.5.xml:2166
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2134
+#: sssd-ldap.5.xml:2170
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2139
+#: sssd-ldap.5.xml:2175
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2144
+#: sssd-ldap.5.xml:2180
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2149
+#: sssd-ldap.5.xml:2185
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2157
+#: sssd-ldap.5.xml:2193
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2196
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2200
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -5931,7 +6182,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2175
+#: sssd-ldap.5.xml:2211
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -5939,26 +6190,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2223 sssd-ifp.5.xml:136
 #, fuzzy
 #| msgid "enum_cache_timeout (integer)"
-msgid "wildcart_limit (integer)"
+msgid "wildcard_limit (integer)"
 msgstr "enum_cache_timeout (numeriek)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2226
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2194
+#: sssd-ldap.5.xml:2230
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2234
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
@@ -5973,12 +6224,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2244
 msgid "SUDO OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2210
+#: sssd-ldap.5.xml:2246
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5986,208 +6237,208 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2221
+#: sssd-ldap.5.xml:2257
 msgid "ldap_sudorule_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2260
 msgid "The object class of a sudo rule entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2227
+#: sssd-ldap.5.xml:2263
 msgid "Default: sudoRole"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2233
+#: sssd-ldap.5.xml:2269
 msgid "ldap_sudorule_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2272
 msgid "The LDAP attribute that corresponds to the sudo rule name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2246
+#: sssd-ldap.5.xml:2282
 msgid "ldap_sudorule_command (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2249
+#: sssd-ldap.5.xml:2285
 msgid "The LDAP attribute that corresponds to the command name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2253
+#: sssd-ldap.5.xml:2289
 msgid "Default: sudoCommand"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2259
+#: sssd-ldap.5.xml:2295
 msgid "ldap_sudorule_host (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2262
+#: sssd-ldap.5.xml:2298
 msgid ""
 "The LDAP attribute that corresponds to the host name (or host IP address, "
 "host IP network, or host netgroup)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2303
 msgid "Default: sudoHost"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2273
+#: sssd-ldap.5.xml:2309
 msgid "ldap_sudorule_user (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2276
+#: sssd-ldap.5.xml:2312
 msgid ""
 "The LDAP attribute that corresponds to the user name (or UID, group name or "
 "user's netgroup)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2316
 msgid "Default: sudoUser"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2286
+#: sssd-ldap.5.xml:2322
 msgid "ldap_sudorule_option (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2289
+#: sssd-ldap.5.xml:2325
 msgid "The LDAP attribute that corresponds to the sudo options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2329
 msgid "Default: sudoOption"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2335
 msgid "ldap_sudorule_runasuser (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2302
+#: sssd-ldap.5.xml:2338
 msgid ""
 "The LDAP attribute that corresponds to the user name that commands may be "
 "run as."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2306
+#: sssd-ldap.5.xml:2342
 msgid "Default: sudoRunAsUser"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2312
+#: sssd-ldap.5.xml:2348
 msgid "ldap_sudorule_runasgroup (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2351
 msgid ""
 "The LDAP attribute that corresponds to the group name or group GID that "
 "commands may be run as."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2319
+#: sssd-ldap.5.xml:2355
 msgid "Default: sudoRunAsGroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2361
 msgid "ldap_sudorule_notbefore (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2328
+#: sssd-ldap.5.xml:2364
 msgid ""
 "The LDAP attribute that corresponds to the start date/time for when the sudo "
 "rule is valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2332
+#: sssd-ldap.5.xml:2368
 msgid "Default: sudoNotBefore"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2338
+#: sssd-ldap.5.xml:2374
 msgid "ldap_sudorule_notafter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2341
+#: sssd-ldap.5.xml:2377
 msgid ""
 "The LDAP attribute that corresponds to the expiration date/time, after which "
 "the sudo rule will no longer be valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2346
+#: sssd-ldap.5.xml:2382
 msgid "Default: sudoNotAfter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2352
+#: sssd-ldap.5.xml:2388
 msgid "ldap_sudorule_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2391
 msgid "The LDAP attribute that corresponds to the ordering index of the rule."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2359
+#: sssd-ldap.5.xml:2395
 msgid "Default: sudoOrder"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2365
+#: sssd-ldap.5.xml:2401
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2368
+#: sssd-ldap.5.xml:2404
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2373
+#: sssd-ldap.5.xml:2409
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2378
+#: sssd-ldap.5.xml:2414
 msgid "Default: 21600 (6 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2420
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387
+#: sssd-ldap.5.xml:2423
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest USN "
@@ -6195,101 +6446,101 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2429
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2403
+#: sssd-ldap.5.xml:2439
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2406
+#: sssd-ldap.5.xml:2442
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2417
+#: sssd-ldap.5.xml:2453
 msgid "ldap_sudo_hostnames (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2420
+#: sssd-ldap.5.xml:2456
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2425
+#: sssd-ldap.5.xml:2461
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2430 sssd-ldap.5.xml:2453 sssd-ldap.5.xml:2471
-#: sssd-ldap.5.xml:2489
+#: sssd-ldap.5.xml:2466 sssd-ldap.5.xml:2489 sssd-ldap.5.xml:2507
+#: sssd-ldap.5.xml:2525
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2435 sssd-ldap.5.xml:2458
+#: sssd-ldap.5.xml:2471 sssd-ldap.5.xml:2494
 msgid "Default: not specified"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2477
 msgid "ldap_sudo_ip (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2444
+#: sssd-ldap.5.xml:2480
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2449
+#: sssd-ldap.5.xml:2485
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2464
+#: sssd-ldap.5.xml:2500
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2467
+#: sssd-ldap.5.xml:2503
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2482
+#: sssd-ldap.5.xml:2518
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2485
+#: sssd-ldap.5.xml:2521
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2501
+#: sssd-ldap.5.xml:2537
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -6298,111 +6549,111 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2547
 msgid "AUTOFS OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2513
+#: sssd-ldap.5.xml:2549
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2555
 msgid "ldap_autofs_map_master_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2522
+#: sssd-ldap.5.xml:2558
 msgid "The name of the automount master map in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2525
+#: sssd-ldap.5.xml:2561
 msgid "Default: auto.master"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2532
+#: sssd-ldap.5.xml:2568
 msgid "ldap_autofs_map_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2535
+#: sssd-ldap.5.xml:2571
 msgid "The object class of an automount map entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2538
+#: sssd-ldap.5.xml:2574
 msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2546
+#: sssd-ldap.5.xml:2582
 msgid "ldap_autofs_map_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2549
+#: sssd-ldap.5.xml:2585
 msgid "The name of an automount map entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2552
+#: sssd-ldap.5.xml:2588
 msgid ""
 "Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2596
 msgid "ldap_autofs_entry_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2563
+#: sssd-ldap.5.xml:2599
 msgid ""
 "The object class of an automount entry in LDAP. The entry usually "
 "corresponds to a mount point."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2568
+#: sssd-ldap.5.xml:2604
 msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2576
+#: sssd-ldap.5.xml:2612
 msgid "ldap_autofs_entry_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2579 sssd-ldap.5.xml:2594
+#: sssd-ldap.5.xml:2615 sssd-ldap.5.xml:2630
 msgid ""
 "The key of an automount entry in LDAP. The entry usually corresponds to a "
 "mount point."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2583
+#: sssd-ldap.5.xml:2619
 msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2627
 msgid "ldap_autofs_entry_value (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2598
+#: sssd-ldap.5.xml:2634
 msgid ""
 "Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
 "automountInformation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2517
+#: sssd-ldap.5.xml:2553
 msgid ""
 "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
 "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -6411,56 +6662,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2609
+#: sssd-ldap.5.xml:2645
 msgid "ADVANCED OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2616
+#: sssd-ldap.5.xml:2652
 msgid "ldap_netgroup_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2621
+#: sssd-ldap.5.xml:2657
 msgid "ldap_user_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2626
+#: sssd-ldap.5.xml:2662
 msgid "ldap_group_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2631
+#: sssd-ldap.5.xml:2667
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2633
+#: sssd-ldap.5.xml:2669
 msgid ""
-"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
+"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
 "memberships, even with no GID mapping. It is recommended to disable this "
 "feature, if group names are not being displayed correctly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2640
+#: sssd-ldap.5.xml:2676
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2642
+#: sssd-ldap.5.xml:2678
 msgid "ldap_sudo_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2647
+#: sssd-ldap.5.xml:2683
 msgid "ldap_autofs_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2611
+#: sssd-ldap.5.xml:2647
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -6468,8 +6719,15 @@ msgid ""
 "\"variablelist\" id=\"1\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2698 sssd-simple.5.xml:131 sssd-ipa.5.xml:717
+#: sssd-ad.5.xml:1018 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+msgid "EXAMPLE"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2664
+#: sssd-ldap.5.xml:2700
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -6477,7 +6735,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2670
+#: sssd-ldap.5.xml:2706
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -6490,26 +6748,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2669 sssd-ldap.5.xml:2687 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:681 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 include/ldap_id_mapping.xml:105
+#: sssd-ldap.5.xml:2705 sssd-ldap.5.xml:2723 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2681
+#: sssd-ldap.5.xml:2717
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2683
+#: sssd-ldap.5.xml:2719
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2688
+#: sssd-ldap.5.xml:2724
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -6525,13 +6784,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2703 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2739 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1041 sssd.8.xml:195 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2705
+#: sssd-ldap.5.xml:2741
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -7032,9 +7291,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:45
 msgid ""
-"The rules are process by priority while the number '0' (zero)  indicates the "
-"highest priority. The higher the number the lower is the priority. A missing "
-"value indicates the lowest priority."
+"The rules are processed by priority while the number '0' (zero)  indicates "
+"the highest priority. The higher the number the lower is the priority. A "
+"missing value indicates the lowest priority."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
@@ -7118,7 +7377,7 @@ msgstr ""
 #: sss-certmap.5.xml:112
 msgid ""
 "This option can be used to specify which key usage values the certificate "
-"should have. The following value can be used in a comma separate list:"
+"should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
@@ -7495,7 +7754,7 @@ msgid ""
 "exception is the proxy provider which is not of relevance here). Because of "
 "this the mapping rule is based on LDAP search filter syntax with templates "
 "to add certificate content to the filter. It is expected that the filter "
-"will only contain the specific data needed for the mapping an that the "
+"will only contain the specific data needed for the mapping and that the "
 "caller will embed it in another filter to do the actual search. Because of "
 "this the filter string should start and stop with '(' and ')' respectively."
 msgstr ""
@@ -7515,8 +7774,8 @@ msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
 "is that the user specific data in LDAP might change for various reasons "
-"would would break the mapping. On the other hand it would be hard to break "
-"the mapping on purpose for a specific user."
+"would break the mapping. On the other hand it would be hard to break the "
+"mapping on purpose for a specific user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -7610,7 +7869,7 @@ msgstr ""
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
-"represent the first part of the principal before the '@' sign."
+"represents the first part of the principal before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7628,8 +7887,8 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:459
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by pkinit. The 'short_name' component represent the first part of the "
+"This template will add the Kerberos principal which is given by the SAN used "
+"by pkinit. The 'short_name' component represents the first part of the "
 "principal before the '@' sign."
 msgstr ""
 
@@ -7648,9 +7907,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:473
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by AD. The 'short_name' component represent the first part of the "
-"principal before the '@' sign."
+"This template will add the Kerberos principal which is given by the SAN used "
+"by AD. The 'short_name' component represent the first part of the principal "
+"before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -7663,7 +7922,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
-"represent the first part of the address before the '@' sign."
+"represents the first part of the address before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7683,7 +7942,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
-"component represent the first part of the name before the first '.' sign."
+"component represents the first part of the name before the first '.' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7799,7 +8058,7 @@ msgstr ""
 #: sss-certmap.5.xml:367
 msgid ""
 "The templates to add certificate data to the search filter are based on "
-"Python-style formatting strings. They consists of a keyword in curly braces "
+"Python-style formatting strings. They consist of a keyword in curly braces "
 "with an optional sub-component specifier separated by a '.' or an optional "
 "conversion/formatting option separated by a '!'.  Allowed values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -7919,16 +8178,17 @@ msgstr ""
 #: sssd-ipa.5.xml:113
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
+"fully qualified name used in the IPA domain to identify this host.  The "
+"hostname must be fully qualified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121 sssd-ad.5.xml:843
+#: sssd-ipa.5.xml:122 sssd-ad.5.xml:843
 msgid "dyndns_update (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:125
 msgid ""
 "Optional. This option tells SSSD to automatically update the DNS server "
 "built into FreeIPA with the IP address of this client. The update is secured "
@@ -7938,14 +8198,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:133 sssd-ad.5.xml:857
+#: sssd-ipa.5.xml:134 sssd-ad.5.xml:857
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:139
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_update</"
@@ -7953,12 +8213,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:150 sssd-ad.5.xml:868
+#: sssd-ipa.5.xml:151 sssd-ad.5.xml:868
 msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:153 sssd-ad.5.xml:871
+#: sssd-ipa.5.xml:154 sssd-ad.5.xml:871
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -7966,7 +8226,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:159
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
@@ -7974,17 +8234,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:164
+#: sssd-ipa.5.xml:165
 msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:170 sssd-ad.5.xml:882
+#: sssd-ipa.5.xml:171 sssd-ad.5.xml:882
 msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173 sssd-ad.5.xml:885
+#: sssd-ipa.5.xml:174 sssd-ad.5.xml:885
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -7993,7 +8253,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180
+#: sssd-ipa.5.xml:181
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -8001,24 +8261,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:186
+#: sssd-ipa.5.xml:187
 msgid ""
 "Default: Use the IP addresses of the interface which is used for IPA LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:190 sssd-ad.5.xml:896
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:896
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196 sssd-ad.5.xml:947
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:947
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199 sssd-ad.5.xml:950
+#: sssd-ipa.5.xml:200 sssd-ad.5.xml:950
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -8026,24 +8286,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:205 sssd-ad.5.xml:956
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:956
 msgid "Default: GSS-TSIG"
-msgstr "Standaard: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:212
 msgid "ipa_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:197
+#: sssd-ipa.5.xml:215 sssd-ad.5.xml:197
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:218
+#: sssd-ipa.5.xml:219
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, then the SSSD will first attempt location "
@@ -8055,12 +8313,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:237 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:238 sssd-ad.5.xml:902
 msgid "dyndns_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:240
+#: sssd-ipa.5.xml:241
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -8068,234 +8326,280 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:920
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:920
 msgid "dyndns_update_ptr (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:923
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:923
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:261
+#: sssd-ipa.5.xml:262
 msgid ""
 "This option should be False in most IPA deployments as the IPA server "
 "generates the PTR records automatically when forward records are changed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:268
 msgid "Default: False (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273 sssd-ad.5.xml:934
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:934
 msgid "dyndns_force_tcp (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276 sssd-ad.5.xml:937
+#: sssd-ipa.5.xml:277 sssd-ad.5.xml:937
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:941
+#: sssd-ipa.5.xml:281 sssd-ad.5.xml:941
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:286 sssd-ad.5.xml:962
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:962
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:289 sssd-ad.5.xml:965
+#: sssd-ipa.5.xml:290 sssd-ad.5.xml:965
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:294 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:295 sssd-ad.5.xml:970
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:299 sssd-ad.5.xml:975
+#: sssd-ipa.5.xml:300 sssd-ad.5.xml:975
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:304 sssd-ad.5.xml:980
+#: sssd-ipa.5.xml:305 sssd-ad.5.xml:980
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:310
-msgid "ipa_hbac_search_base (string)"
+#: sssd-ipa.5.xml:311
+msgid "ipa_deskprofile_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Optional. Use the given string as search base for HBAC related objects."
+#: sssd-ipa.5.xml:314
+msgid ""
+"Optional. Use the given string as search base for Desktop Profile related "
+"objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:317
+#: sssd-ipa.5.xml:318 sssd-ipa.5.xml:331
 msgid "Default: Use base DN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:324
+msgid "ipa_hbac_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:327
+msgid "Optional. Use the given string as search base for HBAC related objects."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:337
 msgid "ipa_host_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:326
+#: sssd-ipa.5.xml:340
 msgid "Optional. Use the given string as search base for host objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:330 sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 sssd-ipa.5.xml:387
-#: sssd-ipa.5.xml:406
+#: sssd-ipa.5.xml:344 sssd-ipa.5.xml:363 sssd-ipa.5.xml:382 sssd-ipa.5.xml:401
+#: sssd-ipa.5.xml:420
 msgid ""
 "See <quote>ldap_search_base</quote> for information about configuring "
 "multiple search bases."
 msgstr ""
 
 #. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:335 sssd-ipa.5.xml:354 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 include/ldap_search_bases.xml:27
 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:356
 msgid "ipa_selinux_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:345
+#: sssd-ipa.5.xml:359
 msgid "Optional. Use the given string as search base for SELinux user maps."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:375
 msgid "ipa_subdomains_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364
+#: sssd-ipa.5.xml:378
 msgid "Optional. Use the given string as search base for trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:373
+#: sssd-ipa.5.xml:387
 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:380
+#: sssd-ipa.5.xml:394
 msgid "ipa_master_domain_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:383
+#: sssd-ipa.5.xml:397
 msgid "Optional. Use the given string as search base for master domain object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:406
 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:399
+#: sssd-ipa.5.xml:413
 msgid "ipa_views_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:402
+#: sssd-ipa.5.xml:416
 msgid "Optional. Use the given string as search base for views containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:411
+#: sssd-ipa.5.xml:425
 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:435
 msgid ""
 "The name of the Kerberos realm. This is optional and defaults to the value "
 "of <quote>ipa_domain</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:425
+#: sssd-ipa.5.xml:439
 msgid ""
 "The name of the Kerberos realm has a special meaning in IPA - it is "
 "converted into the base DN to use for performing LDAP operations."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:433 sssd-ad.5.xml:989
+#: sssd-ipa.5.xml:447 sssd-ad.5.xml:989
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:436 sssd-ad.5.xml:992
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:992
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:440 sssd-ad.5.xml:996
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:996
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:444 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1000
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:465
+#, fuzzy
+#| msgid "config_file_version (integer)"
+msgid "ipa_deskprofile_refresh (integer)"
+msgstr "config_file_version (numeriek)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:468
+msgid ""
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server. This will reduce the latency and load on the IPA server if there "
+"are many desktop profiles requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:475 sssd-ipa.5.xml:505 sssd-ipa.5.xml:521 sssd-ad.5.xml:408
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:481
+msgid "ipa_deskprofile_request_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:484
+msgid ""
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server in case the last request did not return any rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:489
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: 60 (minutes)"
+msgstr "Standaard: true"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:495
 msgid "ipa_hbac_refresh (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:498
 msgid ""
 "The amount of time between lookups of the HBAC rules against the IPA server. "
 "This will reduce the latency and load on the IPA server if there are many "
 "access-control requests made in a short period."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ipa.5.xml:477 sssd-ad.5.xml:408
-msgid "Default: 5 (seconds)"
-msgstr ""
-
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:511
 msgid "ipa_hbac_selinux (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:470
+#: sssd-ipa.5.xml:514
 msgid ""
 "The amount of time between lookups of the SELinux maps against the IPA "
 "server. This will reduce the latency and load on the IPA server if there are "
@@ -8303,192 +8607,192 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:527
 msgid "ipa_server_mode (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:486
+#: sssd-ipa.5.xml:530
 msgid ""
 "This option will be set by the IPA installer (ipa-server-install) "
 "automatically and denotes if SSSD is running on an IPA server or not."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:535
 msgid ""
 "On an IPA server SSSD will lookup users and groups from trusted domains "
 "directly while on a client it will ask an IPA server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:502
+#: sssd-ipa.5.xml:546
 msgid "ipa_automount_location (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:505
+#: sssd-ipa.5.xml:549
 msgid "The automounter location this IPA client will be using"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508
+#: sssd-ipa.5.xml:552
 msgid "Default: The location named \"default\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:516
+#: sssd-ipa.5.xml:560
 msgid "VIEWS AND OVERRIDES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:525
+#: sssd-ipa.5.xml:569
 msgid "ipa_view_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:572
 msgid "Objectclass of the view container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:575
 msgid "Default: nsContainer"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:537
+#: sssd-ipa.5.xml:581
 msgid "ipa_view_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:540
+#: sssd-ipa.5.xml:584
 msgid "Name of the attribute holding the name of the view."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:550
+#: sssd-ipa.5.xml:594
 msgid "ipa_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:597
 msgid "Objectclass of the override objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:556
+#: sssd-ipa.5.xml:600
 msgid "Default: ipaOverrideAnchor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:606
 msgid "ipa_anchor_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:565
+#: sssd-ipa.5.xml:609
 msgid ""
 "Name of the attribute containing the reference to the original object in a "
 "remote domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:613
 msgid "Default: ipaAnchorUUID"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:619
 msgid "ipa_user_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:578
+#: sssd-ipa.5.xml:622
 msgid ""
 "Name of the objectclass for user overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:583
+#: sssd-ipa.5.xml:627
 msgid "User overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:586
+#: sssd-ipa.5.xml:630
 msgid "ldap_user_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:589
+#: sssd-ipa.5.xml:633
 msgid "ldap_user_uid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:592
+#: sssd-ipa.5.xml:636
 msgid "ldap_user_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:595
+#: sssd-ipa.5.xml:639
 msgid "ldap_user_gecos"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:598
+#: sssd-ipa.5.xml:642
 msgid "ldap_user_home_directory"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:601
+#: sssd-ipa.5.xml:645
 msgid "ldap_user_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:604
+#: sssd-ipa.5.xml:648
 msgid "ldap_user_ssh_public_key"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:653
 msgid "Default: ipaUserOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:615
+#: sssd-ipa.5.xml:659
 msgid "ipa_group_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:618
+#: sssd-ipa.5.xml:662
 msgid ""
 "Name of the objectclass for group overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:623
+#: sssd-ipa.5.xml:667
 msgid "Group overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:626
+#: sssd-ipa.5.xml:670
 msgid "ldap_group_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:629
+#: sssd-ipa.5.xml:673
 msgid "ldap_group_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
+#: sssd-ipa.5.xml:678
 msgid "Default: ipaGroupOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:518
+#: sssd-ipa.5.xml:562
 msgid ""
 "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
 "later version. Since all paths and objectclasses are fixed on the server "
@@ -8498,19 +8802,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:646
+#: sssd-ipa.5.xml:690
 msgid "SUBDOMAINS PROVIDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:692
 msgid ""
 "The IPA subdomains provider behaves slightly differently if it is configured "
 "explicitly or implicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:652
+#: sssd-ipa.5.xml:696
 msgid ""
 "If the option 'subdomains_provider = ipa' is found in the domain section of "
 "sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -8518,7 +8822,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:658
+#: sssd-ipa.5.xml:702
 msgid ""
 "If the option 'subdomains_provider' is not set in the domain section of sssd."
 "conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -8530,7 +8834,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:675
+#: sssd-ipa.5.xml:719
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -8538,7 +8842,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:682
+#: sssd-ipa.5.xml:726
 #, no-wrap
 msgid ""
 "[domain/example.com]\n"
@@ -8679,10 +8983,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:127
-#, fuzzy
-#| msgid "full_name_format (string)"
 msgid "ad_enabled_domains (string)"
-msgstr "full_name_format (tekst)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:130
@@ -9416,10 +9718,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:819
-#, fuzzy
-#| msgid "Default: 3"
 msgid "Default: 30 days"
-msgstr "Standaard: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:825
@@ -9430,10 +9730,10 @@ msgstr ""
 #: sssd-ad.5.xml:828
 msgid ""
 "This option should only be used to test the machine account renewal task. "
-"The option expect 2 integers seperated by a colon (':'). The first integer "
+"The option expects 2 integers separated by a colon (':'). The first integer "
 "defines the interval in seconds how often the task is run. The second "
-"specifies the inital timeout in seconds before the task is run for the first "
-"time after startup."
+"specifies the initial timeout in seconds before the task is run for the "
+"first time after startup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -9537,8 +9837,8 @@ msgid ""
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
+#. type: Content of: <reference><refentry><refmeta><refentrytitle>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
 msgid "sssd-sudo"
 msgstr ""
 
@@ -9861,12 +10161,12 @@ msgid "Run in the foreground, don't become a daemon."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117 sss_debuglevel.8.xml:42
+#: sssd.8.xml:117
 msgid "<option>-c</option>,<option>--config</option>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121 sss_debuglevel.8.xml:46
+#: sssd.8.xml:121
 msgid ""
 "Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
 "conf</filename>. For reference on the config file syntax and options, "
@@ -10049,19 +10349,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_override.8.xml:21
-#, fuzzy
-#| msgid ""
-#| "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-#| "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-#| "arg>"
 msgid ""
 "<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</"
 "replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
 "arg>"
 msgstr ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>opties</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROEP</replaceable></"
-"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:32
@@ -10300,10 +10592,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sss_override.8.xml:261 sssctl.8.xml:50
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "COMMON OPTIONS"
-msgstr "OPTIES"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:263 sssctl.8.xml:52
@@ -10312,14 +10602,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:268 sssctl.8.xml:57
-#, fuzzy
-#| msgid ""
-#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-#| "replaceable>"
 msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
 msgstr ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROEPEN</"
-"replaceable>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_useradd.8.xml:10 sss_useradd.8.xml:15
@@ -11511,16 +11795,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:186
-#, fuzzy
-#| msgid ""
-#| "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-#| "replaceable>"
 msgid ""
 "<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
 "replaceable>"
 msgstr ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROEPEN</"
-"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:191
@@ -11529,14 +11807,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:197
-#, fuzzy
-#| msgid ""
-#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-#| "replaceable>"
 msgid "<option>-R</option>,<option>--sudo-rules</option>"
 msgstr ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROEPEN</"
-"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:201
@@ -11564,7 +11836,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_debuglevel.8.xml:16
-msgid "change debug level while SSSD is running"
+msgid "[DEPRECATED] change debug level while SSSD is running"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
@@ -11578,14 +11850,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_debuglevel.8.xml:32
 msgid ""
-"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
-"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
-"running."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_debuglevel.8.xml:59
-msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl "
+"debug-level command. Please refer to the <command>sssctl</command> man page "
+"for more information on sssctl usage."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
@@ -11982,7 +12249,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><title>
-#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:182 include/seealso.xml:2
+#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:180 include/seealso.xml:2
 msgid "SEE ALSO"
 msgstr "ZIE OOK"
 
@@ -12155,7 +12422,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: idmap_sss.8.xml:16
-msgid "SSSSD's idmap_sss Backend for Winbind"
+msgid "SSSD's idmap_sss Backend for Winbind"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
@@ -12167,10 +12434,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: idmap_sss.8.xml:29
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "IDMAP OPTIONS"
-msgstr "OPTIES"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: idmap_sss.8.xml:33
@@ -12184,11 +12449,6 @@ msgid ""
 "authoritative."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><title>
-#: idmap_sss.8.xml:43
-msgid "EXAMPLES"
-msgstr ""
-
 #. type: Content of: <reference><refentry><refsect1><para>
 #: idmap_sss.8.xml:45
 msgid ""
@@ -12220,19 +12480,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sssctl.8.xml:21
-#, fuzzy
-#| msgid ""
-#| "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-#| "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-#| "arg>"
 msgid ""
 "<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</"
 "replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
 "arg>"
 msgstr ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>opties</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROEP</replaceable></"
-"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssctl.8.xml:32
@@ -12362,20 +12614,53 @@ msgid ""
 "nested."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:69
+msgid "secrets"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:70
+msgid "secrets for general usage"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:73
+msgid "kcm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:75
+msgid ""
+"used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:61
+msgid ""
+"Since the secrets responder can be used both externally to store general "
+"secrets, as described in the rest of this man page, but also internally by "
+"other SSSD components to store their secret material, some configuration "
+"options, like quotas can be configured per <quote>hive</quote> in a "
+"configuration subsection named after the hive. The currently supported hives "
+"are: <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:63
+#: sssd-secrets.5.xml:89
 msgid "USING THE SECRETS RESPONDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:65
+#: sssd-secrets.5.xml:91
 msgid ""
 "The UNIX socket the SSSD responder listens on is located at <filename>/var/"
 "run/secrets.socket</filename>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:84 sssd-kcm.8.xml:132
+#: sssd-secrets.5.xml:110
 #, no-wrap
 msgid ""
 "systemctl start sssd-secrets.socket\n"
@@ -12385,7 +12670,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:69
+#: sssd-secrets.5.xml:95
 msgid ""
 "The secrets responder is socket-activated by <citerefentry> "
 "<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </"
@@ -12400,7 +12685,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:96
+#: sssd-secrets.5.xml:122
 msgid ""
 "The generic SSSD responder options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the secrets responder.  Please refer "
@@ -12409,20 +12694,27 @@ msgid ""
 "there are some secrets-specific options as well."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:132
+msgid ""
+"The secrets responder is configured with a global <quote>[secrets]</quote> "
+"section and an optional per-user <quote>[secrets/users/$uid]</quote> section "
+"in <filename>sssd.conf</filename>. Please note that some options, notably as "
+"the provider type, can only be specified in the per-user subsections."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:107
-#, fuzzy
-#| msgid "re_expression (string)"
+#: sssd-secrets.5.xml:141
 msgid "provider (string)"
-msgstr "re_expression (tekst)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:120
+#: sssd-secrets.5.xml:157
 msgid "local"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:123
+#: sssd-secrets.5.xml:160
 msgid ""
 "The secrets are stored in a local database, encrypted at rest with a master "
 "key. The local provider does not have any additional config options at the "
@@ -12430,157 +12722,192 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:131
+#: sssd-secrets.5.xml:168
 msgid "proxy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:134
+#: sssd-secrets.5.xml:171
 msgid ""
 "The secrets responder forwards the requests to a Custodia server. The proxy "
 "provider supports several additional options (see below)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:110
+#: sssd-secrets.5.xml:144
 msgid ""
 "This option specifies where should the secrets be stored. The secrets "
-"responder can configure a per-user subsections that define which provider "
-"store the secrets for this particular user. The per-user subsections should "
-"contain all options for that user's provider. If a per-user section does not "
-"exist, the global settings from the secret responder's section are used.  "
-"The following providers are supported: <placeholder type=\"variablelist\" id="
-"\"0\"/>"
+"responder can configure a per-user subsections (e.g. <quote>[secrets/"
+"users/123]</quote> - see bottom of this manual page for a full example using "
+"Custodia for a particular user) that define which provider store the secrets "
+"for this particular user. The per-user subsections should contain all "
+"options for that user's provider. Please note that currently the global "
+"provider is always local, the proxy provider can only be specified in a per-"
+"user section. The following providers are supported: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:143
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-secrets.5.xml:180
 msgid "Default: local"
-msgstr "Standaard: 3"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:186
+msgid ""
+"The following options affect only the secrets <quote>hive</quote> and "
+"therefore should be set in a per-hive subsection. Setting the option to 0 "
+"means \"unlimited\"."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:148
-#, fuzzy
-#| msgid "reconnection_retries (integer)"
+#: sssd-secrets.5.xml:192
 msgid "containers_nest_level (integer)"
-msgstr "reconnection_retries (numeriek)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:151
+#: sssd-secrets.5.xml:195
 msgid "This option specifies the maximum allowed number of nested containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:155
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-secrets.5.xml:199
 msgid "Default: 4"
-msgstr "Standaard: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:160
-#, fuzzy
-#| msgid "reconnection_retries (integer)"
+#: sssd-secrets.5.xml:204
 msgid "max_secrets (integer)"
-msgstr "reconnection_retries (numeriek)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:163
-msgid "This option specifies the maximum number of secrets that can be stored."
+#: sssd-secrets.5.xml:207
+msgid ""
+"This option specifies the maximum number of secrets that can be stored in "
+"the hive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:167
+#: sssd-secrets.5.xml:211
+msgid "Default: 1024 (secrets hive), 256 (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:216
 #, fuzzy
-#| msgid "Default: 120"
-msgid "Default: 1024"
-msgstr "Standaard: 120"
+#| msgid "debug_level (integer)"
+msgid "max_uid_secrets (integer)"
+msgstr "debug_level (numeriek)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:219
+msgid ""
+"This option specifies the maximum number of secrets that can be stored per-"
+"UID in the hive."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:223
+msgid "Default: 256 (secrets hive), 64 (kcm hive)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:172
+#: sssd-secrets.5.xml:228
 msgid "max_payload_size (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:175
+#: sssd-secrets.5.xml:231
 msgid ""
 "This option specifies the maximum payload size allowed for a secret payload "
 "in kilobytes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:179
-#, fuzzy
-#| msgid "Default: 120"
-msgid "Default: 16"
-msgstr "Standaard: 120"
+#: sssd-secrets.5.xml:235
+msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-secrets.5.xml:244
+#, no-wrap
+msgid ""
+"[secrets/secrets]\n"
+"max_payload_size = 128\n"
+"\n"
+"[secrets/kcm]\n"
+"max_payload_size = 256\n"
+"            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:241
+msgid ""
+"For example, to adjust quotas differently for both the <quote>secrets</"
+"quote> and the <quote>kcm</quote> hives, configure the following: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:185
+#: sssd-secrets.5.xml:252
 msgid ""
 "The following options are only applicable for configurations that use the "
 "<quote>proxy</quote> provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:190
-#, fuzzy
-#| msgid "re_expression (string)"
+#: sssd-secrets.5.xml:257
 msgid "proxy_url (string)"
-msgstr "re_expression (tekst)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:193
+#: sssd-secrets.5.xml:260
 msgid ""
 "The URL the Custodia server is listening on. At the moment, http and https "
 "protocols are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:200
+#: sssd-secrets.5.xml:267
 msgid "http[s]://&lt;host&gt;[:port]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:203
+#: sssd-secrets.5.xml:270
 msgid "Example: http://localhost:8080"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:208
-#, fuzzy
-#| msgid "re_expression (string)"
+#: sssd-secrets.5.xml:275
 msgid "auth_type (string)"
-msgstr "re_expression (tekst)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:211
+#: sssd-secrets.5.xml:278
 msgid ""
 "The method to use when authenticating to a Custodia server. The following "
 "authentication methods are supported:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:216
+#: sssd-secrets.5.xml:283
 msgid "basic_auth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:219
+#: sssd-secrets.5.xml:286
 msgid ""
 "Authenticate with a username and a password as set in the <quote>username</"
 "quote> and <quote>password</quote> options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:226
+#: sssd-secrets.5.xml:293
 msgid "header"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:229
+#: sssd-secrets.5.xml:296
 msgid ""
 "Authenticate with HTTP header value as defined in the "
 "<quote>auth_header_name</quote> and <quote>auth_header_value</quote> "
@@ -12588,14 +12915,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:240
-#, fuzzy
-#| msgid "full_name_format (string)"
+#: sssd-secrets.5.xml:307
 msgid "auth_header_name (string)"
-msgstr "full_name_format (tekst)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:243
+#: sssd-secrets.5.xml:310
 msgid ""
 "If set, the secrets responder would put a header with this name into the "
 "HTTP request with the value defined in the <quote>auth_header_value</quote> "
@@ -12603,89 +12928,81 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:248
+#: sssd-secrets.5.xml:315
 msgid "Example: MYSECRETNAME"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:253
+#: sssd-secrets.5.xml:320
 msgid "auth_header_value (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:256
+#: sssd-secrets.5.xml:323
 msgid ""
 "The value sssd-secrets would use for the <quote>auth_header_name</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:260
+#: sssd-secrets.5.xml:327
 msgid "Example: mysecret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:265
+#: sssd-secrets.5.xml:332
 msgid "forward_headers (list of strings)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:268
+#: sssd-secrets.5.xml:335
 msgid ""
 "The list of HTTP headers to forward to the Custodia server together with the "
 "request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:277
-#, fuzzy
-#| msgid "try_inotify (boolean)"
+#: sssd-secrets.5.xml:344
 msgid "verify_peer (boolean)"
-msgstr "try_inotify (bool)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:280
+#: sssd-secrets.5.xml:347
 msgid ""
 "Whether peer's certificate should be verified and valid if HTTPS protocol is "
 "used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:289
-#, fuzzy
-#| msgid "try_inotify (boolean)"
+#: sssd-secrets.5.xml:356
 msgid "verify_host (boolean)"
-msgstr "try_inotify (bool)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:292
+#: sssd-secrets.5.xml:359
 msgid ""
 "Whether peer's hostname must match with hostname in its certificate if HTTPS "
 "protocol is used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:302
-#, fuzzy
-#| msgid "full_name_format (string)"
+#: sssd-secrets.5.xml:369
 msgid "capath (string)"
-msgstr "full_name_format (tekst)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:305
+#: sssd-secrets.5.xml:372
 msgid ""
 "Path to directory containing stored certificate authority certificates. "
 "System default path is used if this option is not set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:315
-#, fuzzy
-#| msgid "full_name_format (string)"
+#: sssd-secrets.5.xml:382
 msgid "cacert (string)"
-msgstr "full_name_format (tekst)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:318
+#: sssd-secrets.5.xml:385
 msgid ""
 "Path to file containing server's certificate authority certificate. If this "
 "option is not set then the CA's certificate is looked up in <quote>capath</"
@@ -12693,14 +13010,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:328
-#, fuzzy
-#| msgid "full_name_format (string)"
+#: sssd-secrets.5.xml:395
 msgid "cert (string)"
-msgstr "full_name_format (tekst)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:331
+#: sssd-secrets.5.xml:398
 msgid ""
 "Path to file containing client's certificate if required by the server. This "
 "file may also contain private key or the private key may be in separate file "
@@ -12708,22 +13023,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:342
+#: sssd-secrets.5.xml:409
 msgid "key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:345
+#: sssd-secrets.5.xml:412
 msgid "Path to file containing client's private key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:355
+#: sssd-secrets.5.xml:422
 msgid "USING THE REST API"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:357
+#: sssd-secrets.5.xml:424
 msgid ""
 "This section lists the available commands and includes examples using the "
 "<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> "
@@ -12738,19 +13053,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:374
+#: sssd-secrets.5.xml:441
 msgid "Listing secrets"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:377
+#: sssd-secrets.5.xml:444
 msgid ""
 "To list the available secrets, send a HTTP GET request with a trailing slash "
 "appended to the container path."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:383
+#: sssd-secrets.5.xml:450
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12760,19 +13075,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:391
+#: sssd-secrets.5.xml:458
 msgid "Retrieving a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:394
+#: sssd-secrets.5.xml:461
 msgid ""
 "To read a value of a single secret, send a HTTP GET request without a "
 "trailing slash. The last portion of the URI is the name of the secret."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:401
+#: sssd-secrets.5.xml:468
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12782,7 +13097,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:406
+#: sssd-secrets.5.xml:473
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -12792,19 +13107,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:399
+#: sssd-secrets.5.xml:466
 msgid ""
 "Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
 "\"programlisting\" id=\"1\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:414
+#: sssd-secrets.5.xml:481
 msgid "Setting a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:417
+#: sssd-secrets.5.xml:484
 msgid ""
 "To set a secret using the <quote>application/json</quote> type, send a HTTP "
 "PUT request with a JSON payload that includes type and value. The type "
@@ -12813,14 +13128,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:425
+#: sssd-secrets.5.xml:492
 msgid ""
 "The <quote>application/json</quote> type just sends the secret as the "
 "message payload."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:434
+#: sssd-secrets.5.xml:501
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12831,7 +13146,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:440
+#: sssd-secrets.5.xml:507
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -12842,7 +13157,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:429
+#: sssd-secrets.5.xml:496
 msgid ""
 "The following example sets a secret named 'foo' to a value of 'foosecret' "
 "and a secret named 'bar' to a value of 'barsecret' using a different Content "
@@ -12851,12 +13166,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:449
+#: sssd-secrets.5.xml:516
 msgid "Creating a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:452
+#: sssd-secrets.5.xml:519
 msgid ""
 "Containers provide an additional namespace for this user's secrets. To "
 "create a container, send a HTTP POST request, whose URI ends with the "
@@ -12864,7 +13179,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:462
+#: sssd-secrets.5.xml:529
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12874,14 +13189,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:459
+#: sssd-secrets.5.xml:526
 msgid ""
 "The following example creates a container named 'mycontainer': <placeholder "
 "type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:471
+#: sssd-secrets.5.xml:538
 #, no-wrap
 msgid ""
 "http://localhost/secrets/mycontainer/mysecret\n"
@@ -12889,26 +13204,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:468
+#: sssd-secrets.5.xml:535
 msgid ""
 "To manipulate secrets under this container, just nest the secrets underneath "
 "the container path: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:477
+#: sssd-secrets.5.xml:544
 msgid "Deleting a secret or a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:480
+#: sssd-secrets.5.xml:547
 msgid ""
 "To delete a secret or a container, send a HTTP DELETE request with a path to "
 "the secret or the container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:486
+#: sssd-secrets.5.xml:553
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12918,19 +13233,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:484
+#: sssd-secrets.5.xml:551
 msgid ""
 "The following example deletes a secret named 'foo'.  <placeholder type="
 "\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:496
+#: sssd-secrets.5.xml:563
 msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:498
+#: sssd-secrets.5.xml:565
 msgid ""
 "For testing the proxy provider, you need to set up a Custodia server to "
 "proxy requests to. Please always consult the Custodia documentation, the "
@@ -12938,7 +13253,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:509
+#: sssd-secrets.5.xml:576
 #, no-wrap
 msgid ""
 "[global]\n"
@@ -12968,7 +13283,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:503
+#: sssd-secrets.5.xml:570
 msgid ""
 "This configuration will set up a Custodia server listening on http://"
 "localhost:8080, allowing anyone with header named MYSECRETNAME set to "
@@ -12978,14 +13293,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:535
+#: sssd-secrets.5.xml:602
 msgid ""
 "Then run the <replaceable>custodia</replaceable> command, pointing it at the "
 "config file as a command line argument."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:539
+#: sssd-secrets.5.xml:606
 msgid ""
 "Please note that currently it's not possible to proxy all requests globally "
 "to a Custodia instance. Instead, per-user subsections for user IDs that "
@@ -12996,7 +13311,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><programlisting>
-#: sssd-secrets.5.xml:547
+#: sssd-secrets.5.xml:614
 #, no-wrap
 msgid ""
 "[secrets]\n"
@@ -13011,6 +13326,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-session-recording.5.xml:16
+msgid "sssd-session-recording"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-session-recording.5.xml:17
+msgid "Configuring session recording with SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:23
+msgid ""
+"This manual page describes how to configure <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to "
+"implement user session recording on text terminals.  For a detailed "
+"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> "
+"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:41
+msgid ""
+"SSSD can be set up to enable recording of everything specific users see or "
+"type during their sessions on text terminals. E.g.  when users log in on the "
+"console, or via SSH. SSSD itself doesn't record anything, but makes sure "
+"tlog-rec-session is started upon user login, so it can record according to "
+"its configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:48
+msgid ""
+"For users with session recording enabled, SSSD replaces the user shell with "
+"tlog-rec-session in NSS responses, and adds a variable specifying the "
+"original shell to the user environment, upon PAM session setup. This way "
+"tlog-rec-session can be started in place of the user shell, and know which "
+"actual shell to start, once it set up the recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:60
+#, fuzzy
+#| msgid "These options can be used to configure any service."
+msgid "These options can be used to configure the session recording."
+msgstr "Deze opties kunnen gebruikt worden om services te configureren."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:146
+msgid ""
+"The following snippet of sssd.conf enables session recording for users "
+"\"contractor1\" and \"contractor2\", and group \"students\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-session-recording.5.xml:151
+#, no-wrap
+msgid ""
+"[session_recording]\n"
+"scope = some\n"
+"users = contractor1, contractor2\n"
+"groups = students\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
 msgid "sssd-kcm"
 msgstr ""
@@ -13127,7 +13509,6 @@ msgstr ""
 msgid ""
 "systemctl start sssd-kcm.socket\n"
 "systemctl enable sssd-kcm.socket\n"
-"systemctl enable sssd-kcm.service\n"
 "            "
 msgstr ""
 
@@ -13144,12 +13525,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-kcm.8.xml:123
+#: sssd-kcm.8.xml:122
 msgid "THE CREDENTIAL CACHE STORAGE"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:131
+#, no-wrap
+msgid ""
+"systemctl start sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.socket\n"
+"            "
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:125
+#: sssd-kcm.8.xml:124
 msgid ""
 "The credential caches are stored in the SSSD secrets service (see "
 "<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
@@ -13160,7 +13550,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:143
+#: sssd-kcm.8.xml:141
 msgid ""
 "The KCM service is configured in the <quote>kcm</quote> section of the sssd."
 "conf file. Please note that currently, is it not sufficient to restart the "
@@ -13173,7 +13563,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:157
+#: sssd-kcm.8.xml:155
 msgid ""
 "The generic SSSD service options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the kcm service.  Please refer to "
@@ -13183,28 +13573,408 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-kcm.8.xml:168
+#: sssd-kcm.8.xml:166
 msgid "socket_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:171
+#: sssd-kcm.8.xml:169
 msgid "The socket the KCM service will listen on."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:174
+#: sssd-kcm.8.xml:172
 msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:184
+#: sssd-kcm.8.xml:182
 msgid ""
 "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>,"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
+msgid "sssd-systemtap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-systemtap.5.xml:17
+msgid "SSSD systemtap information"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:23
+msgid ""
+"This manual page provides information about the systemtap functionality in "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:32
+msgid ""
+"SystemTap Probe points have been added into various locations in SSSD code "
+"to assist in troubleshooting and analyzing performance related issues."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:40
+msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:46
+msgid ""
+"Probes and miscellaneous functions are defined in /usr/share/systemtap/"
+"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp "
+"respectively."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-systemtap.5.xml:57
+msgid "PROBE POINTS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:341
+msgid ""
+"The information below lists the probe points and arguments available in the "
+"following format:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:64
+msgid "probe $name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:67
+msgid "Description of probe point"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:70
+#, no-wrap
+msgid ""
+"variable1:datatype\n"
+"variable2:datatype\n"
+"variable3:datatype\n"
+"...\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:80
+msgid "Database Transaction Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:84
+msgid "probe sssd_transaction_start"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:87
+msgid ""
+"Start of a sysdb transaction, probes the sysdb_transaction_start() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118
+#: sssd-systemtap.5.xml:131
+#, no-wrap
+msgid ""
+"nesting:integer\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:97
+msgid "probe sssd_transaction_cancel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:100
+msgid ""
+"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel()  "
+"function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:111
+msgid "probe sssd_transaction_commit_before"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:114
+msgid "Probes the sysdb_transaction_commit_before()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:124
+msgid "probe sssd_transaction_commit_after"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:127
+msgid "Probes the sysdb_transaction_commit_after()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:141
+msgid "LDAP Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:145
+msgid "probe sdap_search_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:148
+msgid "Probes the sdap_get_generic_ext_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:152 sssd-systemtap.5.xml:167 sssd-systemtap.5.xml:196
+#, no-wrap
+msgid ""
+"base:string\n"
+"scope:integer\n"
+"filter:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:160
+msgid "probe sdap_search_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:163
+msgid "Probes the sdap_get_generic_ext_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:175
+msgid "probe sdap_deref_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:178
+msgid "Probes the sdap_deref_search_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:182
+#, no-wrap
+msgid ""
+"base_dn:string\n"
+"deref_attr:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:189
+msgid "probe sdap_deref_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:192
+msgid "Probes the sdap_deref_search_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:208
+msgid "LDAP Account Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:212
+msgid "probe sdap_acct_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:215
+msgid "Probes the sdap_acct_req_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:219 sssd-systemtap.5.xml:234
+#, no-wrap
+msgid ""
+"entry_type:int\n"
+"filter_type:int\n"
+"filter_value:string\n"
+"extra_value:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:227
+msgid "probe sdap_acct_req_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:230
+msgid "Probes the sdap_acct_req_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:246
+msgid "LDAP User Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:250
+msgid "probe sdap_search_user_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:253
+msgid "Probes the sdap_search_user_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
+#: sssd-systemtap.5.xml:293
+#, no-wrap
+msgid ""
+"filter:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:262
+msgid "probe sdap_search_user_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:265
+msgid "Probes the sdap_search_user_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:274
+msgid "probe sdap_search_user_save_begin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:277
+msgid "Probes the sdap_search_user_save_begin()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:286
+msgid "probe sdap_search_user_save_end"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:289
+msgid "Probes the sdap_search_user_save_end()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:302
+msgid "Data Provider Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:306
+msgid "probe dp_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:309
+msgid "A Data Provider request is submitted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:312
+#, no-wrap
+msgid ""
+"dp_req_domain:string\n"
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:320
+msgid "probe dp_req_done"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:323
+msgid "A Data Provider request is completed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:326
+#, no-wrap
+msgid ""
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"dp_ret:int\n"
+"dp_errorstr:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:339
+msgid "MISCELLANEOUS FUNCTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:346
+msgid "function acct_req_desc(entry_type)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:349
+msgid "Convert entry_type to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:354
+msgid ""
+"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
+"filter_value, extra_value)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:358
+msgid "Create probe string based on filter type"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:363
+msgid "function dp_target_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:366
+msgid "Convert target to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:371
+msgid "function dp_method_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:374
+msgid "Convert method to string and return string"
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
 msgid "SERVICE DISCOVERY"
@@ -13354,6 +14124,67 @@ msgid ""
 "offline mode, and then attempts to reconnect every 30 seconds."
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:53
+msgid "Failover time outs and tuning"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:55
+msgid ""
+"Resolving a server to connect to can be as simple as running a single DNS "
+"query or can involve several steps, such as finding the correct site or "
+"trying out multiple host names in case some of the configured servers are "
+"not reachable. The more complex scenarios can take some time and SSSD needs "
+"to balance between providing enough time to finish the resolution process "
+"but on the other hand, not trying for too long before falling back to "
+"offline mode. If the SSSD debug logs show that the server resolution is "
+"timing out before a live server is contacted, you can consider changing the "
+"time outs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:76
+msgid "dns_resolver_op_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:80
+msgid "How long would SSSD talk to a single DNS server."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:86
+msgid "dns_resolver_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:90
+msgid ""
+"How long would SSSD try to resolve a failover service. This service "
+"resolution internally might include several steps, such as resolving DNS SRV "
+"queries or locating the site."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:67
+msgid ""
+"This section lists the available tunables. Please refer to their description "
+"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, manual page.  <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:100
+msgid ""
+"For LDAP-based providers, the resolve operation is performed as part of an "
+"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"quote> timeout should be set to a larger value than "
+"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
+"value than <quote>dns_resolver_op_timeout</quote>."
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/ldap_id_mapping.xml:2
 msgid "ID MAPPING"
@@ -13933,34 +14764,37 @@ msgid ""
 "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> "
 "<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+"citerefentry>, </phrase> <citerefentry> <refentrytitle>sssd-session-"
+"recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, "
+"<citerefentry> <refentrytitle>sss_cache</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
-"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
+"\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
 "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>.  <citerefentry> "
 "<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
+"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
+"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> </phrase>"
 msgstr ""
 
 #. type: Content of: <listitem><para>
@@ -14251,47 +15085,37 @@ msgstr ""
 msgid "ldap_user_auth_type = ipaUserAuthType"
 msgstr ""
 
-#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:88
-msgid "ldap_user_certificate = userCertificate;binary"
-msgstr ""
-
 #. type: Content of: <refsect1><refsect2><title>
-#: include/ipa_modified_defaults.xml:94
+#: include/ipa_modified_defaults.xml:89
 msgid "LDAP Provider - Group options"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:98
+#: include/ipa_modified_defaults.xml:93
 msgid "ldap_group_object_class = ipaUserGroup"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:103
+#: include/ipa_modified_defaults.xml:98
 msgid "ldap_group_object_class_alt = posixGroup"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:108
+#: include/ipa_modified_defaults.xml:103
 msgid "ldap_group_member = member"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:113
+#: include/ipa_modified_defaults.xml:108
 msgid "ldap_group_uuid = ipaUniqueID"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:118
+#: include/ipa_modified_defaults.xml:113
 msgid "ldap_group_objectsid = ipaNTSecurityIdentifier"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:123
+#: include/ipa_modified_defaults.xml:118
 msgid "ldap_group_external_member = ipaExternalMember"
 msgstr ""
-
-#~ msgid ""
-#~ "Comma separated list of services that are started when sssd itself starts."
-#~ msgstr ""
-#~ "Kommagescheiden lijst van diensten die gestart worden als sssd zelf start."
diff --git a/src/man/po/pt.po b/src/man/po/pt.po
index 3b342d2af..ef9bfdba6 100644
--- a/src/man/po/pt.po
+++ b/src/man/po/pt.po
@@ -6,9 +6,9 @@
 # Miguel Sousa <migueljorgesousa@sapo.pt>, 2011
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.12.90\n"
+"Project-Id-Version: sssd-docs 1.15.3\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2017-07-25 11:51+0200\n"
+"POT-Creation-Date: 2017-10-20 16:15+0200\n"
 "PO-Revision-Date: 2014-12-15 12:05-0500\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/"
@@ -30,7 +30,8 @@ msgstr ""
 #: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
 #: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
 #: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5
-#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-kcm.8.xml:5
+#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-session-recording.5.xml:5
+#: sssd-kcm.8.xml:5 sssd-systemtap.5.xml:5
 msgid "SSSD Manual pages"
 msgstr "Páginas de Manual de SSSD"
 
@@ -75,7 +76,8 @@ msgstr ""
 #: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31
 #: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
 #: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30
-#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-kcm.8.xml:21
+#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-session-recording.5.xml:21
+#: sssd-kcm.8.xml:21 sssd-systemtap.5.xml:21
 msgid "DESCRIPTION"
 msgstr "DESCRIÇÃO"
 
@@ -92,8 +94,8 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "Opções"
 
@@ -144,7 +146,8 @@ msgstr "sssd.conf"
 #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
 #: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11
 #: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
-#: sssd-files.5.xml:11 sssd-secrets.5.xml:11
+#: sssd-files.5.xml:11 sssd-secrets.5.xml:11 sssd-session-recording.5.xml:11
+#: sssd-systemtap.5.xml:11
 msgid "5"
 msgstr "5"
 
@@ -152,7 +155,8 @@ msgstr "5"
 #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
 #: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12
 #: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
-#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-kcm.8.xml:12
+#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-session-recording.5.xml:12
+#: sssd-kcm.8.xml:12 sssd-systemtap.5.xml:12
 msgid "File Formats and Conventions"
 msgstr "Formatos de ficheiros e convenções"
 
@@ -284,10 +288,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:112
-#, fuzzy
-#| msgid "timeout (integer)"
 msgid "debug (integer)"
-msgstr "timeout (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:115
@@ -311,11 +313,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:813
-#: sssd.conf.5.xml:1422 sssd-ldap.5.xml:1695 sssd-ldap.5.xml:1792
-#: sssd-ldap.5.xml:1854 sssd-ldap.5.xml:2411 sssd-ldap.5.xml:2476
-#: sssd-ldap.5.xml:2494 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:284 sssd-secrets.5.xml:297
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
+#: sssd.conf.5.xml:1467 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1881 sssd-ldap.5.xml:2447 sssd-ldap.5.xml:2512
+#: sssd-ldap.5.xml:2530 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
+#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr ""
 
@@ -332,17 +334,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:697
-#: sssd.conf.5.xml:1376 sssd.conf.5.xml:2691 sssd-ldap.5.xml:708
-#: sssd-ldap.5.xml:1569 sssd-ldap.5.xml:1588 sssd-ldap.5.xml:1764
-#: sssd-ldap.5.xml:2181 sssd-ipa.5.xml:144 sssd-ipa.5.xml:231
-#: sssd-ipa.5.xml:496 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
+#: sssd.conf.5.xml:1400 sssd.conf.5.xml:2865 sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:1596 sssd-ldap.5.xml:1615 sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:2217 sssd-ipa.5.xml:145 sssd-ipa.5.xml:232
+#: sssd-ipa.5.xml:540 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
 #: sssd-krb5.5.xml:471
 msgid "Default: false"
 msgstr "Padrão: false"
 
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2219
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2255
+#: sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:210
+#: sssd-systemtap.5.xml:248 sssd-systemtap.5.xml:304
 msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
@@ -365,8 +369,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1328 sssd.conf.5.xml:2707
-#: sssd-ldap.5.xml:1440 include/ldap_id_mapping.xml:264
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1352 sssd.conf.5.xml:2881
+#: sssd-ldap.5.xml:1467 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr "Padrão: 10"
 
@@ -381,7 +385,7 @@ msgid "The [sssd] section"
 msgstr "A seção [SSSD]"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:2796
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:2970
 msgid "Section parameters"
 msgstr "Parâmetros de secção"
 
@@ -431,12 +435,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:589
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
 msgid "reconnection_retries (integer)"
 msgstr "reconnection_retries (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:592
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
@@ -445,7 +449,7 @@ msgstr ""
 "falha do provedor de dados ou reiniciar antes de eles desistirem"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:597
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
 msgid "Default: 3"
 msgstr "Padrão: 3"
 
@@ -465,7 +469,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2508
 msgid "re_expression (string)"
 msgstr "re_expression (string)"
 
@@ -485,12 +489,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2391
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2559
 msgid "full_name_format (string)"
 msgstr "full_name_format (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2394
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2562
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -498,39 +502,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2405
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2573
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2574
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2577
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2412
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2580
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2418
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2586
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2421
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2589
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2402
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2570
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -654,11 +658,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1132 sssd-ldap.5.xml:679
-#: sssd-ldap.5.xml:1528 sssd-ldap.5.xml:1540 sssd-ldap.5.xml:1622
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1156 sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:1555 sssd-ldap.5.xml:1567 sssd-ldap.5.xml:1649
 #: sssd-ad.5.xml:667 sssd-ad.5.xml:742 sssd-krb5.5.xml:410 sssd-krb5.5.xml:556
-#: sssd-secrets.5.xml:272 sssd-secrets.5.xml:310 sssd-secrets.5.xml:323
-#: sssd-secrets.5.xml:337 sssd-secrets.5.xml:348
+#: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
+#: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415
 #: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
 msgid "Default: not set"
 msgstr ""
@@ -694,10 +698,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:448
-#, fuzzy
-#| msgid "re_expression (string)"
 msgid "certificate_verification (string)"
-msgstr "re_expression (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:456
@@ -776,17 +778,13 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:507
-#, fuzzy
-#| msgid "Default: not set, i.e. the TGT is not renewable"
 msgid "Default: not set, i.e. do not restrict certificate verification"
-msgstr "Padrão: não definido, ou seja, o TGT não é renovável"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:513
-#, fuzzy
-#| msgid "ldap_sasl_canonicalize (boolean)"
 msgid "disable_netlink (boolean)"
-msgstr "ldap_sasl_canonicalize (boolean)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:516
@@ -835,8 +833,24 @@ msgid ""
 "be looked up in a random order for each parent domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:563
+msgid ""
+"Please, note that when this option is set the output format of all commands "
+"is always fully-qualified even when using short names for input.  In case "
+"the administrator wants the output not fully-qualified, the full_name_format "
+"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
+"However, keep in mind that during login, login applications often "
+"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
+"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
+"shortname is returned for a qualified input (while trying to reach a user "
+"which exists in multiple domains) might re-route the login attempt into the "
+"domain which users shortnames, making this workaround totally not "
+"recommended in cases where usernames may overlap between domains."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563 sssd.conf.5.xml:1340 sssd.conf.5.xml:2757
+#: sssd.conf.5.xml:587 sssd.conf.5.xml:1364 sssd.conf.5.xml:2931
 #: sssd-ad.5.xml:148 sssd-ad.5.xml:286 sssd-ad.5.xml:300
 msgid "Default: Not set"
 msgstr ""
@@ -853,12 +867,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:574
+#: sssd.conf.5.xml:598
 msgid "SERVICES SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:600
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -867,22 +881,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:607
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:609
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:626
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:605
+#: sssd.conf.5.xml:629
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -892,17 +906,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:614
+#: sssd.conf.5.xml:638
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:643
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:646
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -912,18 +926,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:631 sssd.conf.5.xml:663 sssd.conf.5.xml:944
-#: sssd.conf.5.xml:1198 sssd-ldap.5.xml:1267
+#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
+#: sssd.conf.5.xml:1222 sssd-ldap.5.xml:1294
 msgid "Default: 60"
 msgstr "Padrão: 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:660
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:663
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -931,24 +945,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:670
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:673
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:678
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:681
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -956,12 +970,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:692
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:695
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -973,58 +987,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685 sssd.conf.5.xml:956 sssd.conf.5.xml:1514
+#: sssd.conf.5.xml:709 sssd.conf.5.xml:980 sssd.conf.5.xml:1559
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr "Padrão: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:690
+#: sssd.conf.5.xml:714
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:717
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:729
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:731
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:712
+#: sssd.conf.5.xml:736
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715
+#: sssd.conf.5.xml:739
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:719
+#: sssd.conf.5.xml:743
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:748
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
+#: sssd.conf.5.xml:751
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1032,7 +1046,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:733
+#: sssd.conf.5.xml:757
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1042,7 +1056,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:767
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1051,17 +1065,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:775 sssd.conf.5.xml:1421
 msgid "Default: 50"
 msgstr "Padrão: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:780
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:783
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1069,36 +1083,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:765 sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:789 sssd.conf.5.xml:1445
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:770
-#, fuzzy
-#| msgid "ldap_network_timeout (integer)"
+#: sssd.conf.5.xml:794
 msgid "local_negative_timeout (integer)"
-msgstr "ldap_network_timeout (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:773
+#: sssd.conf.5.xml:797
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778 sssd.conf.5.xml:1186 sssd.conf.5.xml:2641 sssd.8.xml:79
+#: sssd.conf.5.xml:802 sssd.conf.5.xml:1210 sssd.conf.5.xml:2815 sssd.8.xml:79
 msgid "Default: 0"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:807
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:786
+#: sssd.conf.5.xml:810
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1107,7 +1119,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:817
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1116,41 +1128,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:801
+#: sssd.conf.5.xml:825
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:830
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:833
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:820
+#: sssd.conf.5.xml:844
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:847
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:852
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:834
+#: sssd.conf.5.xml:858
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1158,23 +1170,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1265 sssd.conf.5.xml:1284
+#: sssd.conf.5.xml:856 sssd.conf.5.xml:1289 sssd.conf.5.xml:1308
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:862
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:868
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:871
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1182,47 +1194,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:877
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:883
 msgid "allowed_shells (string)"
 msgstr "allowed_shells (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:886
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:889
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:869
+#: sssd.conf.5.xml:893
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:898
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:879
+#: sssd.conf.5.xml:903
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:906
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1230,105 +1242,105 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:913
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:892
+#: sssd.conf.5.xml:916
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:920
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:925
 msgid "vetoed_shells (string)"
 msgstr "vetoed_shells (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:904
+#: sssd.conf.5.xml:928
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:909
+#: sssd.conf.5.xml:933
 msgid "shell_fallback (string)"
 msgstr "shell_fallback (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:936
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:940
 msgid "Default: /bin/sh"
 msgstr "Padrão: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:945
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:948
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:954
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:937 sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:961 sssd.conf.5.xml:1215
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1218
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:973
 msgid "memcache_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:952
+#: sssd.conf.5.xml:976
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:983
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:967 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:991 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:994
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1339,98 +1351,96 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1007
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1012
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:993
-#, fuzzy
-#| msgid "skel_dir (string)"
+#: sssd.conf.5.xml:1017
 msgid "pwfield (string)"
-msgstr "skel_dir (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:996
+#: sssd.conf.5.xml:1020
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1025 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1004
+#: sssd.conf.5.xml:1028
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1012
+#: sssd.conf.5.xml:1036
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1038
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1043
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1022
+#: sssd.conf.5.xml:1046
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027 sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1051 sssd.conf.5.xml:1064
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1057
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1060
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1070
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1073
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1078
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1438,124 +1448,122 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1084 sssd.conf.5.xml:1182
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1090
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1093
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1098
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1101
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1104
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1108
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1111
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.8.xml:63
+#: sssd.conf.5.xml:1115 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Padrão: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
-#, fuzzy
-#| msgid "dns_resolver_timeout (integer)"
+#: sssd.conf.5.xml:1121
 msgid "pam_response_filter (integer)"
-msgstr "dns_resolver_timeout (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1124
 msgid ""
-"A comma separated list of strings which allows to remove (filter) data send "
+"A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
-"responses send to pam_sss e.g. messages displayed to the user or environment "
+"responses sent to pam_sss e.g. messages displayed to the user or environment "
 "variables which should be set by pam_sss."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1132
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1139
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1116
-msgid "Do not sent any environment variables to any service."
+#: sssd.conf.5.xml:1140
+msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1143
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
-msgid "Do not sent environment variable var_name to any service."
+#: sssd.conf.5.xml:1144
+msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1148
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1125
-msgid "Do not sent environment variable var_name to service."
+#: sssd.conf.5.xml:1149
+msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1137
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1159
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1165
 msgid "pam_id_timeout (integer)"
 msgstr "pam_id_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1168
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1563,7 +1571,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1174
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1572,17 +1580,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1188
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr "pam_pwd_expiration_warning (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1167 sssd.conf.5.xml:1866
+#: sssd.conf.5.xml:1191 sssd.conf.5.xml:2010
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1194
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1590,26 +1598,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1869
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2013
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1205
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1227
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1206
+#: sssd.conf.5.xml:1230
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1619,74 +1627,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1240
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1220
+#: sssd.conf.5.xml:1244
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1251
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1254
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1258
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1238
+#: sssd.conf.5.xml:1262
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1242
+#: sssd.conf.5.xml:1266
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1246 sssd.conf.5.xml:1271 sssd.conf.5.xml:1290
-#: sssd.conf.5.xml:1663 sssd.conf.5.xml:2577 sssd-ldap.5.xml:1823
+#: sssd.conf.5.xml:1270 sssd.conf.5.xml:1295 sssd.conf.5.xml:1314
+#: sssd.conf.5.xml:1807 sssd.conf.5.xml:2751 sssd-ldap.5.xml:1850
 msgid "Default: none"
 msgstr "Padrão: none"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1275
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1254
+#: sssd.conf.5.xml:1278
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1283
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:1291
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1694,19 +1702,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1276
+#: sssd.conf.5.xml:1300
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1303
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1310
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1714,14 +1722,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
-#, fuzzy
-#| msgid "enumerate (bool)"
+#: sssd.conf.5.xml:1319
 msgid "pam_cert_auth (bool)"
-msgstr "enumerate (bool)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1322
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1729,64 +1735,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1304 sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1078
-#: sssd-ldap.5.xml:1369 sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1896
+#: sssd.conf.5.xml:1328 sssd-ldap.5.xml:1078 sssd-ldap.5.xml:1105
+#: sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1417 sssd-ldap.5.xml:1923
 #: include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1309
-#, fuzzy
-#| msgid "ipa_hbac_search_base (string)"
+#: sssd.conf.5.xml:1333
 msgid "pam_cert_db_path (string)"
-msgstr "ipa_hbac_search_base (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1312
+#: sssd.conf.5.xml:1336
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1340
 msgid "Default: /etc/pki/nssdb (NSS version)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
-#, fuzzy
-#| msgid "pam_id_timeout (integer)"
+#: sssd.conf.5.xml:1345
 msgid "p11_child_timeout (integer)"
-msgstr "pam_id_timeout (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1348
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
-#, fuzzy
-#| msgid "ipa_hbac_search_base (string)"
+#: sssd.conf.5.xml:1357
 msgid "pam_app_services (string)"
-msgstr "ipa_hbac_search_base (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1360
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1349
+#: sssd.conf.5.xml:1373
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1351
+#: sssd.conf.5.xml:1375
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1797,34 +1797,51 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1392
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1371
+#: sssd.conf.5.xml:1395
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1407
+#, fuzzy
+#| msgid "ldap_opt_timeout (integer)"
+msgid "sudo_threshold (integer)"
+msgstr "ldap_opt_timeout (integer)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1410
+msgid ""
+"Maximum number of expired rules that can be refreshed at once. If number of "
+"expired rules is below threshold, those rules are refreshed with "
+"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
+"<quote>full refresh</quote> of sudo rules is triggered instead. This "
+"threshold number also applies to IPA sudo command and command group searches."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1429
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1431
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1390
+#: sssd.conf.5.xml:1435
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1393
+#: sssd.conf.5.xml:1438
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1832,72 +1849,68 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1409
+#: sssd.conf.5.xml:1454
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1411
+#: sssd.conf.5.xml:1456
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1415
+#: sssd.conf.5.xml:1460
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1463
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1427
+#: sssd.conf.5.xml:1472
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430
+#: sssd.conf.5.xml:1475
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1434
+#: sssd.conf.5.xml:1479
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1439
-#, fuzzy
-#| msgid "mail_dir (string)"
+#: sssd.conf.5.xml:1484
 msgid "ca_db (string)"
-msgstr "mail_dir (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1487
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1447
-#, fuzzy
-#| msgid "Default: /etc/krb5.keytab"
+#: sssd.conf.5.xml:1492
 msgid "Default: /etc/pki/nssdb"
-msgstr "Padrão: /etc/krb5.keytab"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1455
+#: sssd.conf.5.xml:1500
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1457
+#: sssd.conf.5.xml:1502
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1908,7 +1921,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1466
+#: sssd.conf.5.xml:1511
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1919,24 +1932,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1519
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1525
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1484 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1529 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1487
+#: sssd.conf.5.xml:1532
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1944,12 +1957,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1538
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1497
+#: sssd.conf.5.xml:1542
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -1958,33 +1971,160 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
-#, fuzzy
-#| msgid "pam_id_timeout (integer)"
+#: sssd.conf.5.xml:1551
 msgid "pac_lifetime (integer)"
-msgstr "pam_id_timeout (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1554
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1567
+msgid "Session recording configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1569
+msgid ""
+"Session recording works in conjunction with <citerefentry> "
+"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>, a part of tlog package, to log what users see and type when "
+"they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
+"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1582
+msgid "These options can be used to configure session recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1586 sssd-session-recording.5.xml:64
+#, fuzzy
+#| msgid "skel_dir (string)"
+msgid "scope (string)"
+msgstr "skel_dir (string)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:71
+msgid "\"none\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:74
+msgid "No users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1601 sssd-session-recording.5.xml:79
+msgid "\"some\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1604 sssd-session-recording.5.xml:82
+#, fuzzy
+#| msgid ""
+#| "Append this group to groups specified by the <replaceable>GROUPS</"
+#| "replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter "
+#| "is a comma separated list of group names."
+msgid ""
+"Users/groups specified by <replaceable>users</replaceable> and "
+"<replaceable>groups</replaceable> options are recorded."
+msgstr ""
+"Acrescente este grupo para grupos especificados pelo parâmetro de "
+"<replaceable>GROUPS</replaceable>.  O parâmetro de <replaceable>GROUPS</"
+"replaceable> é uma lista separada por vírgulas de nomes de grupo."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1613 sssd-session-recording.5.xml:91
+msgid "\"all\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1616 sssd-session-recording.5.xml:94
+msgid "All users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1589 sssd-session-recording.5.xml:67
+msgid ""
+"One of the following strings specifying the scope of session recording: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:101
+#, fuzzy
+#| msgid "Default: none"
+msgid "Default: \"none\""
+msgstr "Padrão: none"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1628 sssd-session-recording.5.xml:106
+#, fuzzy
+#| msgid "skel_dir (string)"
+msgid "users (string)"
+msgstr "skel_dir (string)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1631 sssd-session-recording.5.xml:109
+msgid ""
+"A comma-separated list of users which should have session recording enabled. "
+"Matches user names as returned by NSS. I.e. after the possible space "
+"replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1637 sssd-session-recording.5.xml:115
+#, fuzzy
+#| msgid "Default: empty, i.e. ldap_uri is used."
+msgid "Default: Empty. Matches no users."
+msgstr "Padrão: empty, ou seja, ldap_uri é usado."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1642 sssd-session-recording.5.xml:120
+#, fuzzy
+#| msgid "ldap_group_search_base (string)"
+msgid "groups (string)"
+msgstr "ldap_group_search_base (string)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1645 sssd-session-recording.5.xml:123
+msgid ""
+"A comma-separated list of groups, members of which should have session "
+"recording enabled. Matches group names as returned by NSS. I.e. after the "
+"possible space replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1651 sssd-session-recording.5.xml:129
+msgid ""
+"NOTE: using this option (having it set to anything) has a considerable "
+"performance cost, because each uncached request for a user requires "
+"retrieving and matching the groups the user is member of."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:136
+msgid "Default: Empty. Matches no groups."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1668
 msgid "DOMAIN SECTIONS"
 msgstr "SECÇÕES DE DOMÍNIO"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1531
-#, fuzzy
-#| msgid "ipa_domain (string)"
+#: sssd.conf.5.xml:1675
 msgid "domain_type (string)"
-msgstr "ipa_domain (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1534
+#: sssd.conf.5.xml:1678
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -1993,14 +2133,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1542
+#: sssd.conf.5.xml:1686
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546
+#: sssd.conf.5.xml:1690
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -2009,40 +2149,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1698
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1702
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1562
-#, fuzzy
-#| msgid "Default: host"
+#: sssd.conf.5.xml:1706
 msgid "Default: posix"
-msgstr "Padrão: host"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1568
+#: sssd.conf.5.xml:1712
 msgid "min_id,max_id (integer)"
 msgstr "min_id,max_id (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1715
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1720
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2051,46 +2189,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1727
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1731
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr "Padrão: 1 para min_id, 0 (sem limite) para max_id"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1737
 msgid "enumerate (bool)"
 msgstr "enumerate (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596
+#: sssd.conf.5.xml:1740
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1744
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603
+#: sssd.conf.5.xml:1747
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1821 sssd.conf.5.xml:1988
+#: sssd.conf.5.xml:1750 sssd.conf.5.xml:1965 sssd.conf.5.xml:2132
 msgid "Default: FALSE"
 msgstr "Padrão: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1609
+#: sssd.conf.5.xml:1753
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2102,14 +2240,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1766
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1771
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2118,39 +2256,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:1779
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1643
+#: sssd.conf.5.xml:1787
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1650
+#: sssd.conf.5.xml:1794
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1651
+#: sssd.conf.5.xml:1795
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1798
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1799
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1790
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2159,19 +2297,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1813
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672
+#: sssd.conf.5.xml:1816
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1820
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2182,151 +2320,151 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1689
+#: sssd.conf.5.xml:1833
 msgid "Default: 5400"
 msgstr "Padrão: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1695
+#: sssd.conf.5.xml:1839
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1698
+#: sssd.conf.5.xml:1842
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1702 sssd.conf.5.xml:1715 sssd.conf.5.xml:1728
-#: sssd.conf.5.xml:1741 sssd.conf.5.xml:1754 sssd.conf.5.xml:1768
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1846 sssd.conf.5.xml:1859 sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1885 sssd.conf.5.xml:1898 sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1926
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1708
+#: sssd.conf.5.xml:1852
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1711
+#: sssd.conf.5.xml:1855
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1721
+#: sssd.conf.5.xml:1865
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1868
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1878
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1881
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1891
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1750
+#: sssd.conf.5.xml:1894
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1760
+#: sssd.conf.5.xml:1904
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1763
+#: sssd.conf.5.xml:1907
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1774
+#: sssd.conf.5.xml:1918
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1921
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1932
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1791
+#: sssd.conf.5.xml:1935
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1796
+#: sssd.conf.5.xml:1940
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1944
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1804 sssd-ldap.5.xml:746 sssd-ipa.5.xml:247
+#: sssd.conf.5.xml:1948 sssd-ldap.5.xml:746 sssd-ipa.5.xml:248
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1810
+#: sssd.conf.5.xml:1954
 msgid "cache_credentials (bool)"
 msgstr "cache_credentials (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1957
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1961
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1827
+#: sssd.conf.5.xml:1971
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1830
+#: sssd.conf.5.xml:1974
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2334,24 +2472,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1981
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1986
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1992
 msgid "account_cache_expiration (integer)"
 msgstr "account_cache_expiration (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1995
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2360,17 +2498,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1858
+#: sssd.conf.5.xml:2002
 msgid "Default: 0 (unlimited)"
 msgstr "Padrão: 0 (ilimitado)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:2007
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1874
+#: sssd.conf.5.xml:2018
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2379,33 +2517,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1881
+#: sssd.conf.5.xml:2025
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:2031
 msgid "id_provider (string)"
 msgstr "id_provider (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2034
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1894
+#: sssd.conf.5.xml:2038
 msgid "<quote>proxy</quote>: Support a legacy NSS provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897 sssd.conf.5.xml:2034
+#: sssd.conf.5.xml:2041 sssd.conf.5.xml:2178
 msgid "<quote>local</quote>: SSSD internal provider for local users"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:2045
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2413,8 +2551,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1909 sssd.conf.5.xml:2014 sssd.conf.5.xml:2069
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2053 sssd.conf.5.xml:2158 sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2423,8 +2561,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1918 sssd.conf.5.xml:2023 sssd.conf.5.xml:2078
-#: sssd.conf.5.xml:2141
+#: sssd.conf.5.xml:2062 sssd.conf.5.xml:2167 sssd.conf.5.xml:2222
+#: sssd.conf.5.xml:2285
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2432,19 +2570,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2073
 msgid "use_fully_qualified_names (bool)"
 msgstr "use_fully_qualified_names (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:2076
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2081
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2453,7 +2591,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1945
+#: sssd.conf.5.xml:2089
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2461,22 +2599,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1952
+#: sssd.conf.5.xml:2096
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2102
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1961
+#: sssd.conf.5.xml:2105
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2108
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2488,7 +2626,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1982
+#: sssd.conf.5.xml:2126
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2496,19 +2634,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1993
+#: sssd.conf.5.xml:2137
 msgid "auth_provider (string)"
 msgstr "auth_provider (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1996
+#: sssd.conf.5.xml:2140
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000 sssd.conf.5.xml:2062
+#: sssd.conf.5.xml:2144 sssd.conf.5.xml:2206
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2516,7 +2654,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2007
+#: sssd.conf.5.xml:2151
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2524,30 +2662,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2175
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2182
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2041
+#: sssd.conf.5.xml:2185
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2191
 msgid "access_provider (string)"
 msgstr "access_provider (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2194
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2555,19 +2693,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
+#: sssd.conf.5.xml:2200
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059
+#: sssd.conf.5.xml:2203
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2086
+#: sssd.conf.5.xml:2230
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2576,7 +2714,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2093
+#: sssd.conf.5.xml:2237
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -2584,29 +2722,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2244
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2247
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2108
+#: sssd.conf.5.xml:2252
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2111
+#: sssd.conf.5.xml:2255
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2116
+#: sssd.conf.5.xml:2260
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2614,7 +2752,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2124
+#: sssd.conf.5.xml:2268
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2622,35 +2760,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2149
+#: sssd.conf.5.xml:2293
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2153
+#: sssd.conf.5.xml:2297
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2300
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2163
+#: sssd.conf.5.xml:2307
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2166
+#: sssd.conf.5.xml:2310
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2314
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2658,32 +2796,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2178
+#: sssd.conf.5.xml:2322
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2326
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2186
+#: sssd.conf.5.xml:2330
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189 sssd.conf.5.xml:2267 sssd.conf.5.xml:2308
-#: sssd.conf.5.xml:2333
+#: sssd.conf.5.xml:2333 sssd.conf.5.xml:2411 sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2501
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2337
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2694,12 +2832,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2210
+#: sssd.conf.5.xml:2354
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2357
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -2707,7 +2845,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2219
+#: sssd.conf.5.xml:2363
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2715,31 +2853,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2227
+#: sssd.conf.5.xml:2371
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2230
+#: sssd.conf.5.xml:2374
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2380
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2383
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2245
+#: sssd.conf.5.xml:2389
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2747,7 +2885,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2254
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2756,23 +2894,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2263
+#: sssd.conf.5.xml:2407
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2417
+#, fuzzy
+#| msgid "access_provider (string)"
+msgid "session_provider (string)"
+msgstr "access_provider (string)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2420
+msgid ""
+"The provider which configures and manages user session related tasks. The "
+"only user session task currently provided is the integration with Fleet "
+"Commander, which works only with IPA.  Supported session providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2427
+msgid "<quote>ipa</quote> to allow performing user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2431
+msgid ""
+"<quote>none</quote> does not perform any kind of user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2435
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can perform "
+"session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2442
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2445
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2449
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2780,7 +2951,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2288
+#: sssd.conf.5.xml:2456
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2788,7 +2959,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2296
+#: sssd.conf.5.xml:2464
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2796,24 +2967,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2305
+#: sssd.conf.5.xml:2473
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2483
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2486
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2322
+#: sssd.conf.5.xml:2490
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2821,12 +2992,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2330
+#: sssd.conf.5.xml:2498
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2343
+#: sssd.conf.5.xml:2511
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -2836,7 +3007,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2520
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2845,29 +3016,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2525
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2528
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2363
+#: sssd.conf.5.xml:2531
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2366
+#: sssd.conf.5.xml:2534
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2371
+#: sssd.conf.5.xml:2539
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2875,7 +3046,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2377
+#: sssd.conf.5.xml:2545
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2883,137 +3054,145 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2384
+#: sssd.conf.5.xml:2552
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2431
+#: sssd.conf.5.xml:2599
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "Default: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2437
+#: sssd.conf.5.xml:2605
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2440
+#: sssd.conf.5.xml:2608
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2444
+#: sssd.conf.5.xml:2612
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2447
+#: sssd.conf.5.xml:2615
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2450
+#: sssd.conf.5.xml:2618
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2621
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2456
+#: sssd.conf.5.xml:2624
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2459
+#: sssd.conf.5.xml:2627
 msgid "Default: ipv4_first"
 msgstr "Default: ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2633
 msgid "dns_resolver_timeout (integer)"
 msgstr "dns_resolver_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2468
+#: sssd.conf.5.xml:2636
 msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
+"Defines the amount of time (in seconds) to wait for a reply from the "
+"internal fail over service before assuming that the service is unreachable. "
+"If this timeout is reached, the domain will continue to operate in offline "
+"mode."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2474 sssd-ldap.5.xml:1251 sssd-ldap.5.xml:1293
-#: sssd-ldap.5.xml:1311 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2643
+msgid ""
+"Please see the section <quote>FAILOVER</quote> for more information about "
+"the service resolution."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2648 sssd-ldap.5.xml:1278 sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1338 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr "Padrão: 6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2654
 msgid "dns_discovery_domain (string)"
 msgstr "dns_discovery_domain (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2483
+#: sssd.conf.5.xml:2657
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2661
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2493
+#: sssd.conf.5.xml:2667
 msgid "override_gid (integer)"
 msgstr "override_gid (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2496
+#: sssd.conf.5.xml:2670
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2502
+#: sssd.conf.5.xml:2676
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2510
+#: sssd.conf.5.xml:2684
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2513
+#: sssd.conf.5.xml:2687
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2519
+#: sssd.conf.5.xml:2693
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2695
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2525
+#: sssd.conf.5.xml:2699
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2528
+#: sssd.conf.5.xml:2702
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -3021,7 +3200,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2505
+#: sssd.conf.5.xml:2679
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -3029,17 +3208,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2540
+#: sssd.conf.5.xml:2714
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2546
+#: sssd.conf.5.xml:2720
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2549
+#: sssd.conf.5.xml:2723
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3047,34 +3226,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2729
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2558
+#: sssd.conf.5.xml:2732
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2561 sssd-ldap.5.xml:1084
+#: sssd.conf.5.xml:2735 sssd-ldap.5.xml:1111
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2564
+#: sssd.conf.5.xml:2738
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2567
+#: sssd.conf.5.xml:2741
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2573
+#: sssd.conf.5.xml:2747
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3082,32 +3261,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2571 sssd-secrets.5.xml:381
+#: sssd.conf.5.xml:2745 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2580
+#: sssd.conf.5.xml:2754
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2587
+#: sssd.conf.5.xml:2761
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2772
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2599
+#: sssd.conf.5.xml:2773
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2764
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3117,36 +3296,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:2778
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:2782
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2613
+#: sssd.conf.5.xml:2787
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2616
+#: sssd.conf.5.xml:2790
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2622
-#, fuzzy
-#| msgid "krb5_auth_timeout (integer)"
+#: sssd.conf.5.xml:2796
 msgid "cached_auth_timeout (int)"
-msgstr "krb5_auth_timeout (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2625
+#: sssd.conf.5.xml:2799
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3154,12 +3331,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2805
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2635
+#: sssd.conf.5.xml:2809
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3167,7 +3344,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1670
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3175,29 +3352,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2653
+#: sssd.conf.5.xml:2827
 msgid "proxy_pam_target (string)"
 msgstr "proxy_pam_target (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2656
+#: sssd.conf.5.xml:2830
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2659
+#: sssd.conf.5.xml:2833
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2841
 msgid "proxy_lib_name (string)"
 msgstr "proxy_lib_name (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2670
+#: sssd.conf.5.xml:2844
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3205,12 +3382,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2680
+#: sssd.conf.5.xml:2854
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2683
+#: sssd.conf.5.xml:2857
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3219,14 +3396,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2697
-#, fuzzy
-#| msgid "min_id,max_id (integer)"
+#: sssd.conf.5.xml:2871
 msgid "proxy_max_children (integer)"
-msgstr "min_id,max_id (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2700
+#: sssd.conf.5.xml:2874
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3234,19 +3409,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2823
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2890
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2892
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3263,7 +3438,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2738
+#: sssd.conf.5.xml:2912
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3271,21 +3446,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2744
-#, fuzzy
-#| msgid "Section parameters"
+#: sssd.conf.5.xml:2918
 msgid "Application domain parameters"
-msgstr "Parâmetros de secção"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2746
-#, fuzzy
-#| msgid "full_name_format (string)"
+#: sssd.conf.5.xml:2920
 msgid "inherit_from (string)"
-msgstr "full_name_format (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2749
+#: sssd.conf.5.xml:2923
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3294,18 +3465,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2937
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
-"through the NSS responder. In addition, the application domains also "
-"requests the telephoneNumber attribute, stores it as the phone attribute in "
-"the cache and makes the phone attribute reachable through the D-Bus "
-"interface."
+"through the NSS responder. In addition, the application domain also requests "
+"the telephoneNumber attribute, stores it as the phone attribute in the cache "
+"and makes the phone attribute reachable through the D-Bus interface."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:2771
+#: sssd.conf.5.xml:2945
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3325,12 +3495,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2963
 msgid "The local domain section"
 msgstr "A secção de domínio local"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2791
+#: sssd.conf.5.xml:2965
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3338,73 +3508,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2798
+#: sssd.conf.5.xml:2972
 msgid "default_shell (string)"
 msgstr "default_shell (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2975
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2805
+#: sssd.conf.5.xml:2979
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr "Padrão: <filename>bash/bin/bash</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2810
+#: sssd.conf.5.xml:2984
 msgid "base_directory (string)"
 msgstr "base_directory (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2987
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2992
 msgid "Default: <filename>/home</filename>"
 msgstr "Padrão: <filename>/ home</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2823
+#: sssd.conf.5.xml:2997
 msgid "create_homedir (bool)"
 msgstr "create_homedir (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:3000
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830 sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:3004 sssd.conf.5.xml:3016
 msgid "Default: TRUE"
 msgstr "Padrão: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2835
+#: sssd.conf.5.xml:3009
 msgid "remove_homedir (bool)"
 msgstr "remove_homedir (bool)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2838
+#: sssd.conf.5.xml:3012
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2847
+#: sssd.conf.5.xml:3021
 msgid "homedir_umask (integer)"
 msgstr "homedir_umask (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2850
+#: sssd.conf.5.xml:3024
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3412,17 +3582,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2858
+#: sssd.conf.5.xml:3032
 msgid "Default: 077"
 msgstr "Padrão: 077"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:3037
 msgid "skel_dir (string)"
 msgstr "skel_dir (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2866
+#: sssd.conf.5.xml:3040
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3431,17 +3601,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2876
+#: sssd.conf.5.xml:3050
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr "Padrão: <filename>skel/etc/skel</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2881
+#: sssd.conf.5.xml:3055
 msgid "mail_dir (string)"
 msgstr "mail_dir (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2884
+#: sssd.conf.5.xml:3058
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3449,17 +3619,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2891
+#: sssd.conf.5.xml:3065
 msgid "Default: <filename>/var/mail</filename>"
 msgstr "Padrão: <filename>mail/var/mail</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:3070
 msgid "userdel_cmd (string)"
 msgstr "userdel_cmd (string)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2899
+#: sssd.conf.5.xml:3073
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3467,100 +3637,85 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2905
+#: sssd.conf.5.xml:3079
 msgid "Default: None, no command is run"
 msgstr "Padrão: None, nenhum comando é executado"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2915
-#, fuzzy
-#| msgid "DOMAIN SECTIONS"
+#: sssd.conf.5.xml:3089
 msgid "TRUSTED DOMAIN SECTION"
-msgstr "SECÇÕES DE DOMÍNIO"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:3091
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
 "<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
-"replaceable>]</quote>.  Currently supported options in the trusted domain "
-"section are:"
+"replaceable>]</quote>.  Where DOMAIN_NAME is the actual joined-to base "
+"domain. Please refer to examples below for explanation.  Currently supported "
+"options in the trusted domain section are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2922
-#, fuzzy
-#| msgid "ldap_search_base (string)"
+#: sssd.conf.5.xml:3098
 msgid "ldap_search_base,"
-msgstr "ldap_search_base (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2923
-#, fuzzy
-#| msgid "ldap_user_search_base (string)"
+#: sssd.conf.5.xml:3099
 msgid "ldap_user_search_base,"
-msgstr "ldap_user_search_base (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2924
-#, fuzzy
-#| msgid "ldap_group_search_base (string)"
+#: sssd.conf.5.xml:3100
 msgid "ldap_group_search_base,"
-msgstr "ldap_group_search_base (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2925
-#, fuzzy
-#| msgid "ldap_netgroup_search_base (string)"
+#: sssd.conf.5.xml:3101
 msgid "ldap_netgroup_search_base,"
-msgstr "ldap_netgroup_search_base (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2926
-#, fuzzy
-#| msgid "ldap_user_search_base (string)"
+#: sssd.conf.5.xml:3102
 msgid "ldap_service_search_base,"
-msgstr "ldap_user_search_base (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2927
+#: sssd.conf.5.xml:3103
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2928
+#: sssd.conf.5.xml:3104
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2929
+#: sssd.conf.5.xml:3105
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2930
-#, fuzzy
-#| msgid "use_fully_qualified_names (bool)"
+#: sssd.conf.5.xml:3106
 msgid "use_fully_qualified_names"
-msgstr "use_fully_qualified_names (bool)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2932
+#: sssd.conf.5.xml:3108
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2938 sssd-ldap.5.xml:2662 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:673 sssd-ad.5.xml:1018 sssd-krb5.5.xml:570
-#: sss_rpcidmapd.5.xml:98 sssd-files.5.xml:71
-msgid "EXAMPLE"
-msgstr "EXEMPLO"
+#: sssd.conf.5.xml:3114 idmap_sss.8.xml:43
+msgid "EXAMPLES"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2944
+#: sssd.conf.5.xml:3120
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3614,14 +3769,33 @@ msgstr ""
 "enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2940
+#: sssd.conf.5.xml:3116
 msgid ""
-"The following example shows a typical SSSD config. It does not describe "
+"1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 "id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:3153
+#, no-wrap
+msgid ""
+"[domain/ipa.com/child.ad.com]\n"
+"use_fully_qualified_names = false\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3147
+msgid ""
+"2. The following example shows configuration of IPA AD trust where the AD "
+"forest consists of two domains in a parent-child structure.  Suppose IPA "
+"domain (ipa.com) has trust with AD domain(ad.com).  ad.com has child domain "
+"(child.ad.com). To enable shortnames in the child domain the following "
+"configuration should be used.  <placeholder type=\"programlisting\" id=\"0\"/"
+">"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
 msgid "sssd-ldap"
@@ -3662,7 +3836,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:75 sssd-ad.5.xml:99
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
-#: sssd-secrets.5.xml:94 sssd-kcm.8.xml:141
+#: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
 msgstr "OPÇÕES DE CONFIGURAÇÃO"
 
@@ -3682,7 +3856,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:197
+#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:264
 msgid "The format of the URI must match the format defined in RFC 2732:"
 msgstr ""
 
@@ -3966,16 +4140,14 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:893
+#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:920
 msgid "Default: gidNumber"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:303
-#, fuzzy
-#| msgid "ldap_user_principal (string)"
 msgid "ldap_user_primary_group (string)"
-msgstr "ldap_user_principal (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:306
@@ -4046,7 +4218,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:919
+#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:946
 msgid ""
 "Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
 "IPA"
@@ -4065,7 +4237,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:961
 msgid "Default: objectSid for ActiveDirectory, not set for other servers."
 msgstr ""
 
@@ -4075,14 +4247,14 @@ msgid "ldap_user_modify_timestamp (string)"
 msgstr "ldap_user_modify_timestamp (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:944 sssd-ldap.5.xml:1167
+#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:971 sssd-ldap.5.xml:1194
 msgid ""
 "The LDAP attribute that contains timestamp of the last modification of the "
 "parent object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:948 sssd-ldap.5.xml:1174
+#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:975 sssd-ldap.5.xml:1201
 msgid "Default: modifyTimestamp"
 msgstr "Padrão: modifyTimestamp"
 
@@ -4477,8 +4649,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1199
-#: sssd-ldap.5.xml:2240 sssd-ipa.5.xml:544
+#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1152 sssd-ldap.5.xml:1226
+#: sssd-ldap.5.xml:2276 sssd-ipa.5.xml:588
 msgid "Default: cn"
 msgstr "Padrão: NC"
 
@@ -4565,134 +4737,169 @@ msgstr "Padrão: host"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:833
-msgid "ldap_user_certificate (string)"
-msgstr ""
+#, fuzzy
+#| msgid "ldap_user_authorized_host (string)"
+msgid "ldap_user_authorized_rhost (string)"
+msgstr "ldap_user_authorized_host (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:836
-msgid "Name of the LDAP attribute containing the X509 certificate of the user."
+msgid ""
+"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
+"presence of the rhost attribute in the user's LDAP entry to determine access "
+"privilege. Similarly to host verification process."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:843
+msgid ""
+"An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
+"explicit allow (rhost) and finally for allow_all (*)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:840
-msgid "Default: no set in the general case, userCertificate;binary for IPA"
+#: sssd-ldap.5.xml:848
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>rhost</quote> in order for the "
+"ldap_user_authorized_rhost option to work."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:855
+#, fuzzy
+#| msgid "Default: host"
+msgid "Default: rhost"
+msgstr "Padrão: host"
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:847
+#: sssd-ldap.5.xml:861
+msgid "ldap_user_certificate (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "Name of the LDAP attribute containing the X509 certificate of the user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:868
 #, fuzzy
-#| msgid "ldap_user_shell (string)"
+#| msgid "Default: filter"
+msgid "Default: userCertificate;binary"
+msgstr "Padrão: filter"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:874
 msgid "ldap_user_email (string)"
-msgstr "ldap_user_shell (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:850
+#: sssd-ldap.5.xml:877
 msgid "Name of the LDAP attribute containing the email address of the user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-#, fuzzy
-#| msgid "Default: false"
+#: sssd-ldap.5.xml:881
 msgid "Default: mail"
-msgstr "Padrão: false"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:860
+#: sssd-ldap.5.xml:887
 msgid "ldap_group_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:890
 msgid "The object class of a group entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:893
 msgid "Default: posixGroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:872
+#: sssd-ldap.5.xml:899
 msgid "ldap_group_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:875
+#: sssd-ldap.5.xml:902
 msgid "The LDAP attribute that corresponds to the group name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:879
+#: sssd-ldap.5.xml:906
 msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:886
+#: sssd-ldap.5.xml:913
 msgid "ldap_group_gid_number (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:916
 msgid "The LDAP attribute that corresponds to the group's id."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:926
 msgid "ldap_group_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:902
+#: sssd-ldap.5.xml:929
 msgid "The LDAP attribute that contains the names of the group's members."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:933
 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:939
 msgid "ldap_group_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:942
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:953
 msgid "ldap_group_objectsid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:929
+#: sssd-ldap.5.xml:956
 msgid ""
 "The LDAP attribute that contains the objectSID of an LDAP group object. This "
 "is usually only necessary for ActiveDirectory servers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:968
 msgid "ldap_group_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:981
 msgid "ldap_group_type (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:957
+#: sssd-ldap.5.xml:984
 msgid ""
 "The LDAP attribute that contains an integer value indicating the type of the "
 "group and maybe other flags."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:962
+#: sssd-ldap.5.xml:989
 msgid ""
 "This attribute is currently only used by the AD provider to determine if a "
 "group is a domain local groups and has to be filtered out for trusted "
@@ -4700,36 +4907,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:968
+#: sssd-ldap.5.xml:995
 msgid "Default: groupType in the AD provider, otherwise not set"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:975
-#, fuzzy
-#| msgid "ldap_group_search_base (string)"
+#: sssd-ldap.5.xml:1002
 msgid "ldap_group_external_member (string)"
-msgstr "ldap_group_search_base (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:978
+#: sssd-ldap.5.xml:1005
 msgid ""
 "The LDAP attribute that references group members that are defined in an "
 "external domain. At the moment, only IPA's external members are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:1011
 msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1018
 msgid "ldap_group_nesting_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1021
 msgid ""
 "If ldap_schema is set to a schema format that supports nested groups (e.g. "
 "RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -4737,7 +4942,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
+#: sssd-ldap.5.xml:1028
 msgid ""
 "Note: This option specifies the guaranteed level of nested groups to be "
 "processed for any lookup. However, nested groups beyond this limit "
@@ -4747,7 +4952,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1037
 msgid ""
 "If ldap_group_nesting_level is set to 0 then no nested groups are processed "
 "at all. However, when connected to Active-Directory Server 2008 and later "
@@ -4757,17 +4962,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1046
 msgid "Default: 2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1025
+#: sssd-ldap.5.xml:1052
 msgid "ldap_groups_use_matching_rule_in_chain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1028
+#: sssd-ldap.5.xml:1055
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which may speed up group lookup operations on deployments with "
@@ -4775,14 +4980,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1034
+#: sssd-ldap.5.xml:1061
 msgid ""
 "In most common cases, it is best to leave this option disabled. It generally "
 "only provides a performance increase on very complex nestings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039 sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1093
 msgid ""
 "If this option is enabled, SSSD will use it if it detects that the server "
 "supports it during initial connection. So \"True\" here essentially means "
@@ -4790,7 +4995,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1072
+#: sssd-ldap.5.xml:1072 sssd-ldap.5.xml:1099
 msgid ""
 "Note: This feature is currently known to work only with Active Directory "
 "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4799,12 +5004,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1057
+#: sssd-ldap.5.xml:1084
 msgid "ldap_initgroups_use_matching_rule_in_chain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1087
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which might speed up initgroups operations (most notably when "
@@ -4812,168 +5017,168 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1114
 msgid ""
 "This options enables or disables use of Token-Groups attribute when "
 "performing initgroup for users from Active Directory Server 2008 and later."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1092
+#: sssd-ldap.5.xml:1119
 msgid "Default: True for AD and IPA otherwise False."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1125
 msgid "ldap_netgroup_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1101
+#: sssd-ldap.5.xml:1128
 msgid "The object class of a netgroup entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1104
+#: sssd-ldap.5.xml:1131
 msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1108
+#: sssd-ldap.5.xml:1135
 msgid "Default: nisNetgroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1114
+#: sssd-ldap.5.xml:1141
 msgid "ldap_netgroup_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1117
+#: sssd-ldap.5.xml:1144
 msgid "The LDAP attribute that corresponds to the netgroup name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1121
+#: sssd-ldap.5.xml:1148
 msgid "In IPA provider, ipa_netgroup_name should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1131
+#: sssd-ldap.5.xml:1158
 msgid "ldap_netgroup_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1134
+#: sssd-ldap.5.xml:1161
 msgid "The LDAP attribute that contains the names of the netgroup's members."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1165
 msgid "In IPA provider, ipa_netgroup_member should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1142
+#: sssd-ldap.5.xml:1169
 msgid "Default: memberNisNetgroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1175
 msgid "ldap_netgroup_triple (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1178
 msgid ""
 "The LDAP attribute that contains the (host, user, domain) netgroup triples."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1155 sssd-ldap.5.xml:1171
+#: sssd-ldap.5.xml:1182 sssd-ldap.5.xml:1198
 msgid "This option is not available in IPA provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1158
+#: sssd-ldap.5.xml:1185
 msgid "Default: nisNetgroupTriple"
 msgstr "Padrão: nisNetgroupTriple"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1191
 msgid "ldap_netgroup_modify_timestamp (string)"
 msgstr "ldap_netgroup_modify_timestamp (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1207
 msgid "ldap_service_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1210
 msgid "The object class of a service entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1186
+#: sssd-ldap.5.xml:1213
 msgid "Default: ipService"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1192
+#: sssd-ldap.5.xml:1219
 msgid "ldap_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1195
+#: sssd-ldap.5.xml:1222
 msgid ""
 "The LDAP attribute that contains the name of service attributes and their "
 "aliases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1205
+#: sssd-ldap.5.xml:1232
 msgid "ldap_service_port (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1235
 msgid "The LDAP attribute that contains the port managed by this service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1239
 msgid "Default: ipServicePort"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1245
 msgid "ldap_service_proto (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1248
 msgid ""
 "The LDAP attribute that contains the protocols understood by this service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1252
 msgid "Default: ipServiceProtocol"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1231
+#: sssd-ldap.5.xml:1258
 msgid "ldap_service_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1236
+#: sssd-ldap.5.xml:1263
 msgid "ldap_search_timeout (integer)"
 msgstr "ldap_search_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1266
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches are allowed to run "
 "before they are cancelled and cached results are returned (and offline mode "
@@ -4981,7 +5186,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1245
+#: sssd-ldap.5.xml:1272
 msgid ""
 "Note: this option is subject to change in future versions of the SSSD. It "
 "will likely be replaced at some point by a series of timeouts for specific "
@@ -4989,12 +5194,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1257
+#: sssd-ldap.5.xml:1284
 msgid "ldap_enumeration_search_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1260
+#: sssd-ldap.5.xml:1287
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches for user and group "
 "enumerations are allowed to run before they are cancelled and cached results "
@@ -5002,12 +5207,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1273
+#: sssd-ldap.5.xml:1300
 msgid "ldap_network_timeout (integer)"
 msgstr "ldap_network_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1303
 msgid ""
 "Specifies the timeout (in seconds) after which the <citerefentry> "
 "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -5018,12 +5223,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1326
 msgid "ldap_opt_timeout (integer)"
 msgstr "ldap_opt_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1329
 msgid ""
 "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
 "will abort if no response is received. Also controls the timeout when "
@@ -5032,12 +5237,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1344
 msgid "ldap_connection_expire_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1347
 msgid ""
 "Specifies a timeout (in seconds) that a connection to an LDAP server will be "
 "maintained. After this time, the connection will be re-established. If used "
@@ -5046,34 +5251,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1328 sssd-ldap.5.xml:2397
+#: sssd-ldap.5.xml:1355 sssd-ldap.5.xml:2433
 msgid "Default: 900 (15 minutes)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1361
 msgid "ldap_page_size (integer)"
 msgstr "ldap_page_size (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1364
 msgid ""
 "Specify the number of records to retrieve from LDAP in a single request. "
 "Some LDAP servers enforce a maximum limit per-request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1342
+#: sssd-ldap.5.xml:1369
 msgid "Default: 1000"
 msgstr "Padrão: 1000"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1375
 msgid "ldap_disable_paging (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1378
 msgid ""
 "Disable the LDAP paging control. This option should be used if the LDAP "
 "server reports that it supports the LDAP paging control in its RootDSE but "
@@ -5081,14 +5286,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1384
 msgid ""
 "Example: OpenLDAP servers with the paging control module installed on the "
 "server but not enabled will report it in the RootDSE but be unable to use it."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1363
+#: sssd-ldap.5.xml:1390
 msgid ""
 "Example: 389 DS has a bug where it can only support a one paging control at "
 "a time on a single connection. On busy clients, this can result in some "
@@ -5096,17 +5301,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1375
+#: sssd-ldap.5.xml:1402
 msgid "ldap_disable_range_retrieval (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1378
+#: sssd-ldap.5.xml:1405
 msgid "Disable Active Directory range retrieval."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1381
+#: sssd-ldap.5.xml:1408
 msgid ""
 "Active Directory limits the number of members to be retrieved in a single "
 "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -5116,12 +5321,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1396
+#: sssd-ldap.5.xml:1423
 msgid "ldap_sasl_minssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1426
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -5129,17 +5334,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1432
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1439
 msgid "ldap_deref_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1415
+#: sssd-ldap.5.xml:1442
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -5147,13 +5352,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1448
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1452
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -5162,7 +5367,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1433
+#: sssd-ldap.5.xml:1460
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -5170,19 +5375,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1473
 msgid "ldap_tls_reqcert (string)"
 msgstr "ldap_tls_reqcert (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1449
+#: sssd-ldap.5.xml:1476
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1482
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
@@ -5191,7 +5396,7 @@ msgstr ""
 "qualquer certificado de servidor."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1486
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5199,7 +5404,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466
+#: sssd-ldap.5.xml:1493
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5207,7 +5412,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1472
+#: sssd-ldap.5.xml:1499
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -5215,41 +5420,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1478
+#: sssd-ldap.5.xml:1505
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1509
 msgid "Default: hard"
 msgstr "Padrão: hard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1515
 msgid "ldap_tls_cacert (string)"
 msgstr "ldap_tls_cacert (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1518
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1496 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1523 sssd-ldap.5.xml:1541 sssd-ldap.5.xml:1582
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1530
 msgid "ldap_tls_cacertdir (string)"
 msgstr "ldap_tls_cacertdir (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1533
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -5258,32 +5463,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1548
 msgid "ldap_tls_cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1524
+#: sssd-ldap.5.xml:1551
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1534
+#: sssd-ldap.5.xml:1561
 msgid "ldap_tls_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1564
 msgid "Specifies the file that contains the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1573
 msgid "ldap_tls_cipher_suite (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1576
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -5291,24 +5496,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1589
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr "ldap_id_use_start_tls (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1565
+#: sssd-ldap.5.xml:1592
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem class="
 "\"protocol\">tls</systemitem> to protect the channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1602
 msgid "ldap_id_mapping (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1605
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -5316,19 +5521,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1584
+#: sssd-ldap.5.xml:1611
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1594
-#, fuzzy
-#| msgid "min_id,max_id (integer)"
+#: sssd-ldap.5.xml:1621
 msgid "ldap_min_id, ldap_max_id (integer)"
-msgstr "min_id,max_id (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1624
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -5339,29 +5542,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1636
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1642
 msgid "ldap_sasl_mech (string)"
 msgstr "ldap_sasl_mech (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1645
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
 "supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1655
 msgid "ldap_sasl_authid (string)"
 msgstr "ldap_sasl_authid (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1658
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI is used, this "
 "represents the Kerberos principal used for authentication to the directory.  "
@@ -5370,17 +5573,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1666
 msgid "Default: host/hostname@REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1672
 msgid "ldap_sasl_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1648
+#: sssd-ldap.5.xml:1675
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -5388,50 +5591,50 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1681
 msgid "Default: the value of krb5_realm."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1687
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr "ldap_sasl_canonicalize (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1663
+#: sssd-ldap.5.xml:1690
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1668
+#: sssd-ldap.5.xml:1695
 msgid "Default: false;"
 msgstr "Padrão: false;"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1701
 msgid "ldap_krb5_keytab (string)"
 msgstr "ldap_krb5_keytab (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1677
+#: sssd-ldap.5.xml:1704
 msgid "Specify the keytab to use when using SASL/GSSAPI."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1680
+#: sssd-ldap.5.xml:1707
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 "Padrão: Sistema keytab, normalmente <filename>/etc/krb5.keytab</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1686
+#: sssd-ldap.5.xml:1713
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr "ldap_krb5_init_creds (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1689
+#: sssd-ldap.5.xml:1716
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -5439,27 +5642,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1728
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr "ldap_krb5_ticket_lifetime (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1704
+#: sssd-ldap.5.xml:1731
 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1708 sssd-ad.5.xml:914
+#: sssd-ldap.5.xml:1735 sssd-ad.5.xml:914
 msgid "Default: 86400 (24 hours)"
 msgstr "Padrão: 86400 (24 horas)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1714 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1741 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1717
+#: sssd-ldap.5.xml:1744
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -5471,7 +5674,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1756 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -5479,7 +5682,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1761 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -5487,39 +5690,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1743 sssd-ipa.5.xml:418 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1770 sssd-ipa.5.xml:432 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr "krb5_realm (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1746
+#: sssd-ldap.5.xml:1773
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1749
+#: sssd-ldap.5.xml:1776
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1755 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1782 sssd-krb5.5.xml:462
 msgid "krb5_canonicalize (boolean)"
 msgstr "krb5_canonicalize (boolean)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1785
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1770 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1797 sssd-krb5.5.xml:477
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1773 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1800 sssd-krb5.5.xml:480
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -5529,7 +5732,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1811 sssd-krb5.5.xml:491
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -5537,26 +5740,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1825
 msgid "ldap_pwd_policy (string)"
 msgstr "ldap_pwd_policy (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1828
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1806
+#: sssd-ldap.5.xml:1833
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1811
+#: sssd-ldap.5.xml:1838
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -5564,7 +5767,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1817
+#: sssd-ldap.5.xml:1844
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5572,31 +5775,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1826
+#: sssd-ldap.5.xml:1853
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1861
 msgid "ldap_referrals (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1864
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1868
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1873
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5605,56 +5808,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1887
 msgid "ldap_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1890
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1894
 msgid "Default: ldap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1900
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1876
+#: sssd-ldap.5.xml:1903
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1881
+#: sssd-ldap.5.xml:1908
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1887
+#: sssd-ldap.5.xml:1914
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1890
+#: sssd-ldap.5.xml:1917
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1902
+#: sssd-ldap.5.xml:1929
 msgid "ldap_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1932
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -5670,12 +5873,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1952
 msgid "Example:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1928
+#: sssd-ldap.5.xml:1955
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -5684,14 +5887,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1959
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1964
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -5700,24 +5903,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1945 sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:1972 sssd-ldap.5.xml:2029
 msgid "Default: Empty"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1951
+#: sssd-ldap.5.xml:1978
 msgid "ldap_account_expire_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1981
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1958
+#: sssd-ldap.5.xml:1985
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5725,19 +5928,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1965
+#: sssd-ldap.5.xml:1992
 msgid "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1995
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1973
+#: sssd-ldap.5.xml:2000
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5746,7 +5949,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:2007
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5754,7 +5957,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1986
+#: sssd-ldap.5.xml:2013
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5763,7 +5966,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2022
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -5771,22 +5974,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2035
 msgid "ldap_access_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2011
+#: sssd-ldap.5.xml:2038
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2042
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2045
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5796,14 +5999,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2028
+#: sssd-ldap.5.xml:2055
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2062
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5816,12 +6019,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2052
+#: sssd-ldap.5.xml:2079
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2056
+#: sssd-ldap.5.xml:2083
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5831,7 +6034,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2093
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5841,49 +6044,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2101
 msgid ""
 "Note If user password is expired no explicit message is prompted by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2105
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2083
+#: sssd-ldap.5.xml:2110
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2115
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2092
+#: sssd-ldap.5.xml:2119
+msgid ""
+"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
+"remote host can access"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2123
+msgid ""
+"Please note, rhost field in pam is set by application, it is better to check "
+"what the application sends to pam, before enabling this access control option"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2128
 msgid "Default: filter"
 msgstr "Padrão: filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2095
+#: sssd-ldap.5.xml:2131
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2102
+#: sssd-ldap.5.xml:2138
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2105
+#: sssd-ldap.5.xml:2141
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -5892,74 +6109,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2113
+#: sssd-ldap.5.xml:2149
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2152
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2122
+#: sssd-ldap.5.xml:2158
 msgid "ldap_deref (string)"
 msgstr "ldap_deref (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2125
+#: sssd-ldap.5.xml:2161
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2130
+#: sssd-ldap.5.xml:2166
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2134
+#: sssd-ldap.5.xml:2170
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2139
+#: sssd-ldap.5.xml:2175
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2144
+#: sssd-ldap.5.xml:2180
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2149
+#: sssd-ldap.5.xml:2185
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2157
+#: sssd-ldap.5.xml:2193
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2196
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2200
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -5970,7 +6187,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2175
+#: sssd-ldap.5.xml:2211
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -5978,26 +6195,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2223 sssd-ifp.5.xml:136
 #, fuzzy
 #| msgid "ldap_opt_timeout (integer)"
-msgid "wildcart_limit (integer)"
+msgid "wildcard_limit (integer)"
 msgstr "ldap_opt_timeout (integer)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2226
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2194
+#: sssd-ldap.5.xml:2230
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2234
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
@@ -6012,12 +6229,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2244
 msgid "SUDO OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2210
+#: sssd-ldap.5.xml:2246
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -6025,208 +6242,208 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2221
+#: sssd-ldap.5.xml:2257
 msgid "ldap_sudorule_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2260
 msgid "The object class of a sudo rule entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2227
+#: sssd-ldap.5.xml:2263
 msgid "Default: sudoRole"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2233
+#: sssd-ldap.5.xml:2269
 msgid "ldap_sudorule_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2272
 msgid "The LDAP attribute that corresponds to the sudo rule name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2246
+#: sssd-ldap.5.xml:2282
 msgid "ldap_sudorule_command (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2249
+#: sssd-ldap.5.xml:2285
 msgid "The LDAP attribute that corresponds to the command name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2253
+#: sssd-ldap.5.xml:2289
 msgid "Default: sudoCommand"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2259
+#: sssd-ldap.5.xml:2295
 msgid "ldap_sudorule_host (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2262
+#: sssd-ldap.5.xml:2298
 msgid ""
 "The LDAP attribute that corresponds to the host name (or host IP address, "
 "host IP network, or host netgroup)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2303
 msgid "Default: sudoHost"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2273
+#: sssd-ldap.5.xml:2309
 msgid "ldap_sudorule_user (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2276
+#: sssd-ldap.5.xml:2312
 msgid ""
 "The LDAP attribute that corresponds to the user name (or UID, group name or "
 "user's netgroup)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2316
 msgid "Default: sudoUser"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2286
+#: sssd-ldap.5.xml:2322
 msgid "ldap_sudorule_option (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2289
+#: sssd-ldap.5.xml:2325
 msgid "The LDAP attribute that corresponds to the sudo options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2329
 msgid "Default: sudoOption"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2335
 msgid "ldap_sudorule_runasuser (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2302
+#: sssd-ldap.5.xml:2338
 msgid ""
 "The LDAP attribute that corresponds to the user name that commands may be "
 "run as."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2306
+#: sssd-ldap.5.xml:2342
 msgid "Default: sudoRunAsUser"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2312
+#: sssd-ldap.5.xml:2348
 msgid "ldap_sudorule_runasgroup (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2351
 msgid ""
 "The LDAP attribute that corresponds to the group name or group GID that "
 "commands may be run as."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2319
+#: sssd-ldap.5.xml:2355
 msgid "Default: sudoRunAsGroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2361
 msgid "ldap_sudorule_notbefore (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2328
+#: sssd-ldap.5.xml:2364
 msgid ""
 "The LDAP attribute that corresponds to the start date/time for when the sudo "
 "rule is valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2332
+#: sssd-ldap.5.xml:2368
 msgid "Default: sudoNotBefore"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2338
+#: sssd-ldap.5.xml:2374
 msgid "ldap_sudorule_notafter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2341
+#: sssd-ldap.5.xml:2377
 msgid ""
 "The LDAP attribute that corresponds to the expiration date/time, after which "
 "the sudo rule will no longer be valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2346
+#: sssd-ldap.5.xml:2382
 msgid "Default: sudoNotAfter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2352
+#: sssd-ldap.5.xml:2388
 msgid "ldap_sudorule_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2391
 msgid "The LDAP attribute that corresponds to the ordering index of the rule."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2359
+#: sssd-ldap.5.xml:2395
 msgid "Default: sudoOrder"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2365
+#: sssd-ldap.5.xml:2401
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2368
+#: sssd-ldap.5.xml:2404
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2373
+#: sssd-ldap.5.xml:2409
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2378
+#: sssd-ldap.5.xml:2414
 msgid "Default: 21600 (6 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2420
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387
+#: sssd-ldap.5.xml:2423
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest USN "
@@ -6234,101 +6451,101 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2429
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2403
+#: sssd-ldap.5.xml:2439
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2406
+#: sssd-ldap.5.xml:2442
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2417
+#: sssd-ldap.5.xml:2453
 msgid "ldap_sudo_hostnames (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2420
+#: sssd-ldap.5.xml:2456
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2425
+#: sssd-ldap.5.xml:2461
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2430 sssd-ldap.5.xml:2453 sssd-ldap.5.xml:2471
-#: sssd-ldap.5.xml:2489
+#: sssd-ldap.5.xml:2466 sssd-ldap.5.xml:2489 sssd-ldap.5.xml:2507
+#: sssd-ldap.5.xml:2525
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2435 sssd-ldap.5.xml:2458
+#: sssd-ldap.5.xml:2471 sssd-ldap.5.xml:2494
 msgid "Default: not specified"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2477
 msgid "ldap_sudo_ip (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2444
+#: sssd-ldap.5.xml:2480
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2449
+#: sssd-ldap.5.xml:2485
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2464
+#: sssd-ldap.5.xml:2500
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2467
+#: sssd-ldap.5.xml:2503
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2482
+#: sssd-ldap.5.xml:2518
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2485
+#: sssd-ldap.5.xml:2521
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2501
+#: sssd-ldap.5.xml:2537
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -6337,111 +6554,111 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2547
 msgid "AUTOFS OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2513
+#: sssd-ldap.5.xml:2549
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2555
 msgid "ldap_autofs_map_master_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2522
+#: sssd-ldap.5.xml:2558
 msgid "The name of the automount master map in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2525
+#: sssd-ldap.5.xml:2561
 msgid "Default: auto.master"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2532
+#: sssd-ldap.5.xml:2568
 msgid "ldap_autofs_map_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2535
+#: sssd-ldap.5.xml:2571
 msgid "The object class of an automount map entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2538
+#: sssd-ldap.5.xml:2574
 msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2546
+#: sssd-ldap.5.xml:2582
 msgid "ldap_autofs_map_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2549
+#: sssd-ldap.5.xml:2585
 msgid "The name of an automount map entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2552
+#: sssd-ldap.5.xml:2588
 msgid ""
 "Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2596
 msgid "ldap_autofs_entry_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2563
+#: sssd-ldap.5.xml:2599
 msgid ""
 "The object class of an automount entry in LDAP. The entry usually "
 "corresponds to a mount point."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2568
+#: sssd-ldap.5.xml:2604
 msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2576
+#: sssd-ldap.5.xml:2612
 msgid "ldap_autofs_entry_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2579 sssd-ldap.5.xml:2594
+#: sssd-ldap.5.xml:2615 sssd-ldap.5.xml:2630
 msgid ""
 "The key of an automount entry in LDAP. The entry usually corresponds to a "
 "mount point."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2583
+#: sssd-ldap.5.xml:2619
 msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2627
 msgid "ldap_autofs_entry_value (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2598
+#: sssd-ldap.5.xml:2634
 msgid ""
 "Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
 "automountInformation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2517
+#: sssd-ldap.5.xml:2553
 msgid ""
 "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
 "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -6450,56 +6667,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2609
+#: sssd-ldap.5.xml:2645
 msgid "ADVANCED OPTIONS"
 msgstr "OPÇÕES AVANÇADAS"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2616
+#: sssd-ldap.5.xml:2652
 msgid "ldap_netgroup_search_base (string)"
 msgstr "ldap_netgroup_search_base (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2621
+#: sssd-ldap.5.xml:2657
 msgid "ldap_user_search_base (string)"
 msgstr "ldap_user_search_base (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2626
+#: sssd-ldap.5.xml:2662
 msgid "ldap_group_search_base (string)"
 msgstr "ldap_group_search_base (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2631
+#: sssd-ldap.5.xml:2667
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2633
+#: sssd-ldap.5.xml:2669
 msgid ""
-"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
+"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
 "memberships, even with no GID mapping. It is recommended to disable this "
 "feature, if group names are not being displayed correctly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2640
+#: sssd-ldap.5.xml:2676
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2642
+#: sssd-ldap.5.xml:2678
 msgid "ldap_sudo_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2647
+#: sssd-ldap.5.xml:2683
 msgid "ldap_autofs_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2611
+#: sssd-ldap.5.xml:2647
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -6507,8 +6724,15 @@ msgid ""
 "\"variablelist\" id=\"1\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2698 sssd-simple.5.xml:131 sssd-ipa.5.xml:717
+#: sssd-ad.5.xml:1018 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+msgid "EXAMPLE"
+msgstr "EXEMPLO"
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2664
+#: sssd-ldap.5.xml:2700
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -6516,7 +6740,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2670
+#: sssd-ldap.5.xml:2706
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -6529,26 +6753,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2669 sssd-ldap.5.xml:2687 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:681 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 include/ldap_id_mapping.xml:105
+#: sssd-ldap.5.xml:2705 sssd-ldap.5.xml:2723 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2681
+#: sssd-ldap.5.xml:2717
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2683
+#: sssd-ldap.5.xml:2719
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2688
+#: sssd-ldap.5.xml:2724
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -6564,13 +6789,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2703 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2739 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1041 sssd.8.xml:195 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "NOTAS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2705
+#: sssd-ldap.5.xml:2741
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -6727,10 +6952,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:166
-#, fuzzy
-#| msgid "<option>forward_pass</option>"
 msgid "<option>allow_missing_name</option>"
-msgstr "<option>forward_pass</option>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:170
@@ -6760,10 +6983,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:190
-#, fuzzy
-#| msgid "<option>retry=N</option>"
 msgid "<option>prompt_always</option>"
-msgstr "<option>retry=N</option>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:194
@@ -7075,9 +7296,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:45
 msgid ""
-"The rules are process by priority while the number '0' (zero)  indicates the "
-"highest priority. The higher the number the lower is the priority. A missing "
-"value indicates the lowest priority."
+"The rules are processed by priority while the number '0' (zero)  indicates "
+"the highest priority. The higher the number the lower is the priority. A "
+"missing value indicates the lowest priority."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
@@ -7161,7 +7382,7 @@ msgstr ""
 #: sss-certmap.5.xml:112
 msgid ""
 "This option can be used to specify which key usage values the certificate "
-"should have. The following value can be used in a comma separate list:"
+"should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
@@ -7514,11 +7735,9 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:66
-#, fuzzy
-#| msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgid ""
 "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sss-certmap.5.xml:336
@@ -7540,7 +7759,7 @@ msgid ""
 "exception is the proxy provider which is not of relevance here). Because of "
 "this the mapping rule is based on LDAP search filter syntax with templates "
 "to add certificate content to the filter. It is expected that the filter "
-"will only contain the specific data needed for the mapping an that the "
+"will only contain the specific data needed for the mapping and that the "
 "caller will embed it in another filter to do the actual search. Because of "
 "this the filter string should start and stop with '(' and ')' respectively."
 msgstr ""
@@ -7560,8 +7779,8 @@ msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
 "is that the user specific data in LDAP might change for various reasons "
-"would would break the mapping. On the other hand it would be hard to break "
-"the mapping on purpose for a specific user."
+"would break the mapping. On the other hand it would be hard to break the "
+"mapping on purpose for a specific user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -7655,7 +7874,7 @@ msgstr ""
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
-"represent the first part of the principal before the '@' sign."
+"represents the first part of the principal before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7673,8 +7892,8 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:459
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by pkinit. The 'short_name' component represent the first part of the "
+"This template will add the Kerberos principal which is given by the SAN used "
+"by pkinit. The 'short_name' component represents the first part of the "
 "principal before the '@' sign."
 msgstr ""
 
@@ -7693,9 +7912,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:473
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by AD. The 'short_name' component represent the first part of the "
-"principal before the '@' sign."
+"This template will add the Kerberos principal which is given by the SAN used "
+"by AD. The 'short_name' component represent the first part of the principal "
+"before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -7708,7 +7927,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
-"represent the first part of the address before the '@' sign."
+"represents the first part of the address before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7728,7 +7947,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
-"component represent the first part of the name before the first '.' sign."
+"component represents the first part of the name before the first '.' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7844,7 +8063,7 @@ msgstr ""
 #: sss-certmap.5.xml:367
 msgid ""
 "The templates to add certificate data to the search filter are based on "
-"Python-style formatting strings. They consists of a keyword in curly braces "
+"Python-style formatting strings. They consist of a keyword in curly braces "
 "with an optional sub-component specifier separated by a '.' or an optional "
 "conversion/formatting option separated by a '!'.  Allowed values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -7852,10 +8071,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sss-certmap.5.xml:590
-#, fuzzy
-#| msgid "DOMAIN SECTIONS"
 msgid "DOMAIN LIST"
-msgstr "SECÇÕES DE DOMÍNIO"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:592
@@ -7966,16 +8183,17 @@ msgstr "ipa_hostname (string)"
 #: sssd-ipa.5.xml:113
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
+"fully qualified name used in the IPA domain to identify this host.  The "
+"hostname must be fully qualified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121 sssd-ad.5.xml:843
+#: sssd-ipa.5.xml:122 sssd-ad.5.xml:843
 msgid "dyndns_update (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:125
 msgid ""
 "Optional. This option tells SSSD to automatically update the DNS server "
 "built into FreeIPA with the IP address of this client. The update is secured "
@@ -7985,14 +8203,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:133 sssd-ad.5.xml:857
+#: sssd-ipa.5.xml:134 sssd-ad.5.xml:857
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:139
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_update</"
@@ -8000,12 +8218,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:150 sssd-ad.5.xml:868
+#: sssd-ipa.5.xml:151 sssd-ad.5.xml:868
 msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:153 sssd-ad.5.xml:871
+#: sssd-ipa.5.xml:154 sssd-ad.5.xml:871
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -8013,7 +8231,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:159
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
@@ -8021,17 +8239,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:164
+#: sssd-ipa.5.xml:165
 msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:170 sssd-ad.5.xml:882
+#: sssd-ipa.5.xml:171 sssd-ad.5.xml:882
 msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173 sssd-ad.5.xml:885
+#: sssd-ipa.5.xml:174 sssd-ad.5.xml:885
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -8040,7 +8258,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180
+#: sssd-ipa.5.xml:181
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -8048,26 +8266,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:186
+#: sssd-ipa.5.xml:187
 msgid ""
 "Default: Use the IP addresses of the interface which is used for IPA LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:190 sssd-ad.5.xml:896
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:896
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196 sssd-ad.5.xml:947
-#, fuzzy
-#| msgid "ldap_sasl_authid (string)"
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:947
 msgid "dyndns_auth (string)"
-msgstr "ldap_sasl_authid (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199 sssd-ad.5.xml:950
+#: sssd-ipa.5.xml:200 sssd-ad.5.xml:950
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -8075,24 +8291,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:205 sssd-ad.5.xml:956
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:956
 msgid "Default: GSS-TSIG"
-msgstr "Padrão: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:212
 msgid "ipa_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:197
+#: sssd-ipa.5.xml:215 sssd-ad.5.xml:197
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:218
+#: sssd-ipa.5.xml:219
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, then the SSSD will first attempt location "
@@ -8104,12 +8318,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:237 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:238 sssd-ad.5.xml:902
 msgid "dyndns_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:240
+#: sssd-ipa.5.xml:241
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -8117,236 +8331,282 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:920
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:920
 msgid "dyndns_update_ptr (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:923
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:923
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:261
+#: sssd-ipa.5.xml:262
 msgid ""
 "This option should be False in most IPA deployments as the IPA server "
 "generates the PTR records automatically when forward records are changed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:268
 msgid "Default: False (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273 sssd-ad.5.xml:934
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:934
 msgid "dyndns_force_tcp (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276 sssd-ad.5.xml:937
+#: sssd-ipa.5.xml:277 sssd-ad.5.xml:937
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:941
+#: sssd-ipa.5.xml:281 sssd-ad.5.xml:941
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:286 sssd-ad.5.xml:962
-#, fuzzy
-#| msgid "id_provider (string)"
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:962
 msgid "dyndns_server (string)"
-msgstr "id_provider (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:289 sssd-ad.5.xml:965
+#: sssd-ipa.5.xml:290 sssd-ad.5.xml:965
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:294 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:295 sssd-ad.5.xml:970
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:299 sssd-ad.5.xml:975
+#: sssd-ipa.5.xml:300 sssd-ad.5.xml:975
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:304 sssd-ad.5.xml:980
+#: sssd-ipa.5.xml:305 sssd-ad.5.xml:980
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:310
-msgid "ipa_hbac_search_base (string)"
+#: sssd-ipa.5.xml:311
+#, fuzzy
+#| msgid "ipa_hbac_search_base (string)"
+msgid "ipa_deskprofile_search_base (string)"
 msgstr "ipa_hbac_search_base (string)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Optional. Use the given string as search base for HBAC related objects."
+#: sssd-ipa.5.xml:314
+msgid ""
+"Optional. Use the given string as search base for Desktop Profile related "
+"objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:317
+#: sssd-ipa.5.xml:318 sssd-ipa.5.xml:331
 msgid "Default: Use base DN"
 msgstr "Default: Use base DN"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:324
+msgid "ipa_hbac_search_base (string)"
+msgstr "ipa_hbac_search_base (string)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:327
+msgid "Optional. Use the given string as search base for HBAC related objects."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:337
 msgid "ipa_host_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:326
+#: sssd-ipa.5.xml:340
 msgid "Optional. Use the given string as search base for host objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:330 sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 sssd-ipa.5.xml:387
-#: sssd-ipa.5.xml:406
+#: sssd-ipa.5.xml:344 sssd-ipa.5.xml:363 sssd-ipa.5.xml:382 sssd-ipa.5.xml:401
+#: sssd-ipa.5.xml:420
 msgid ""
 "See <quote>ldap_search_base</quote> for information about configuring "
 "multiple search bases."
 msgstr ""
 
 #. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:335 sssd-ipa.5.xml:354 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 include/ldap_search_bases.xml:27
 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:356
 msgid "ipa_selinux_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:345
+#: sssd-ipa.5.xml:359
 msgid "Optional. Use the given string as search base for SELinux user maps."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:375
 msgid "ipa_subdomains_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364
+#: sssd-ipa.5.xml:378
 msgid "Optional. Use the given string as search base for trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:373
+#: sssd-ipa.5.xml:387
 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:380
+#: sssd-ipa.5.xml:394
 msgid "ipa_master_domain_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:383
+#: sssd-ipa.5.xml:397
 msgid "Optional. Use the given string as search base for master domain object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:406
 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:399
+#: sssd-ipa.5.xml:413
 msgid "ipa_views_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:402
+#: sssd-ipa.5.xml:416
 msgid "Optional. Use the given string as search base for views containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:411
+#: sssd-ipa.5.xml:425
 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:435
 msgid ""
 "The name of the Kerberos realm. This is optional and defaults to the value "
 "of <quote>ipa_domain</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:425
+#: sssd-ipa.5.xml:439
 msgid ""
 "The name of the Kerberos realm has a special meaning in IPA - it is "
 "converted into the base DN to use for performing LDAP operations."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:433 sssd-ad.5.xml:989
+#: sssd-ipa.5.xml:447 sssd-ad.5.xml:989
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:436 sssd-ad.5.xml:992
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:992
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:440 sssd-ad.5.xml:996
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:996
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:444 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1000
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:465
+#, fuzzy
+#| msgid "config_file_version (integer)"
+msgid "ipa_deskprofile_refresh (integer)"
+msgstr "config_file_version (integer)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:468
+msgid ""
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server. This will reduce the latency and load on the IPA server if there "
+"are many desktop profiles requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:475 sssd-ipa.5.xml:505 sssd-ipa.5.xml:521 sssd-ad.5.xml:408
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:481
+msgid "ipa_deskprofile_request_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:484
+msgid ""
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server in case the last request did not return any rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:489
+#, fuzzy
+#| msgid "Default: 0 (unlimited)"
+msgid "Default: 60 (minutes)"
+msgstr "Padrão: 0 (ilimitado)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:495
 msgid "ipa_hbac_refresh (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:498
 msgid ""
 "The amount of time between lookups of the HBAC rules against the IPA server. "
 "This will reduce the latency and load on the IPA server if there are many "
 "access-control requests made in a short period."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ipa.5.xml:477 sssd-ad.5.xml:408
-msgid "Default: 5 (seconds)"
-msgstr ""
-
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:511
 msgid "ipa_hbac_selinux (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:470
+#: sssd-ipa.5.xml:514
 msgid ""
 "The amount of time between lookups of the SELinux maps against the IPA "
 "server. This will reduce the latency and load on the IPA server if there are "
@@ -8354,194 +8614,192 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:527
 msgid "ipa_server_mode (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:486
+#: sssd-ipa.5.xml:530
 msgid ""
 "This option will be set by the IPA installer (ipa-server-install) "
 "automatically and denotes if SSSD is running on an IPA server or not."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:535
 msgid ""
 "On an IPA server SSSD will lookup users and groups from trusted domains "
 "directly while on a client it will ask an IPA server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:502
+#: sssd-ipa.5.xml:546
 msgid "ipa_automount_location (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:505
+#: sssd-ipa.5.xml:549
 msgid "The automounter location this IPA client will be using"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508
+#: sssd-ipa.5.xml:552
 msgid "Default: The location named \"default\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:516
+#: sssd-ipa.5.xml:560
 msgid "VIEWS AND OVERRIDES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:525
+#: sssd-ipa.5.xml:569
 msgid "ipa_view_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:572
 msgid "Objectclass of the view container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:575
 msgid "Default: nsContainer"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:537
+#: sssd-ipa.5.xml:581
 msgid "ipa_view_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:540
+#: sssd-ipa.5.xml:584
 msgid "Name of the attribute holding the name of the view."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:550
-#, fuzzy
-#| msgid "override_homedir (string)"
+#: sssd-ipa.5.xml:594
 msgid "ipa_override_object_class (string)"
-msgstr "override_homedir (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:597
 msgid "Objectclass of the override objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:556
+#: sssd-ipa.5.xml:600
 msgid "Default: ipaOverrideAnchor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:606
 msgid "ipa_anchor_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:565
+#: sssd-ipa.5.xml:609
 msgid ""
 "Name of the attribute containing the reference to the original object in a "
 "remote domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:613
 msgid "Default: ipaAnchorUUID"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:619
 msgid "ipa_user_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:578
+#: sssd-ipa.5.xml:622
 msgid ""
 "Name of the objectclass for user overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:583
+#: sssd-ipa.5.xml:627
 msgid "User overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:586
+#: sssd-ipa.5.xml:630
 msgid "ldap_user_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:589
+#: sssd-ipa.5.xml:633
 msgid "ldap_user_uid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:592
+#: sssd-ipa.5.xml:636
 msgid "ldap_user_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:595
+#: sssd-ipa.5.xml:639
 msgid "ldap_user_gecos"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:598
+#: sssd-ipa.5.xml:642
 msgid "ldap_user_home_directory"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:601
+#: sssd-ipa.5.xml:645
 msgid "ldap_user_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:604
+#: sssd-ipa.5.xml:648
 msgid "ldap_user_ssh_public_key"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:653
 msgid "Default: ipaUserOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:615
+#: sssd-ipa.5.xml:659
 msgid "ipa_group_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:618
+#: sssd-ipa.5.xml:662
 msgid ""
 "Name of the objectclass for group overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:623
+#: sssd-ipa.5.xml:667
 msgid "Group overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:626
+#: sssd-ipa.5.xml:670
 msgid "ldap_group_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:629
+#: sssd-ipa.5.xml:673
 msgid "ldap_group_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
+#: sssd-ipa.5.xml:678
 msgid "Default: ipaGroupOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:518
+#: sssd-ipa.5.xml:562
 msgid ""
 "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
 "later version. Since all paths and objectclasses are fixed on the server "
@@ -8551,19 +8809,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:646
+#: sssd-ipa.5.xml:690
 msgid "SUBDOMAINS PROVIDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:692
 msgid ""
 "The IPA subdomains provider behaves slightly differently if it is configured "
 "explicitly or implicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:652
+#: sssd-ipa.5.xml:696
 msgid ""
 "If the option 'subdomains_provider = ipa' is found in the domain section of "
 "sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -8571,7 +8829,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:658
+#: sssd-ipa.5.xml:702
 msgid ""
 "If the option 'subdomains_provider' is not set in the domain section of sssd."
 "conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -8583,7 +8841,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:675
+#: sssd-ipa.5.xml:719
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -8591,7 +8849,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:682
+#: sssd-ipa.5.xml:726
 #, no-wrap
 msgid ""
 "[domain/example.com]\n"
@@ -8732,10 +8990,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:127
-#, fuzzy
-#| msgid "ipa_domain (string)"
 msgid "ad_enabled_domains (string)"
-msgstr "ipa_domain (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:130
@@ -9469,10 +9725,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:819
-#, fuzzy
-#| msgid "Default: 300"
 msgid "Default: 30 days"
-msgstr "Padrão: 300"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:825
@@ -9483,18 +9737,16 @@ msgstr ""
 #: sssd-ad.5.xml:828
 msgid ""
 "This option should only be used to test the machine account renewal task. "
-"The option expect 2 integers seperated by a colon (':'). The first integer "
+"The option expects 2 integers separated by a colon (':'). The first integer "
 "defines the interval in seconds how often the task is run. The second "
-"specifies the inital timeout in seconds before the task is run for the first "
-"time after startup."
+"specifies the initial timeout in seconds before the task is run for the "
+"first time after startup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:837
-#, fuzzy
-#| msgid "Default: 86400 (24 hours)"
 msgid "Default: 86400:750 (24h and 15m)"
-msgstr "Padrão: 86400 (24 horas)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:846
@@ -9592,8 +9844,8 @@ msgid ""
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
+#. type: Content of: <reference><refentry><refmeta><refentrytitle>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
 msgid "sssd-sudo"
 msgstr ""
 
@@ -9920,12 +10172,12 @@ msgid "Run in the foreground, don't become a daemon."
 msgstr "Executar em primeiro plano, não se torne um daemon."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117 sss_debuglevel.8.xml:42
+#: sssd.8.xml:117
 msgid "<option>-c</option>,<option>--config</option>"
 msgstr "<option>-c</option>,<option>--config</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121 sss_debuglevel.8.xml:46
+#: sssd.8.xml:121
 msgid ""
 "Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
 "conf</filename>. For reference on the config file syntax and options, "
@@ -10104,10 +10356,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_override.8.xml:10 sss_override.8.xml:15
-#, fuzzy
-#| msgid "sss_usermod"
 msgid "sss_override"
-msgstr "sss_usermod"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_override.8.xml:16
@@ -10116,19 +10366,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_override.8.xml:21
-#, fuzzy
-#| msgid ""
-#| "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-#| "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-#| "arg>"
 msgid ""
 "<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</"
 "replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
 "arg>"
 msgstr ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:32
@@ -10197,16 +10439,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:94
-#, fuzzy
-#| msgid ""
-#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-#| "replaceable>"
 msgid ""
 "<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
 "optional>"
 msgstr ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:99
@@ -10302,16 +10538,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:191
-#, fuzzy
-#| msgid ""
-#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-#| "replaceable>"
 msgid ""
 "<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
 "optional>"
 msgstr ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:196
@@ -10379,10 +10609,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sss_override.8.xml:261 sssctl.8.xml:50
-#, fuzzy
-#| msgid "CONFIGURATION OPTIONS"
 msgid "COMMON OPTIONS"
-msgstr "OPÇÕES DE CONFIGURAÇÃO"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:263 sssctl.8.xml:52
@@ -10391,10 +10619,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:268 sssctl.8.xml:57
-#, fuzzy
-#| msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
 msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
-msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_useradd.8.xml:10 sss_useradd.8.xml:15
@@ -11596,15 +11822,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:186
-#, fuzzy
-#| msgid ""
-#| "<option>-f</option>,<option>--file</option> <replaceable>FILE</"
-#| "replaceable>"
 msgid ""
 "<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
 "replaceable>"
 msgstr ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:191
@@ -11613,10 +11834,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:197
-#, fuzzy
-#| msgid "<option>-R</option>,<option>--recursive</option>"
 msgid "<option>-R</option>,<option>--sudo-rules</option>"
-msgstr "<option>-R</option>,<option>--recursive</option>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:201
@@ -11644,7 +11863,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_debuglevel.8.xml:16
-msgid "change debug level while SSSD is running"
+msgid "[DEPRECATED] change debug level while SSSD is running"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
@@ -11658,14 +11877,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_debuglevel.8.xml:32
 msgid ""
-"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
-"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
-"running."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_debuglevel.8.xml:59
-msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl "
+"debug-level command. Please refer to the <command>sssctl</command> man page "
+"for more information on sssctl usage."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
@@ -12062,7 +12276,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><title>
-#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:182 include/seealso.xml:2
+#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:180 include/seealso.xml:2
 msgid "SEE ALSO"
 msgstr "VER TAMBÉM"
 
@@ -12230,14 +12444,12 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: idmap_sss.8.xml:10 idmap_sss.8.xml:15
-#, fuzzy
-#| msgid "pam_sss"
 msgid "idmap_sss"
-msgstr "pam_sss"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: idmap_sss.8.xml:16
-msgid "SSSSD's idmap_sss Backend for Winbind"
+msgid "SSSD's idmap_sss Backend for Winbind"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
@@ -12249,10 +12461,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: idmap_sss.8.xml:29
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "IDMAP OPTIONS"
-msgstr "Opções"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: idmap_sss.8.xml:33
@@ -12266,13 +12476,6 @@ msgid ""
 "authoritative."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><title>
-#: idmap_sss.8.xml:43
-#, fuzzy
-#| msgid "EXAMPLE"
-msgid "EXAMPLES"
-msgstr "EXEMPLO"
-
 #. type: Content of: <reference><refentry><refsect1><para>
 #: idmap_sss.8.xml:45
 msgid ""
@@ -12304,19 +12507,11 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sssctl.8.xml:21
-#, fuzzy
-#| msgid ""
-#| "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-#| "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-#| "arg>"
 msgid ""
 "<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</"
 "replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
 "arg>"
 msgstr ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssctl.8.xml:32
@@ -12338,10 +12533,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-files.5.xml:10 sssd-files.5.xml:16
-#, fuzzy
-#| msgid "sssd-simple"
 msgid "sssd-files"
-msgstr "sssd-simple"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-files.5.xml:17
@@ -12398,10 +12591,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-secrets.5.xml:10 sssd-secrets.5.xml:16
-#, fuzzy
-#| msgid "sssd-simple"
 msgid "sssd-secrets"
-msgstr "sssd-simple"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-secrets.5.xml:17
@@ -12450,20 +12641,53 @@ msgid ""
 "nested."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:69
+msgid "secrets"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:70
+msgid "secrets for general usage"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:73
+msgid "kcm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:75
+msgid ""
+"used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:61
+msgid ""
+"Since the secrets responder can be used both externally to store general "
+"secrets, as described in the rest of this man page, but also internally by "
+"other SSSD components to store their secret material, some configuration "
+"options, like quotas can be configured per <quote>hive</quote> in a "
+"configuration subsection named after the hive. The currently supported hives "
+"are: <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:63
+#: sssd-secrets.5.xml:89
 msgid "USING THE SECRETS RESPONDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:65
+#: sssd-secrets.5.xml:91
 msgid ""
 "The UNIX socket the SSSD responder listens on is located at <filename>/var/"
 "run/secrets.socket</filename>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:84 sssd-kcm.8.xml:132
+#: sssd-secrets.5.xml:110
 #, no-wrap
 msgid ""
 "systemctl start sssd-secrets.socket\n"
@@ -12473,7 +12697,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:69
+#: sssd-secrets.5.xml:95
 msgid ""
 "The secrets responder is socket-activated by <citerefentry> "
 "<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </"
@@ -12488,7 +12712,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:96
+#: sssd-secrets.5.xml:122
 msgid ""
 "The generic SSSD responder options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the secrets responder.  Please refer "
@@ -12497,20 +12721,27 @@ msgid ""
 "there are some secrets-specific options as well."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:132
+msgid ""
+"The secrets responder is configured with a global <quote>[secrets]</quote> "
+"section and an optional per-user <quote>[secrets/users/$uid]</quote> section "
+"in <filename>sssd.conf</filename>. Please note that some options, notably as "
+"the provider type, can only be specified in the per-user subsections."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:107
-#, fuzzy
-#| msgid "id_provider (string)"
+#: sssd-secrets.5.xml:141
 msgid "provider (string)"
-msgstr "id_provider (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:120
+#: sssd-secrets.5.xml:157
 msgid "local"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:123
+#: sssd-secrets.5.xml:160
 msgid ""
 "The secrets are stored in a local database, encrypted at rest with a master "
 "key. The local provider does not have any additional config options at the "
@@ -12518,161 +12749,192 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:131
+#: sssd-secrets.5.xml:168
 msgid "proxy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:134
+#: sssd-secrets.5.xml:171
 msgid ""
 "The secrets responder forwards the requests to a Custodia server. The proxy "
 "provider supports several additional options (see below)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:110
+#: sssd-secrets.5.xml:144
 msgid ""
 "This option specifies where should the secrets be stored. The secrets "
-"responder can configure a per-user subsections that define which provider "
-"store the secrets for this particular user. The per-user subsections should "
-"contain all options for that user's provider. If a per-user section does not "
-"exist, the global settings from the secret responder's section are used.  "
-"The following providers are supported: <placeholder type=\"variablelist\" id="
-"\"0\"/>"
+"responder can configure a per-user subsections (e.g. <quote>[secrets/"
+"users/123]</quote> - see bottom of this manual page for a full example using "
+"Custodia for a particular user) that define which provider store the secrets "
+"for this particular user. The per-user subsections should contain all "
+"options for that user's provider. Please note that currently the global "
+"provider is always local, the proxy provider can only be specified in a per-"
+"user section. The following providers are supported: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:143
-#, fuzzy
-#| msgid "Default: cn"
+#: sssd-secrets.5.xml:180
 msgid "Default: local"
-msgstr "Padrão: NC"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:186
+msgid ""
+"The following options affect only the secrets <quote>hive</quote> and "
+"therefore should be set in a per-hive subsection. Setting the option to 0 "
+"means \"unlimited\"."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:148
-#, fuzzy
-#| msgid "reconnection_retries (integer)"
+#: sssd-secrets.5.xml:192
 msgid "containers_nest_level (integer)"
-msgstr "reconnection_retries (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:151
+#: sssd-secrets.5.xml:195
 msgid "This option specifies the maximum allowed number of nested containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:155
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-secrets.5.xml:199
 msgid "Default: 4"
-msgstr "Padrão: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:160
-#, fuzzy
-#| msgid "timeout (integer)"
+#: sssd-secrets.5.xml:204
 msgid "max_secrets (integer)"
-msgstr "timeout (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:163
-msgid "This option specifies the maximum number of secrets that can be stored."
+#: sssd-secrets.5.xml:207
+msgid ""
+"This option specifies the maximum number of secrets that can be stored in "
+"the hive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:167
-#, fuzzy
-#| msgid "Default: 10"
-msgid "Default: 1024"
-msgstr "Padrão: 10"
+#: sssd-secrets.5.xml:211
+msgid "Default: 1024 (secrets hive), 256 (kcm hive)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:172
+#: sssd-secrets.5.xml:216
 #, fuzzy
-#| msgid "ldap_page_size (integer)"
+#| msgid "pam_id_timeout (integer)"
+msgid "max_uid_secrets (integer)"
+msgstr "pam_id_timeout (integer)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:219
+msgid ""
+"This option specifies the maximum number of secrets that can be stored per-"
+"UID in the hive."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:223
+msgid "Default: 256 (secrets hive), 64 (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:228
 msgid "max_payload_size (integer)"
-msgstr "ldap_page_size (integer)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:175
+#: sssd-secrets.5.xml:231
 msgid ""
 "This option specifies the maximum payload size allowed for a secret payload "
 "in kilobytes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:179
-#, fuzzy
-#| msgid "Default: 1"
-msgid "Default: 16"
-msgstr "Padrão: 1"
+#: sssd-secrets.5.xml:235
+msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-secrets.5.xml:244
+#, no-wrap
+msgid ""
+"[secrets/secrets]\n"
+"max_payload_size = 128\n"
+"\n"
+"[secrets/kcm]\n"
+"max_payload_size = 256\n"
+"            "
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:185
+#: sssd-secrets.5.xml:241
+msgid ""
+"For example, to adjust quotas differently for both the <quote>secrets</"
+"quote> and the <quote>kcm</quote> hives, configure the following: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:252
 msgid ""
 "The following options are only applicable for configurations that use the "
 "<quote>proxy</quote> provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:190
-#, fuzzy
-#| msgid "proxy_lib_name (string)"
+#: sssd-secrets.5.xml:257
 msgid "proxy_url (string)"
-msgstr "proxy_lib_name (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:193
+#: sssd-secrets.5.xml:260
 msgid ""
 "The URL the Custodia server is listening on. At the moment, http and https "
 "protocols are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:200
-#, fuzzy
-#| msgid "ldap[s]://&lt;host&gt;[:port]"
+#: sssd-secrets.5.xml:267
 msgid "http[s]://&lt;host&gt;[:port]"
-msgstr "ldap[s]://&lt;host&gt;[:port]"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:203
+#: sssd-secrets.5.xml:270
 msgid "Example: http://localhost:8080"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:208
-#, fuzzy
-#| msgid "auth_provider (string)"
+#: sssd-secrets.5.xml:275
 msgid "auth_type (string)"
-msgstr "auth_provider (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:211
+#: sssd-secrets.5.xml:278
 msgid ""
 "The method to use when authenticating to a Custodia server. The following "
 "authentication methods are supported:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:216
+#: sssd-secrets.5.xml:283
 msgid "basic_auth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:219
+#: sssd-secrets.5.xml:286
 msgid ""
 "Authenticate with a username and a password as set in the <quote>username</"
 "quote> and <quote>password</quote> options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:226
+#: sssd-secrets.5.xml:293
 msgid "header"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:229
+#: sssd-secrets.5.xml:296
 msgid ""
 "Authenticate with HTTP header value as defined in the "
 "<quote>auth_header_name</quote> and <quote>auth_header_value</quote> "
@@ -12680,14 +12942,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:240
-#, fuzzy
-#| msgid "auth_provider (string)"
+#: sssd-secrets.5.xml:307
 msgid "auth_header_name (string)"
-msgstr "auth_provider (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:243
+#: sssd-secrets.5.xml:310
 msgid ""
 "If set, the secrets responder would put a header with this name into the "
 "HTTP request with the value defined in the <quote>auth_header_value</quote> "
@@ -12695,95 +12955,81 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:248
+#: sssd-secrets.5.xml:315
 msgid "Example: MYSECRETNAME"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:253
-#, fuzzy
-#| msgid "auth_provider (string)"
+#: sssd-secrets.5.xml:320
 msgid "auth_header_value (string)"
-msgstr "auth_provider (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:256
+#: sssd-secrets.5.xml:323
 msgid ""
 "The value sssd-secrets would use for the <quote>auth_header_name</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:260
-#, fuzzy
-#| msgid "Examples:"
+#: sssd-secrets.5.xml:327
 msgid "Example: mysecret"
-msgstr "Exemplos:"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:265
-#, fuzzy
-#| msgid "override_homedir (string)"
+#: sssd-secrets.5.xml:332
 msgid "forward_headers (list of strings)"
-msgstr "override_homedir (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:268
+#: sssd-secrets.5.xml:335
 msgid ""
 "The list of HTTP headers to forward to the Custodia server together with the "
 "request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:277
-#, fuzzy
-#| msgid "try_inotify (boolean)"
+#: sssd-secrets.5.xml:344
 msgid "verify_peer (boolean)"
-msgstr "try_inotify (boolean)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:280
+#: sssd-secrets.5.xml:347
 msgid ""
 "Whether peer's certificate should be verified and valid if HTTPS protocol is "
 "used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:289
-#, fuzzy
-#| msgid "try_inotify (boolean)"
+#: sssd-secrets.5.xml:356
 msgid "verify_host (boolean)"
-msgstr "try_inotify (boolean)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:292
+#: sssd-secrets.5.xml:359
 msgid ""
 "Whether peer's hostname must match with hostname in its certificate if HTTPS "
 "protocol is used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:302
-#, fuzzy
-#| msgid "ldap_sasl_authid (string)"
+#: sssd-secrets.5.xml:369
 msgid "capath (string)"
-msgstr "ldap_sasl_authid (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:305
+#: sssd-secrets.5.xml:372
 msgid ""
 "Path to directory containing stored certificate authority certificates. "
 "System default path is used if this option is not set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:315
-#, fuzzy
-#| msgid "ldap_tls_cacert (string)"
+#: sssd-secrets.5.xml:382
 msgid "cacert (string)"
-msgstr "ldap_tls_cacert (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:318
+#: sssd-secrets.5.xml:385
 msgid ""
 "Path to file containing server's certificate authority certificate. If this "
 "option is not set then the CA's certificate is looked up in <quote>capath</"
@@ -12791,14 +13037,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:328
-#, fuzzy
-#| msgid "skel_dir (string)"
+#: sssd-secrets.5.xml:395
 msgid "cert (string)"
-msgstr "skel_dir (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:331
+#: sssd-secrets.5.xml:398
 msgid ""
 "Path to file containing client's certificate if required by the server. This "
 "file may also contain private key or the private key may be in separate file "
@@ -12806,24 +13050,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:342
-#, fuzzy
-#| msgid "skel_dir (string)"
+#: sssd-secrets.5.xml:409
 msgid "key (string)"
-msgstr "skel_dir (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:345
+#: sssd-secrets.5.xml:412
 msgid "Path to file containing client's private key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:355
+#: sssd-secrets.5.xml:422
 msgid "USING THE REST API"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:357
+#: sssd-secrets.5.xml:424
 msgid ""
 "This section lists the available commands and includes examples using the "
 "<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> "
@@ -12838,19 +13080,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:374
+#: sssd-secrets.5.xml:441
 msgid "Listing secrets"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:377
+#: sssd-secrets.5.xml:444
 msgid ""
 "To list the available secrets, send a HTTP GET request with a trailing slash "
 "appended to the container path."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:383
+#: sssd-secrets.5.xml:450
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12860,19 +13102,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:391
+#: sssd-secrets.5.xml:458
 msgid "Retrieving a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:394
+#: sssd-secrets.5.xml:461
 msgid ""
 "To read a value of a single secret, send a HTTP GET request without a "
 "trailing slash. The last portion of the URI is the name of the secret."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:401
+#: sssd-secrets.5.xml:468
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12882,7 +13124,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:406
+#: sssd-secrets.5.xml:473
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -12892,21 +13134,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:399
-#, fuzzy
-#| msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
+#: sssd-secrets.5.xml:466
 msgid ""
 "Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
 "\"programlisting\" id=\"1\"/>"
-msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:414
+#: sssd-secrets.5.xml:481
 msgid "Setting a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:417
+#: sssd-secrets.5.xml:484
 msgid ""
 "To set a secret using the <quote>application/json</quote> type, send a HTTP "
 "PUT request with a JSON payload that includes type and value. The type "
@@ -12915,14 +13155,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:425
+#: sssd-secrets.5.xml:492
 msgid ""
 "The <quote>application/json</quote> type just sends the secret as the "
 "message payload."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:434
+#: sssd-secrets.5.xml:501
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12933,7 +13173,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:440
+#: sssd-secrets.5.xml:507
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -12944,7 +13184,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:429
+#: sssd-secrets.5.xml:496
 msgid ""
 "The following example sets a secret named 'foo' to a value of 'foosecret' "
 "and a secret named 'bar' to a value of 'barsecret' using a different Content "
@@ -12953,12 +13193,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:449
+#: sssd-secrets.5.xml:516
 msgid "Creating a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:452
+#: sssd-secrets.5.xml:519
 msgid ""
 "Containers provide an additional namespace for this user's secrets. To "
 "create a container, send a HTTP POST request, whose URI ends with the "
@@ -12966,7 +13206,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:462
+#: sssd-secrets.5.xml:529
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12976,14 +13216,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:459
+#: sssd-secrets.5.xml:526
 msgid ""
 "The following example creates a container named 'mycontainer': <placeholder "
 "type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:471
+#: sssd-secrets.5.xml:538
 #, no-wrap
 msgid ""
 "http://localhost/secrets/mycontainer/mysecret\n"
@@ -12991,26 +13231,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:468
+#: sssd-secrets.5.xml:535
 msgid ""
 "To manipulate secrets under this container, just nest the secrets underneath "
 "the container path: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:477
+#: sssd-secrets.5.xml:544
 msgid "Deleting a secret or a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:480
+#: sssd-secrets.5.xml:547
 msgid ""
 "To delete a secret or a container, send a HTTP DELETE request with a path to "
 "the secret or the container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:486
+#: sssd-secrets.5.xml:553
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -13020,21 +13260,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:484
-#, fuzzy
-#| msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
+#: sssd-secrets.5.xml:551
 msgid ""
 "The following example deletes a secret named 'foo'.  <placeholder type="
 "\"programlisting\" id=\"0\"/>"
-msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:496
+#: sssd-secrets.5.xml:563
 msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:498
+#: sssd-secrets.5.xml:565
 msgid ""
 "For testing the proxy provider, you need to set up a Custodia server to "
 "proxy requests to. Please always consult the Custodia documentation, the "
@@ -13042,7 +13280,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:509
+#: sssd-secrets.5.xml:576
 #, no-wrap
 msgid ""
 "[global]\n"
@@ -13072,7 +13310,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:503
+#: sssd-secrets.5.xml:570
 msgid ""
 "This configuration will set up a Custodia server listening on http://"
 "localhost:8080, allowing anyone with header named MYSECRETNAME set to "
@@ -13082,14 +13320,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:535
+#: sssd-secrets.5.xml:602
 msgid ""
 "Then run the <replaceable>custodia</replaceable> command, pointing it at the "
 "config file as a command line argument."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:539
+#: sssd-secrets.5.xml:606
 msgid ""
 "Please note that currently it's not possible to proxy all requests globally "
 "to a Custodia instance. Instead, per-user subsections for user IDs that "
@@ -13100,7 +13338,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><programlisting>
-#: sssd-secrets.5.xml:547
+#: sssd-secrets.5.xml:614
 #, no-wrap
 msgid ""
 "[secrets]\n"
@@ -13115,11 +13353,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-session-recording.5.xml:16
+msgid "sssd-session-recording"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-session-recording.5.xml:17
+msgid "Configuring session recording with SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:23
+msgid ""
+"This manual page describes how to configure <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to "
+"implement user session recording on text terminals.  For a detailed "
+"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> "
+"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:41
+msgid ""
+"SSSD can be set up to enable recording of everything specific users see or "
+"type during their sessions on text terminals. E.g.  when users log in on the "
+"console, or via SSH. SSSD itself doesn't record anything, but makes sure "
+"tlog-rec-session is started upon user login, so it can record according to "
+"its configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:48
+msgid ""
+"For users with session recording enabled, SSSD replaces the user shell with "
+"tlog-rec-session in NSS responses, and adds a variable specifying the "
+"original shell to the user environment, upon PAM session setup. This way "
+"tlog-rec-session can be started in place of the user shell, and know which "
+"actual shell to start, once it set up the recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:60
+msgid "These options can be used to configure the session recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:146
+msgid ""
+"The following snippet of sssd.conf enables session recording for users "
+"\"contractor1\" and \"contractor2\", and group \"students\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-session-recording.5.xml:151
+#, no-wrap
+msgid ""
+"[session_recording]\n"
+"scope = some\n"
+"users = contractor1, contractor2\n"
+"groups = students\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
-#, fuzzy
-#| msgid "sssd"
 msgid "sssd-kcm"
-msgstr "sssd"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-kcm.8.xml:17
@@ -13233,7 +13534,6 @@ msgstr ""
 msgid ""
 "systemctl start sssd-kcm.socket\n"
 "systemctl enable sssd-kcm.socket\n"
-"systemctl enable sssd-kcm.service\n"
 "            "
 msgstr ""
 
@@ -13250,12 +13550,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-kcm.8.xml:123
+#: sssd-kcm.8.xml:122
 msgid "THE CREDENTIAL CACHE STORAGE"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:131
+#, no-wrap
+msgid ""
+"systemctl start sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.socket\n"
+"            "
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:125
+#: sssd-kcm.8.xml:124
 msgid ""
 "The credential caches are stored in the SSSD secrets service (see "
 "<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
@@ -13266,7 +13575,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:143
+#: sssd-kcm.8.xml:141
 msgid ""
 "The KCM service is configured in the <quote>kcm</quote> section of the sssd."
 "conf file. Please note that currently, is it not sufficient to restart the "
@@ -13279,7 +13588,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:157
+#: sssd-kcm.8.xml:155
 msgid ""
 "The generic SSSD service options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the kcm service.  Please refer to "
@@ -13289,30 +13598,412 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-kcm.8.xml:168
-#, fuzzy
-#| msgid "skel_dir (string)"
+#: sssd-kcm.8.xml:166
 msgid "socket_path (string)"
-msgstr "skel_dir (string)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:171
+#: sssd-kcm.8.xml:169
 msgid "The socket the KCM service will listen on."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:174
+#: sssd-kcm.8.xml:172
 msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:184
+#: sssd-kcm.8.xml:182
 msgid ""
 "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>,"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
+#, fuzzy
+#| msgid "sssd-simple"
+msgid "sssd-systemtap"
+msgstr "sssd-simple"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-systemtap.5.xml:17
+msgid "SSSD systemtap information"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:23
+msgid ""
+"This manual page provides information about the systemtap functionality in "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:32
+msgid ""
+"SystemTap Probe points have been added into various locations in SSSD code "
+"to assist in troubleshooting and analyzing performance related issues."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:40
+msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:46
+msgid ""
+"Probes and miscellaneous functions are defined in /usr/share/systemtap/"
+"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp "
+"respectively."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-systemtap.5.xml:57
+msgid "PROBE POINTS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:341
+msgid ""
+"The information below lists the probe points and arguments available in the "
+"following format:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:64
+#, fuzzy
+#| msgid "realm name"
+msgid "probe $name"
+msgstr "nome de território"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:67
+msgid "Description of probe point"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:70
+#, no-wrap
+msgid ""
+"variable1:datatype\n"
+"variable2:datatype\n"
+"variable3:datatype\n"
+"...\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:80
+msgid "Database Transaction Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:84
+msgid "probe sssd_transaction_start"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:87
+msgid ""
+"Start of a sysdb transaction, probes the sysdb_transaction_start() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118
+#: sssd-systemtap.5.xml:131
+#, no-wrap
+msgid ""
+"nesting:integer\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:97
+msgid "probe sssd_transaction_cancel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:100
+msgid ""
+"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel()  "
+"function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:111
+msgid "probe sssd_transaction_commit_before"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:114
+msgid "Probes the sysdb_transaction_commit_before()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:124
+msgid "probe sssd_transaction_commit_after"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:127
+msgid "Probes the sysdb_transaction_commit_after()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:141
+msgid "LDAP Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:145
+msgid "probe sdap_search_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:148
+msgid "Probes the sdap_get_generic_ext_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:152 sssd-systemtap.5.xml:167 sssd-systemtap.5.xml:196
+#, no-wrap
+msgid ""
+"base:string\n"
+"scope:integer\n"
+"filter:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:160
+msgid "probe sdap_search_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:163
+msgid "Probes the sdap_get_generic_ext_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:175
+msgid "probe sdap_deref_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:178
+msgid "Probes the sdap_deref_search_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:182
+#, no-wrap
+msgid ""
+"base_dn:string\n"
+"deref_attr:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:189
+msgid "probe sdap_deref_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:192
+msgid "Probes the sdap_deref_search_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:208
+msgid "LDAP Account Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:212
+msgid "probe sdap_acct_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:215
+msgid "Probes the sdap_acct_req_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:219 sssd-systemtap.5.xml:234
+#, no-wrap
+msgid ""
+"entry_type:int\n"
+"filter_type:int\n"
+"filter_value:string\n"
+"extra_value:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:227
+msgid "probe sdap_acct_req_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:230
+msgid "Probes the sdap_acct_req_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:246
+msgid "LDAP User Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:250
+msgid "probe sdap_search_user_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:253
+msgid "Probes the sdap_search_user_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
+#: sssd-systemtap.5.xml:293
+#, no-wrap
+msgid ""
+"filter:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:262
+msgid "probe sdap_search_user_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:265
+msgid "Probes the sdap_search_user_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:274
+msgid "probe sdap_search_user_save_begin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:277
+msgid "Probes the sdap_search_user_save_begin()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:286
+msgid "probe sdap_search_user_save_end"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:289
+msgid "Probes the sdap_search_user_save_end()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:302
+msgid "Data Provider Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:306
+msgid "probe dp_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:309
+msgid "A Data Provider request is submitted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:312
+#, no-wrap
+msgid ""
+"dp_req_domain:string\n"
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:320
+msgid "probe dp_req_done"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:323
+msgid "A Data Provider request is completed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:326
+#, no-wrap
+msgid ""
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"dp_ret:int\n"
+"dp_errorstr:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:339
+msgid "MISCELLANEOUS FUNCTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:346
+msgid "function acct_req_desc(entry_type)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:349
+msgid "Convert entry_type to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:354
+msgid ""
+"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
+"filter_value, extra_value)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:358
+msgid "Create probe string based on filter type"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:363
+msgid "function dp_target_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:366
+msgid "Convert target to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:371
+msgid "function dp_method_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:374
+msgid "Convert method to string and return string"
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
 msgid "SERVICE DISCOVERY"
@@ -13462,6 +14153,71 @@ msgid ""
 "offline mode, and then attempts to reconnect every 30 seconds."
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:53
+msgid "Failover time outs and tuning"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:55
+msgid ""
+"Resolving a server to connect to can be as simple as running a single DNS "
+"query or can involve several steps, such as finding the correct site or "
+"trying out multiple host names in case some of the configured servers are "
+"not reachable. The more complex scenarios can take some time and SSSD needs "
+"to balance between providing enough time to finish the resolution process "
+"but on the other hand, not trying for too long before falling back to "
+"offline mode. If the SSSD debug logs show that the server resolution is "
+"timing out before a live server is contacted, you can consider changing the "
+"time outs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:76
+#, fuzzy
+#| msgid "dns_resolver_timeout (integer)"
+msgid "dns_resolver_op_timeout"
+msgstr "dns_resolver_timeout (integer)"
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:80
+msgid "How long would SSSD talk to a single DNS server."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:86
+#, fuzzy
+#| msgid "dns_resolver_timeout (integer)"
+msgid "dns_resolver_timeout"
+msgstr "dns_resolver_timeout (integer)"
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:90
+msgid ""
+"How long would SSSD try to resolve a failover service. This service "
+"resolution internally might include several steps, such as resolving DNS SRV "
+"queries or locating the site."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:67
+msgid ""
+"This section lists the available tunables. Please refer to their description "
+"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, manual page.  <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:100
+msgid ""
+"For LDAP-based providers, the resolve operation is performed as part of an "
+"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"quote> timeout should be set to a larger value than "
+"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
+"value than <quote>dns_resolver_op_timeout</quote>."
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/ldap_id_mapping.xml:2
 msgid "ID MAPPING"
@@ -13751,10 +14507,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
 #: include/ldap_id_mapping.xml:249
-#, fuzzy
-#| msgid "ldap_page_size (integer)"
 msgid "ldap_idmap_helper_table_size (integer)"
-msgstr "ldap_page_size (integer)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
 #: include/ldap_id_mapping.xml:252
@@ -14043,34 +14797,37 @@ msgid ""
 "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> "
 "<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
+"citerefentry>, </phrase> <citerefentry> <refentrytitle>sssd-session-"
+"recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, "
+"<citerefentry> <refentrytitle>sss_cache</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
-"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
+"\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
 "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>.  <citerefentry> "
 "<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
+"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
+"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> </phrase>"
 msgstr ""
 
 #. type: Content of: <listitem><para>
@@ -14245,17 +15002,13 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13
-#, fuzzy
-#| msgid "krb5_validate (boolean)"
 msgid "krb5_validate = true"
-msgstr "krb5_validate (boolean)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:18
-#, fuzzy
-#| msgid "krb5_fast_principal (string)"
 msgid "krb5_use_enterprise_principal = true"
-msgstr "krb5_fast_principal (string)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/ad_modified_defaults.xml:24
@@ -14269,10 +15022,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38
-#, fuzzy
-#| msgid "ldap_force_upper_case_realm (boolean)"
 msgid "ldap_force_upper_case_realm = true"
-msgstr "ldap_force_upper_case_realm (boolean)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:38
@@ -14281,10 +15032,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:43
-#, fuzzy
-#| msgid "ldap_sasl_mech (string)"
 msgid "ldap_sasl_mech = gssapi"
-msgstr "ldap_sasl_mech (string)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:48
@@ -14316,10 +15065,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:23
-#, fuzzy
-#| msgid "krb5_canonicalize (boolean)"
 msgid "krb5_canonicalize = true"
-msgstr "krb5_canonicalize (boolean)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/ipa_modified_defaults.xml:29
@@ -14333,10 +15080,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:43
-#, fuzzy
-#| msgid "ldap_sasl_mech (string)"
 msgid "ldap_sasl_mech = GSSAPI"
-msgstr "ldap_sasl_mech (string)"
+msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:48
@@ -14373,48 +15118,37 @@ msgstr ""
 msgid "ldap_user_auth_type = ipaUserAuthType"
 msgstr ""
 
-#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:88
-msgid "ldap_user_certificate = userCertificate;binary"
-msgstr ""
-
 #. type: Content of: <refsect1><refsect2><title>
-#: include/ipa_modified_defaults.xml:94
+#: include/ipa_modified_defaults.xml:89
 msgid "LDAP Provider - Group options"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:98
+#: include/ipa_modified_defaults.xml:93
 msgid "ldap_group_object_class = ipaUserGroup"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:103
+#: include/ipa_modified_defaults.xml:98
 msgid "ldap_group_object_class_alt = posixGroup"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:108
+#: include/ipa_modified_defaults.xml:103
 msgid "ldap_group_member = member"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:113
+#: include/ipa_modified_defaults.xml:108
 msgid "ldap_group_uuid = ipaUniqueID"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:118
+#: include/ipa_modified_defaults.xml:113
 msgid "ldap_group_objectsid = ipaNTSecurityIdentifier"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:123
+#: include/ipa_modified_defaults.xml:118
 msgid "ldap_group_external_member = ipaExternalMember"
 msgstr ""
-
-#~ msgid ""
-#~ "Comma separated list of services that are started when sssd itself starts."
-#~ msgstr ""
-#~ "Lista de serviços que são iniciados quando SSSD propriamente dito começa "
-#~ "separados por vírgulas."
diff --git a/src/man/po/pt_BR.po b/src/man/po/pt_BR.po
index 483bd5637..c3aea7c32 100644
--- a/src/man/po/pt_BR.po
+++ b/src/man/po/pt_BR.po
@@ -2,9 +2,9 @@
 # Rodrigo de Araujo Sousa Fonseca <rodrigodearaujo@fedoraproject.org>, 2017. #zanata
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.12.90\n"
+"Project-Id-Version: sssd-docs 1.15.3\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2017-07-25 11:51+0200\n"
+"POT-Creation-Date: 2017-10-20 16:15+0200\n"
 "PO-Revision-Date: 2017-01-29 10:11-0500\n"
 "Last-Translator: Rodrigo de Araujo Sousa Fonseca "
 "<rodrigodearaujo@fedoraproject.org>\n"
@@ -26,7 +26,8 @@ msgstr ""
 #: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
 #: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
 #: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5
-#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-kcm.8.xml:5
+#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-session-recording.5.xml:5
+#: sssd-kcm.8.xml:5 sssd-systemtap.5.xml:5
 msgid "SSSD Manual pages"
 msgstr ""
 
@@ -68,7 +69,8 @@ msgstr ""
 #: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31
 #: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
 #: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30
-#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-kcm.8.xml:21
+#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-session-recording.5.xml:21
+#: sssd-kcm.8.xml:21 sssd-systemtap.5.xml:21
 msgid "DESCRIPTION"
 msgstr "DESCRIÇÃO"
 
@@ -83,8 +85,8 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "OPÇÕES"
 
@@ -126,7 +128,8 @@ msgstr "ssd.conf "
 #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
 #: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11
 #: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
-#: sssd-files.5.xml:11 sssd-secrets.5.xml:11
+#: sssd-files.5.xml:11 sssd-secrets.5.xml:11 sssd-session-recording.5.xml:11
+#: sssd-systemtap.5.xml:11
 msgid "5"
 msgstr "5"
 
@@ -134,7 +137,8 @@ msgstr "5"
 #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
 #: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12
 #: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
-#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-kcm.8.xml:12
+#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-session-recording.5.xml:12
+#: sssd-kcm.8.xml:12 sssd-systemtap.5.xml:12
 msgid "File Formats and Conventions"
 msgstr ""
 
@@ -285,11 +289,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:813
-#: sssd.conf.5.xml:1422 sssd-ldap.5.xml:1695 sssd-ldap.5.xml:1792
-#: sssd-ldap.5.xml:1854 sssd-ldap.5.xml:2411 sssd-ldap.5.xml:2476
-#: sssd-ldap.5.xml:2494 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:284 sssd-secrets.5.xml:297
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
+#: sssd.conf.5.xml:1467 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1881 sssd-ldap.5.xml:2447 sssd-ldap.5.xml:2512
+#: sssd-ldap.5.xml:2530 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
+#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr ""
 
@@ -306,17 +310,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:697
-#: sssd.conf.5.xml:1376 sssd.conf.5.xml:2691 sssd-ldap.5.xml:708
-#: sssd-ldap.5.xml:1569 sssd-ldap.5.xml:1588 sssd-ldap.5.xml:1764
-#: sssd-ldap.5.xml:2181 sssd-ipa.5.xml:144 sssd-ipa.5.xml:231
-#: sssd-ipa.5.xml:496 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
+#: sssd.conf.5.xml:1400 sssd.conf.5.xml:2865 sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:1596 sssd-ldap.5.xml:1615 sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:2217 sssd-ipa.5.xml:145 sssd-ipa.5.xml:232
+#: sssd-ipa.5.xml:540 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
 #: sssd-krb5.5.xml:471
 msgid "Default: false"
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2219
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2255
+#: sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:210
+#: sssd-systemtap.5.xml:248 sssd-systemtap.5.xml:304
 msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
@@ -339,8 +345,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1328 sssd.conf.5.xml:2707
-#: sssd-ldap.5.xml:1440 include/ldap_id_mapping.xml:264
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1352 sssd.conf.5.xml:2881
+#: sssd-ldap.5.xml:1467 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr ""
 
@@ -355,7 +361,7 @@ msgid "The [sssd] section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:2796
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:2970
 msgid "Section parameters"
 msgstr ""
 
@@ -403,19 +409,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:589
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
 msgid "reconnection_retries (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:592
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:597
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
 msgid "Default: 3"
 msgstr ""
 
@@ -435,7 +441,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2508
 msgid "re_expression (string)"
 msgstr ""
 
@@ -455,12 +461,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2391
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2559
 msgid "full_name_format (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2394
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2562
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -468,39 +474,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2405
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2573
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2574
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2577
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2412
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2580
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2418
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2586
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2421
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2589
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2402
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2570
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -624,11 +630,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1132 sssd-ldap.5.xml:679
-#: sssd-ldap.5.xml:1528 sssd-ldap.5.xml:1540 sssd-ldap.5.xml:1622
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1156 sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:1555 sssd-ldap.5.xml:1567 sssd-ldap.5.xml:1649
 #: sssd-ad.5.xml:667 sssd-ad.5.xml:742 sssd-krb5.5.xml:410 sssd-krb5.5.xml:556
-#: sssd-secrets.5.xml:272 sssd-secrets.5.xml:310 sssd-secrets.5.xml:323
-#: sssd-secrets.5.xml:337 sssd-secrets.5.xml:348
+#: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
+#: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415
 #: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
 msgid "Default: not set"
 msgstr ""
@@ -799,8 +805,24 @@ msgid ""
 "be looked up in a random order for each parent domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:563
+msgid ""
+"Please, note that when this option is set the output format of all commands "
+"is always fully-qualified even when using short names for input.  In case "
+"the administrator wants the output not fully-qualified, the full_name_format "
+"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
+"However, keep in mind that during login, login applications often "
+"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
+"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
+"shortname is returned for a qualified input (while trying to reach a user "
+"which exists in multiple domains) might re-route the login attempt into the "
+"domain which users shortnames, making this workaround totally not "
+"recommended in cases where usernames may overlap between domains."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563 sssd.conf.5.xml:1340 sssd.conf.5.xml:2757
+#: sssd.conf.5.xml:587 sssd.conf.5.xml:1364 sssd.conf.5.xml:2931
 #: sssd-ad.5.xml:148 sssd-ad.5.xml:286 sssd-ad.5.xml:300
 msgid "Default: Not set"
 msgstr ""
@@ -817,12 +839,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:574
+#: sssd.conf.5.xml:598
 msgid "SERVICES SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:600
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -831,22 +853,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:607
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:609
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:626
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:605
+#: sssd.conf.5.xml:629
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -856,17 +878,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:614
+#: sssd.conf.5.xml:638
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:643
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:646
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -876,18 +898,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:631 sssd.conf.5.xml:663 sssd.conf.5.xml:944
-#: sssd.conf.5.xml:1198 sssd-ldap.5.xml:1267
+#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
+#: sssd.conf.5.xml:1222 sssd-ldap.5.xml:1294
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:660
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:663
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -895,24 +917,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:670
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:673
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:678
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:681
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -920,12 +942,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:692
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:695
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -937,58 +959,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685 sssd.conf.5.xml:956 sssd.conf.5.xml:1514
+#: sssd.conf.5.xml:709 sssd.conf.5.xml:980 sssd.conf.5.xml:1559
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:690
+#: sssd.conf.5.xml:714
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:717
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:729
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:731
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:712
+#: sssd.conf.5.xml:736
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715
+#: sssd.conf.5.xml:739
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:719
+#: sssd.conf.5.xml:743
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:748
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
+#: sssd.conf.5.xml:751
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -996,7 +1018,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:733
+#: sssd.conf.5.xml:757
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1006,7 +1028,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:767
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1015,17 +1037,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:775 sssd.conf.5.xml:1421
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:780
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:783
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1033,34 +1055,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:765 sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:789 sssd.conf.5.xml:1445
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:770
+#: sssd.conf.5.xml:794
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:773
+#: sssd.conf.5.xml:797
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778 sssd.conf.5.xml:1186 sssd.conf.5.xml:2641 sssd.8.xml:79
+#: sssd.conf.5.xml:802 sssd.conf.5.xml:1210 sssd.conf.5.xml:2815 sssd.8.xml:79
 msgid "Default: 0"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:807
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:786
+#: sssd.conf.5.xml:810
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1069,7 +1091,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:817
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1078,41 +1100,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:801
+#: sssd.conf.5.xml:825
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:830
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:833
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:820
+#: sssd.conf.5.xml:844
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:847
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:852
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:834
+#: sssd.conf.5.xml:858
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1120,23 +1142,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1265 sssd.conf.5.xml:1284
+#: sssd.conf.5.xml:856 sssd.conf.5.xml:1289 sssd.conf.5.xml:1308
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:862
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:868
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:871
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1144,47 +1166,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:877
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:883
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:886
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:889
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:869
+#: sssd.conf.5.xml:893
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:898
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:879
+#: sssd.conf.5.xml:903
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:906
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1192,105 +1214,105 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:913
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:892
+#: sssd.conf.5.xml:916
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:920
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:925
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:904
+#: sssd.conf.5.xml:928
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:909
+#: sssd.conf.5.xml:933
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:936
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:940
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:945
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:948
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:954
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:937 sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:961 sssd.conf.5.xml:1215
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1218
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:973
 msgid "memcache_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:952
+#: sssd.conf.5.xml:976
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:983
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:967 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:991 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:994
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1301,96 +1323,96 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1007
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1012
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:993
+#: sssd.conf.5.xml:1017
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:996
+#: sssd.conf.5.xml:1020
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1025 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1004
+#: sssd.conf.5.xml:1028
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1012
+#: sssd.conf.5.xml:1036
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1038
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1043
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1022
+#: sssd.conf.5.xml:1046
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027 sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1051 sssd.conf.5.xml:1064
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1057
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1060
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1070
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1073
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1078
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1398,122 +1420,122 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1084 sssd.conf.5.xml:1182
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1090
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1093
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1098
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1101
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1104
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1108
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1111
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.8.xml:63
+#: sssd.conf.5.xml:1115 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1121
 msgid "pam_response_filter (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1124
 msgid ""
-"A comma separated list of strings which allows to remove (filter) data send "
+"A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
-"responses send to pam_sss e.g. messages displayed to the user or environment "
+"responses sent to pam_sss e.g. messages displayed to the user or environment "
 "variables which should be set by pam_sss."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1132
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1139
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1116
-msgid "Do not sent any environment variables to any service."
+#: sssd.conf.5.xml:1140
+msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1143
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
-msgid "Do not sent environment variable var_name to any service."
+#: sssd.conf.5.xml:1144
+msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1148
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1125
-msgid "Do not sent environment variable var_name to service."
+#: sssd.conf.5.xml:1149
+msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1137
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1159
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1165
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1168
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1521,7 +1543,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1174
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1530,17 +1552,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1188
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1167 sssd.conf.5.xml:1866
+#: sssd.conf.5.xml:1191 sssd.conf.5.xml:2010
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1194
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1548,26 +1570,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1869
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2013
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1205
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1227
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1206
+#: sssd.conf.5.xml:1230
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1577,74 +1599,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1240
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1220
+#: sssd.conf.5.xml:1244
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1251
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1254
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1258
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1238
+#: sssd.conf.5.xml:1262
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1242
+#: sssd.conf.5.xml:1266
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1246 sssd.conf.5.xml:1271 sssd.conf.5.xml:1290
-#: sssd.conf.5.xml:1663 sssd.conf.5.xml:2577 sssd-ldap.5.xml:1823
+#: sssd.conf.5.xml:1270 sssd.conf.5.xml:1295 sssd.conf.5.xml:1314
+#: sssd.conf.5.xml:1807 sssd.conf.5.xml:2751 sssd-ldap.5.xml:1850
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1275
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1254
+#: sssd.conf.5.xml:1278
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1283
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:1291
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1652,19 +1674,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1276
+#: sssd.conf.5.xml:1300
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1303
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1310
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1672,12 +1694,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1319
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1322
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1685,58 +1707,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1304 sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1078
-#: sssd-ldap.5.xml:1369 sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1896
+#: sssd.conf.5.xml:1328 sssd-ldap.5.xml:1078 sssd-ldap.5.xml:1105
+#: sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1417 sssd-ldap.5.xml:1923
 #: include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1309
+#: sssd.conf.5.xml:1333
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1312
+#: sssd.conf.5.xml:1336
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1340
 msgid "Default: /etc/pki/nssdb (NSS version)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1345
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1348
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1357
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1360
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1349
+#: sssd.conf.5.xml:1373
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1351
+#: sssd.conf.5.xml:1375
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1747,34 +1769,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1392
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1371
+#: sssd.conf.5.xml:1395
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1407
+msgid "sudo_threshold (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1410
+msgid ""
+"Maximum number of expired rules that can be refreshed at once. If number of "
+"expired rules is below threshold, those rules are refreshed with "
+"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
+"<quote>full refresh</quote> of sudo rules is triggered instead. This "
+"threshold number also applies to IPA sudo command and command group searches."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1429
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1431
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1390
+#: sssd.conf.5.xml:1435
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1393
+#: sssd.conf.5.xml:1438
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1782,68 +1819,68 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1409
+#: sssd.conf.5.xml:1454
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1411
+#: sssd.conf.5.xml:1456
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1415
+#: sssd.conf.5.xml:1460
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1463
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1427
+#: sssd.conf.5.xml:1472
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430
+#: sssd.conf.5.xml:1475
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1434
+#: sssd.conf.5.xml:1479
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1484
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1487
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1447
+#: sssd.conf.5.xml:1492
 msgid "Default: /etc/pki/nssdb"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1455
+#: sssd.conf.5.xml:1500
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1457
+#: sssd.conf.5.xml:1502
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1854,7 +1891,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1466
+#: sssd.conf.5.xml:1511
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1865,24 +1902,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1519
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1525
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1484 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1529 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1487
+#: sssd.conf.5.xml:1532
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1890,12 +1927,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1538
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1497
+#: sssd.conf.5.xml:1542
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -1904,29 +1941,142 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
+#: sssd.conf.5.xml:1551
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1554
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1567
+msgid "Session recording configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1569
+msgid ""
+"Session recording works in conjunction with <citerefentry> "
+"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>, a part of tlog package, to log what users see and type when "
+"they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
+"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1582
+msgid "These options can be used to configure session recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1586 sssd-session-recording.5.xml:64
+msgid "scope (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:71
+msgid "\"none\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:74
+msgid "No users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1601 sssd-session-recording.5.xml:79
+msgid "\"some\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1604 sssd-session-recording.5.xml:82
+msgid ""
+"Users/groups specified by <replaceable>users</replaceable> and "
+"<replaceable>groups</replaceable> options are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1613 sssd-session-recording.5.xml:91
+msgid "\"all\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1616 sssd-session-recording.5.xml:94
+msgid "All users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1589 sssd-session-recording.5.xml:67
+msgid ""
+"One of the following strings specifying the scope of session recording: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:101
+msgid "Default: \"none\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1628 sssd-session-recording.5.xml:106
+msgid "users (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1631 sssd-session-recording.5.xml:109
+msgid ""
+"A comma-separated list of users which should have session recording enabled. "
+"Matches user names as returned by NSS. I.e. after the possible space "
+"replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1637 sssd-session-recording.5.xml:115
+msgid "Default: Empty. Matches no users."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1642 sssd-session-recording.5.xml:120
+msgid "groups (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1645 sssd-session-recording.5.xml:123
+msgid ""
+"A comma-separated list of groups, members of which should have session "
+"recording enabled. Matches group names as returned by NSS. I.e. after the "
+"possible space replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1651 sssd-session-recording.5.xml:129
+msgid ""
+"NOTE: using this option (having it set to anything) has a considerable "
+"performance cost, because each uncached request for a user requires "
+"retrieving and matching the groups the user is member of."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:136
+msgid "Default: Empty. Matches no groups."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1668
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1531
+#: sssd.conf.5.xml:1675
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1534
+#: sssd.conf.5.xml:1678
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -1935,14 +2085,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1542
+#: sssd.conf.5.xml:1686
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546
+#: sssd.conf.5.xml:1690
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -1951,38 +2101,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1698
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1702
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1562
+#: sssd.conf.5.xml:1706
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1568
+#: sssd.conf.5.xml:1712
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1715
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1720
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1991,46 +2141,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1727
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1731
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1737
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596
+#: sssd.conf.5.xml:1740
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1744
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603
+#: sssd.conf.5.xml:1747
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1821 sssd.conf.5.xml:1988
+#: sssd.conf.5.xml:1750 sssd.conf.5.xml:1965 sssd.conf.5.xml:2132
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1609
+#: sssd.conf.5.xml:1753
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2042,14 +2192,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1766
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1771
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2058,39 +2208,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:1779
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1643
+#: sssd.conf.5.xml:1787
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1650
+#: sssd.conf.5.xml:1794
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1651
+#: sssd.conf.5.xml:1795
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1798
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1799
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1790
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2099,19 +2249,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1813
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672
+#: sssd.conf.5.xml:1816
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1820
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2122,151 +2272,151 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1689
+#: sssd.conf.5.xml:1833
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1695
+#: sssd.conf.5.xml:1839
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1698
+#: sssd.conf.5.xml:1842
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1702 sssd.conf.5.xml:1715 sssd.conf.5.xml:1728
-#: sssd.conf.5.xml:1741 sssd.conf.5.xml:1754 sssd.conf.5.xml:1768
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1846 sssd.conf.5.xml:1859 sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1885 sssd.conf.5.xml:1898 sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1926
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1708
+#: sssd.conf.5.xml:1852
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1711
+#: sssd.conf.5.xml:1855
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1721
+#: sssd.conf.5.xml:1865
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1868
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1878
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1881
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1891
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1750
+#: sssd.conf.5.xml:1894
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1760
+#: sssd.conf.5.xml:1904
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1763
+#: sssd.conf.5.xml:1907
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1774
+#: sssd.conf.5.xml:1918
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1921
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1932
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1791
+#: sssd.conf.5.xml:1935
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1796
+#: sssd.conf.5.xml:1940
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1944
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1804 sssd-ldap.5.xml:746 sssd-ipa.5.xml:247
+#: sssd.conf.5.xml:1948 sssd-ldap.5.xml:746 sssd-ipa.5.xml:248
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1810
+#: sssd.conf.5.xml:1954
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1957
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1961
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1827
+#: sssd.conf.5.xml:1971
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1830
+#: sssd.conf.5.xml:1974
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2274,24 +2424,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1981
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1986
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1992
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1995
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2300,17 +2450,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1858
+#: sssd.conf.5.xml:2002
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:2007
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1874
+#: sssd.conf.5.xml:2018
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2319,33 +2469,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1881
+#: sssd.conf.5.xml:2025
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:2031
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2034
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1894
+#: sssd.conf.5.xml:2038
 msgid "<quote>proxy</quote>: Support a legacy NSS provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897 sssd.conf.5.xml:2034
+#: sssd.conf.5.xml:2041 sssd.conf.5.xml:2178
 msgid "<quote>local</quote>: SSSD internal provider for local users"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:2045
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2353,8 +2503,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1909 sssd.conf.5.xml:2014 sssd.conf.5.xml:2069
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2053 sssd.conf.5.xml:2158 sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2363,8 +2513,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1918 sssd.conf.5.xml:2023 sssd.conf.5.xml:2078
-#: sssd.conf.5.xml:2141
+#: sssd.conf.5.xml:2062 sssd.conf.5.xml:2167 sssd.conf.5.xml:2222
+#: sssd.conf.5.xml:2285
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2372,19 +2522,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2073
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:2076
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2081
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2393,7 +2543,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1945
+#: sssd.conf.5.xml:2089
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2401,22 +2551,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1952
+#: sssd.conf.5.xml:2096
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2102
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1961
+#: sssd.conf.5.xml:2105
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2108
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2428,7 +2578,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1982
+#: sssd.conf.5.xml:2126
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2436,19 +2586,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1993
+#: sssd.conf.5.xml:2137
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1996
+#: sssd.conf.5.xml:2140
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000 sssd.conf.5.xml:2062
+#: sssd.conf.5.xml:2144 sssd.conf.5.xml:2206
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2456,7 +2606,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2007
+#: sssd.conf.5.xml:2151
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2464,30 +2614,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2175
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2182
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2041
+#: sssd.conf.5.xml:2185
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2191
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2194
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2495,19 +2645,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
+#: sssd.conf.5.xml:2200
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059
+#: sssd.conf.5.xml:2203
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2086
+#: sssd.conf.5.xml:2230
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2516,7 +2666,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2093
+#: sssd.conf.5.xml:2237
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -2524,29 +2674,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2244
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2247
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2108
+#: sssd.conf.5.xml:2252
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2111
+#: sssd.conf.5.xml:2255
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2116
+#: sssd.conf.5.xml:2260
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2554,7 +2704,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2124
+#: sssd.conf.5.xml:2268
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2562,35 +2712,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2149
+#: sssd.conf.5.xml:2293
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2153
+#: sssd.conf.5.xml:2297
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2300
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2163
+#: sssd.conf.5.xml:2307
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2166
+#: sssd.conf.5.xml:2310
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2314
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2598,32 +2748,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2178
+#: sssd.conf.5.xml:2322
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2326
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2186
+#: sssd.conf.5.xml:2330
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189 sssd.conf.5.xml:2267 sssd.conf.5.xml:2308
-#: sssd.conf.5.xml:2333
+#: sssd.conf.5.xml:2333 sssd.conf.5.xml:2411 sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2501
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2337
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2634,12 +2784,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2210
+#: sssd.conf.5.xml:2354
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2357
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -2647,7 +2797,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2219
+#: sssd.conf.5.xml:2363
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2655,31 +2805,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2227
+#: sssd.conf.5.xml:2371
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2230
+#: sssd.conf.5.xml:2374
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2380
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2383
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2245
+#: sssd.conf.5.xml:2389
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2687,7 +2837,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2254
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2696,23 +2846,54 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2263
+#: sssd.conf.5.xml:2407
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2417
+msgid "session_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2420
+msgid ""
+"The provider which configures and manages user session related tasks. The "
+"only user session task currently provided is the integration with Fleet "
+"Commander, which works only with IPA.  Supported session providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2427
+msgid "<quote>ipa</quote> to allow performing user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2431
+msgid ""
+"<quote>none</quote> does not perform any kind of user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2435
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can perform "
+"session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2442
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2445
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2449
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2720,7 +2901,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2288
+#: sssd.conf.5.xml:2456
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2728,7 +2909,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2296
+#: sssd.conf.5.xml:2464
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2736,24 +2917,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2305
+#: sssd.conf.5.xml:2473
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2483
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2486
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2322
+#: sssd.conf.5.xml:2490
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2761,12 +2942,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2330
+#: sssd.conf.5.xml:2498
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2343
+#: sssd.conf.5.xml:2511
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -2776,7 +2957,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2520
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2785,29 +2966,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2525
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2528
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2363
+#: sssd.conf.5.xml:2531
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2366
+#: sssd.conf.5.xml:2534
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2371
+#: sssd.conf.5.xml:2539
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2815,7 +2996,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2377
+#: sssd.conf.5.xml:2545
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2823,137 +3004,145 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2384
+#: sssd.conf.5.xml:2552
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2431
+#: sssd.conf.5.xml:2599
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2437
+#: sssd.conf.5.xml:2605
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2440
+#: sssd.conf.5.xml:2608
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2444
+#: sssd.conf.5.xml:2612
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2447
+#: sssd.conf.5.xml:2615
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2450
+#: sssd.conf.5.xml:2618
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2621
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2456
+#: sssd.conf.5.xml:2624
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2459
+#: sssd.conf.5.xml:2627
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2633
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2468
+#: sssd.conf.5.xml:2636
 msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
+"Defines the amount of time (in seconds) to wait for a reply from the "
+"internal fail over service before assuming that the service is unreachable. "
+"If this timeout is reached, the domain will continue to operate in offline "
+"mode."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2474 sssd-ldap.5.xml:1251 sssd-ldap.5.xml:1293
-#: sssd-ldap.5.xml:1311 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2643
+msgid ""
+"Please see the section <quote>FAILOVER</quote> for more information about "
+"the service resolution."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2648 sssd-ldap.5.xml:1278 sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1338 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2654
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2483
+#: sssd.conf.5.xml:2657
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2661
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2493
+#: sssd.conf.5.xml:2667
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2496
+#: sssd.conf.5.xml:2670
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2502
+#: sssd.conf.5.xml:2676
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2510
+#: sssd.conf.5.xml:2684
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2513
+#: sssd.conf.5.xml:2687
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2519
+#: sssd.conf.5.xml:2693
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2695
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2525
+#: sssd.conf.5.xml:2699
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2528
+#: sssd.conf.5.xml:2702
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -2961,7 +3150,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2505
+#: sssd.conf.5.xml:2679
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -2969,17 +3158,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2540
+#: sssd.conf.5.xml:2714
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2546
+#: sssd.conf.5.xml:2720
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2549
+#: sssd.conf.5.xml:2723
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -2987,34 +3176,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2729
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2558
+#: sssd.conf.5.xml:2732
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2561 sssd-ldap.5.xml:1084
+#: sssd.conf.5.xml:2735 sssd-ldap.5.xml:1111
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2564
+#: sssd.conf.5.xml:2738
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2567
+#: sssd.conf.5.xml:2741
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2573
+#: sssd.conf.5.xml:2747
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3022,32 +3211,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2571 sssd-secrets.5.xml:381
+#: sssd.conf.5.xml:2745 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2580
+#: sssd.conf.5.xml:2754
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2587
+#: sssd.conf.5.xml:2761
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2772
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2599
+#: sssd.conf.5.xml:2773
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2764
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3057,34 +3246,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:2778
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:2782
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2613
+#: sssd.conf.5.xml:2787
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2616
+#: sssd.conf.5.xml:2790
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2622
+#: sssd.conf.5.xml:2796
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2625
+#: sssd.conf.5.xml:2799
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3092,12 +3281,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2805
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2635
+#: sssd.conf.5.xml:2809
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3105,7 +3294,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1670
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3113,29 +3302,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2653
+#: sssd.conf.5.xml:2827
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2656
+#: sssd.conf.5.xml:2830
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2659
+#: sssd.conf.5.xml:2833
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2841
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2670
+#: sssd.conf.5.xml:2844
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3143,12 +3332,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2680
+#: sssd.conf.5.xml:2854
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2683
+#: sssd.conf.5.xml:2857
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3157,12 +3346,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2697
+#: sssd.conf.5.xml:2871
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2700
+#: sssd.conf.5.xml:2874
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3170,19 +3359,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2823
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2890
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2892
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3199,7 +3388,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2738
+#: sssd.conf.5.xml:2912
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3207,17 +3396,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2744
+#: sssd.conf.5.xml:2918
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2746
+#: sssd.conf.5.xml:2920
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2749
+#: sssd.conf.5.xml:2923
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3226,18 +3415,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2937
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
-"through the NSS responder. In addition, the application domains also "
-"requests the telephoneNumber attribute, stores it as the phone attribute in "
-"the cache and makes the phone attribute reachable through the D-Bus "
-"interface."
+"through the NSS responder. In addition, the application domain also requests "
+"the telephoneNumber attribute, stores it as the phone attribute in the cache "
+"and makes the phone attribute reachable through the D-Bus interface."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:2771
+#: sssd.conf.5.xml:2945
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3257,12 +3445,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2963
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2791
+#: sssd.conf.5.xml:2965
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3270,73 +3458,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2798
+#: sssd.conf.5.xml:2972
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2975
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2805
+#: sssd.conf.5.xml:2979
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2810
+#: sssd.conf.5.xml:2984
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2987
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2992
 msgid "Default: <filename>/home</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2823
+#: sssd.conf.5.xml:2997
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:3000
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830 sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:3004 sssd.conf.5.xml:3016
 msgid "Default: TRUE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2835
+#: sssd.conf.5.xml:3009
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2838
+#: sssd.conf.5.xml:3012
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2847
+#: sssd.conf.5.xml:3021
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2850
+#: sssd.conf.5.xml:3024
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3344,17 +3532,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2858
+#: sssd.conf.5.xml:3032
 msgid "Default: 077"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:3037
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2866
+#: sssd.conf.5.xml:3040
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3363,17 +3551,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2876
+#: sssd.conf.5.xml:3050
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2881
+#: sssd.conf.5.xml:3055
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2884
+#: sssd.conf.5.xml:3058
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3381,17 +3569,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2891
+#: sssd.conf.5.xml:3065
 msgid "Default: <filename>/var/mail</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:3070
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2899
+#: sssd.conf.5.xml:3073
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3399,86 +3587,85 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2905
+#: sssd.conf.5.xml:3079
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2915
+#: sssd.conf.5.xml:3089
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:3091
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
 "<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
-"replaceable>]</quote>.  Currently supported options in the trusted domain "
-"section are:"
+"replaceable>]</quote>.  Where DOMAIN_NAME is the actual joined-to base "
+"domain. Please refer to examples below for explanation.  Currently supported "
+"options in the trusted domain section are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2922
+#: sssd.conf.5.xml:3098
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:3099
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2924
+#: sssd.conf.5.xml:3100
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2925
+#: sssd.conf.5.xml:3101
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:3102
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2927
+#: sssd.conf.5.xml:3103
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2928
+#: sssd.conf.5.xml:3104
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2929
+#: sssd.conf.5.xml:3105
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2930
+#: sssd.conf.5.xml:3106
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2932
+#: sssd.conf.5.xml:3108
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2938 sssd-ldap.5.xml:2662 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:673 sssd-ad.5.xml:1018 sssd-krb5.5.xml:570
-#: sss_rpcidmapd.5.xml:98 sssd-files.5.xml:71
-msgid "EXAMPLE"
+#: sssd.conf.5.xml:3114 idmap_sss.8.xml:43
+msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2944
+#: sssd.conf.5.xml:3120
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3508,14 +3695,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2940
+#: sssd.conf.5.xml:3116
 msgid ""
-"The following example shows a typical SSSD config. It does not describe "
+"1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 "id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:3153
+#, no-wrap
+msgid ""
+"[domain/ipa.com/child.ad.com]\n"
+"use_fully_qualified_names = false\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3147
+msgid ""
+"2. The following example shows configuration of IPA AD trust where the AD "
+"forest consists of two domains in a parent-child structure.  Suppose IPA "
+"domain (ipa.com) has trust with AD domain(ad.com).  ad.com has child domain "
+"(child.ad.com). To enable shortnames in the child domain the following "
+"configuration should be used.  <placeholder type=\"programlisting\" id=\"0\"/"
+">"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
 msgid "sssd-ldap"
@@ -3556,7 +3762,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:75 sssd-ad.5.xml:99
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
-#: sssd-secrets.5.xml:94 sssd-kcm.8.xml:141
+#: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
 msgstr ""
 
@@ -3576,7 +3782,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:197
+#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:264
 msgid "The format of the URI must match the format defined in RFC 2732:"
 msgstr ""
 
@@ -3856,7 +4062,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:893
+#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:920
 msgid "Default: gidNumber"
 msgstr ""
 
@@ -3934,7 +4140,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:919
+#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:946
 msgid ""
 "Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
 "IPA"
@@ -3953,7 +4159,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:961
 msgid "Default: objectSid for ActiveDirectory, not set for other servers."
 msgstr ""
 
@@ -3963,14 +4169,14 @@ msgid "ldap_user_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:944 sssd-ldap.5.xml:1167
+#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:971 sssd-ldap.5.xml:1194
 msgid ""
 "The LDAP attribute that contains timestamp of the last modification of the "
 "parent object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:948 sssd-ldap.5.xml:1174
+#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:975 sssd-ldap.5.xml:1201
 msgid "Default: modifyTimestamp"
 msgstr ""
 
@@ -4365,8 +4571,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1199
-#: sssd-ldap.5.xml:2240 sssd-ipa.5.xml:544
+#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1152 sssd-ldap.5.xml:1226
+#: sssd-ldap.5.xml:2276 sssd-ipa.5.xml:588
 msgid "Default: cn"
 msgstr ""
 
@@ -4453,130 +4659,163 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:833
-msgid "ldap_user_certificate (string)"
+msgid "ldap_user_authorized_rhost (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:836
+msgid ""
+"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
+"presence of the rhost attribute in the user's LDAP entry to determine access "
+"privilege. Similarly to host verification process."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:843
+msgid ""
+"An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
+"explicit allow (rhost) and finally for allow_all (*)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:848
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>rhost</quote> in order for the "
+"ldap_user_authorized_rhost option to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:855
+msgid "Default: rhost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:861
+msgid "ldap_user_certificate (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
 msgid "Name of the LDAP attribute containing the X509 certificate of the user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:840
-msgid "Default: no set in the general case, userCertificate;binary for IPA"
+#: sssd-ldap.5.xml:868
+msgid "Default: userCertificate;binary"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:847
+#: sssd-ldap.5.xml:874
 msgid "ldap_user_email (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:850
+#: sssd-ldap.5.xml:877
 msgid "Name of the LDAP attribute containing the email address of the user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
+#: sssd-ldap.5.xml:881
 msgid "Default: mail"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:860
+#: sssd-ldap.5.xml:887
 msgid "ldap_group_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:890
 msgid "The object class of a group entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:893
 msgid "Default: posixGroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:872
+#: sssd-ldap.5.xml:899
 msgid "ldap_group_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:875
+#: sssd-ldap.5.xml:902
 msgid "The LDAP attribute that corresponds to the group name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:879
+#: sssd-ldap.5.xml:906
 msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:886
+#: sssd-ldap.5.xml:913
 msgid "ldap_group_gid_number (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:916
 msgid "The LDAP attribute that corresponds to the group's id."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:926
 msgid "ldap_group_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:902
+#: sssd-ldap.5.xml:929
 msgid "The LDAP attribute that contains the names of the group's members."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:933
 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:939
 msgid "ldap_group_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:942
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:953
 msgid "ldap_group_objectsid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:929
+#: sssd-ldap.5.xml:956
 msgid ""
 "The LDAP attribute that contains the objectSID of an LDAP group object. This "
 "is usually only necessary for ActiveDirectory servers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:968
 msgid "ldap_group_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:981
 msgid "ldap_group_type (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:957
+#: sssd-ldap.5.xml:984
 msgid ""
 "The LDAP attribute that contains an integer value indicating the type of the "
 "group and maybe other flags."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:962
+#: sssd-ldap.5.xml:989
 msgid ""
 "This attribute is currently only used by the AD provider to determine if a "
 "group is a domain local groups and has to be filtered out for trusted "
@@ -4584,34 +4823,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:968
+#: sssd-ldap.5.xml:995
 msgid "Default: groupType in the AD provider, otherwise not set"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:975
+#: sssd-ldap.5.xml:1002
 msgid "ldap_group_external_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:978
+#: sssd-ldap.5.xml:1005
 msgid ""
 "The LDAP attribute that references group members that are defined in an "
 "external domain. At the moment, only IPA's external members are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:1011
 msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1018
 msgid "ldap_group_nesting_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1021
 msgid ""
 "If ldap_schema is set to a schema format that supports nested groups (e.g. "
 "RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -4619,7 +4858,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
+#: sssd-ldap.5.xml:1028
 msgid ""
 "Note: This option specifies the guaranteed level of nested groups to be "
 "processed for any lookup. However, nested groups beyond this limit "
@@ -4629,7 +4868,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1037
 msgid ""
 "If ldap_group_nesting_level is set to 0 then no nested groups are processed "
 "at all. However, when connected to Active-Directory Server 2008 and later "
@@ -4639,17 +4878,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1046
 msgid "Default: 2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1025
+#: sssd-ldap.5.xml:1052
 msgid "ldap_groups_use_matching_rule_in_chain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1028
+#: sssd-ldap.5.xml:1055
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which may speed up group lookup operations on deployments with "
@@ -4657,14 +4896,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1034
+#: sssd-ldap.5.xml:1061
 msgid ""
 "In most common cases, it is best to leave this option disabled. It generally "
 "only provides a performance increase on very complex nestings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039 sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1093
 msgid ""
 "If this option is enabled, SSSD will use it if it detects that the server "
 "supports it during initial connection. So \"True\" here essentially means "
@@ -4672,7 +4911,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1072
+#: sssd-ldap.5.xml:1072 sssd-ldap.5.xml:1099
 msgid ""
 "Note: This feature is currently known to work only with Active Directory "
 "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4681,12 +4920,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1057
+#: sssd-ldap.5.xml:1084
 msgid "ldap_initgroups_use_matching_rule_in_chain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1087
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which might speed up initgroups operations (most notably when "
@@ -4694,168 +4933,168 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1114
 msgid ""
 "This options enables or disables use of Token-Groups attribute when "
 "performing initgroup for users from Active Directory Server 2008 and later."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1092
+#: sssd-ldap.5.xml:1119
 msgid "Default: True for AD and IPA otherwise False."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1125
 msgid "ldap_netgroup_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1101
+#: sssd-ldap.5.xml:1128
 msgid "The object class of a netgroup entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1104
+#: sssd-ldap.5.xml:1131
 msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1108
+#: sssd-ldap.5.xml:1135
 msgid "Default: nisNetgroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1114
+#: sssd-ldap.5.xml:1141
 msgid "ldap_netgroup_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1117
+#: sssd-ldap.5.xml:1144
 msgid "The LDAP attribute that corresponds to the netgroup name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1121
+#: sssd-ldap.5.xml:1148
 msgid "In IPA provider, ipa_netgroup_name should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1131
+#: sssd-ldap.5.xml:1158
 msgid "ldap_netgroup_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1134
+#: sssd-ldap.5.xml:1161
 msgid "The LDAP attribute that contains the names of the netgroup's members."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1165
 msgid "In IPA provider, ipa_netgroup_member should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1142
+#: sssd-ldap.5.xml:1169
 msgid "Default: memberNisNetgroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1175
 msgid "ldap_netgroup_triple (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1178
 msgid ""
 "The LDAP attribute that contains the (host, user, domain) netgroup triples."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1155 sssd-ldap.5.xml:1171
+#: sssd-ldap.5.xml:1182 sssd-ldap.5.xml:1198
 msgid "This option is not available in IPA provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1158
+#: sssd-ldap.5.xml:1185
 msgid "Default: nisNetgroupTriple"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1191
 msgid "ldap_netgroup_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1207
 msgid "ldap_service_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1210
 msgid "The object class of a service entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1186
+#: sssd-ldap.5.xml:1213
 msgid "Default: ipService"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1192
+#: sssd-ldap.5.xml:1219
 msgid "ldap_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1195
+#: sssd-ldap.5.xml:1222
 msgid ""
 "The LDAP attribute that contains the name of service attributes and their "
 "aliases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1205
+#: sssd-ldap.5.xml:1232
 msgid "ldap_service_port (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1235
 msgid "The LDAP attribute that contains the port managed by this service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1239
 msgid "Default: ipServicePort"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1245
 msgid "ldap_service_proto (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1248
 msgid ""
 "The LDAP attribute that contains the protocols understood by this service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1252
 msgid "Default: ipServiceProtocol"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1231
+#: sssd-ldap.5.xml:1258
 msgid "ldap_service_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1236
+#: sssd-ldap.5.xml:1263
 msgid "ldap_search_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1266
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches are allowed to run "
 "before they are cancelled and cached results are returned (and offline mode "
@@ -4863,7 +5102,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1245
+#: sssd-ldap.5.xml:1272
 msgid ""
 "Note: this option is subject to change in future versions of the SSSD. It "
 "will likely be replaced at some point by a series of timeouts for specific "
@@ -4871,12 +5110,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1257
+#: sssd-ldap.5.xml:1284
 msgid "ldap_enumeration_search_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1260
+#: sssd-ldap.5.xml:1287
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches for user and group "
 "enumerations are allowed to run before they are cancelled and cached results "
@@ -4884,12 +5123,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1273
+#: sssd-ldap.5.xml:1300
 msgid "ldap_network_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1303
 msgid ""
 "Specifies the timeout (in seconds) after which the <citerefentry> "
 "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4900,12 +5139,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1326
 msgid "ldap_opt_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1329
 msgid ""
 "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
 "will abort if no response is received. Also controls the timeout when "
@@ -4914,12 +5153,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1344
 msgid "ldap_connection_expire_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1347
 msgid ""
 "Specifies a timeout (in seconds) that a connection to an LDAP server will be "
 "maintained. After this time, the connection will be re-established. If used "
@@ -4928,34 +5167,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1328 sssd-ldap.5.xml:2397
+#: sssd-ldap.5.xml:1355 sssd-ldap.5.xml:2433
 msgid "Default: 900 (15 minutes)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1361
 msgid "ldap_page_size (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1364
 msgid ""
 "Specify the number of records to retrieve from LDAP in a single request. "
 "Some LDAP servers enforce a maximum limit per-request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1342
+#: sssd-ldap.5.xml:1369
 msgid "Default: 1000"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1375
 msgid "ldap_disable_paging (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1378
 msgid ""
 "Disable the LDAP paging control. This option should be used if the LDAP "
 "server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4963,14 +5202,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1384
 msgid ""
 "Example: OpenLDAP servers with the paging control module installed on the "
 "server but not enabled will report it in the RootDSE but be unable to use it."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1363
+#: sssd-ldap.5.xml:1390
 msgid ""
 "Example: 389 DS has a bug where it can only support a one paging control at "
 "a time on a single connection. On busy clients, this can result in some "
@@ -4978,17 +5217,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1375
+#: sssd-ldap.5.xml:1402
 msgid "ldap_disable_range_retrieval (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1378
+#: sssd-ldap.5.xml:1405
 msgid "Disable Active Directory range retrieval."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1381
+#: sssd-ldap.5.xml:1408
 msgid ""
 "Active Directory limits the number of members to be retrieved in a single "
 "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4998,12 +5237,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1396
+#: sssd-ldap.5.xml:1423
 msgid "ldap_sasl_minssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1426
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -5011,17 +5250,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1432
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1439
 msgid "ldap_deref_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1415
+#: sssd-ldap.5.xml:1442
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -5029,13 +5268,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1448
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1452
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -5044,7 +5283,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1433
+#: sssd-ldap.5.xml:1460
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -5052,26 +5291,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1473
 msgid "ldap_tls_reqcert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1449
+#: sssd-ldap.5.xml:1476
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1482
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1486
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5079,7 +5318,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466
+#: sssd-ldap.5.xml:1493
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5087,7 +5326,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1472
+#: sssd-ldap.5.xml:1499
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -5095,41 +5334,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1478
+#: sssd-ldap.5.xml:1505
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1509
 msgid "Default: hard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1515
 msgid "ldap_tls_cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1518
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1496 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1523 sssd-ldap.5.xml:1541 sssd-ldap.5.xml:1582
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1530
 msgid "ldap_tls_cacertdir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1533
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -5138,32 +5377,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1548
 msgid "ldap_tls_cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1524
+#: sssd-ldap.5.xml:1551
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1534
+#: sssd-ldap.5.xml:1561
 msgid "ldap_tls_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1564
 msgid "Specifies the file that contains the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1573
 msgid "ldap_tls_cipher_suite (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1576
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -5171,24 +5410,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1589
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1565
+#: sssd-ldap.5.xml:1592
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem class="
 "\"protocol\">tls</systemitem> to protect the channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1602
 msgid "ldap_id_mapping (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1605
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -5196,17 +5435,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1584
+#: sssd-ldap.5.xml:1611
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1621
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1624
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -5217,29 +5456,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1636
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1642
 msgid "ldap_sasl_mech (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1645
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
 "supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1655
 msgid "ldap_sasl_authid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1658
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI is used, this "
 "represents the Kerberos principal used for authentication to the directory.  "
@@ -5248,17 +5487,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1666
 msgid "Default: host/hostname@REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1672
 msgid "ldap_sasl_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1648
+#: sssd-ldap.5.xml:1675
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -5266,49 +5505,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1681
 msgid "Default: the value of krb5_realm."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1687
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1663
+#: sssd-ldap.5.xml:1690
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1668
+#: sssd-ldap.5.xml:1695
 msgid "Default: false;"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1701
 msgid "ldap_krb5_keytab (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1677
+#: sssd-ldap.5.xml:1704
 msgid "Specify the keytab to use when using SASL/GSSAPI."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1680
+#: sssd-ldap.5.xml:1707
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1686
+#: sssd-ldap.5.xml:1713
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1689
+#: sssd-ldap.5.xml:1716
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -5316,27 +5555,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1728
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1704
+#: sssd-ldap.5.xml:1731
 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1708 sssd-ad.5.xml:914
+#: sssd-ldap.5.xml:1735 sssd-ad.5.xml:914
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1714 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1741 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1717
+#: sssd-ldap.5.xml:1744
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -5348,7 +5587,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1756 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -5356,7 +5595,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1761 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -5364,39 +5603,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1743 sssd-ipa.5.xml:418 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1770 sssd-ipa.5.xml:432 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1746
+#: sssd-ldap.5.xml:1773
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1749
+#: sssd-ldap.5.xml:1776
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1755 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1782 sssd-krb5.5.xml:462
 msgid "krb5_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1785
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1770 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1797 sssd-krb5.5.xml:477
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1773 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1800 sssd-krb5.5.xml:480
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -5406,7 +5645,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1811 sssd-krb5.5.xml:491
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -5414,26 +5653,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1825
 msgid "ldap_pwd_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1828
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1806
+#: sssd-ldap.5.xml:1833
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1811
+#: sssd-ldap.5.xml:1838
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -5441,7 +5680,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1817
+#: sssd-ldap.5.xml:1844
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5449,31 +5688,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1826
+#: sssd-ldap.5.xml:1853
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1861
 msgid "ldap_referrals (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1864
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1868
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1873
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5482,56 +5721,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1887
 msgid "ldap_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1890
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1894
 msgid "Default: ldap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1900
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1876
+#: sssd-ldap.5.xml:1903
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1881
+#: sssd-ldap.5.xml:1908
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1887
+#: sssd-ldap.5.xml:1914
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1890
+#: sssd-ldap.5.xml:1917
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1902
+#: sssd-ldap.5.xml:1929
 msgid "ldap_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1932
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -5547,12 +5786,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1952
 msgid "Example:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1928
+#: sssd-ldap.5.xml:1955
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -5561,14 +5800,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1959
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1964
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -5577,24 +5816,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1945 sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:1972 sssd-ldap.5.xml:2029
 msgid "Default: Empty"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1951
+#: sssd-ldap.5.xml:1978
 msgid "ldap_account_expire_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1981
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1958
+#: sssd-ldap.5.xml:1985
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5602,19 +5841,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1965
+#: sssd-ldap.5.xml:1992
 msgid "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1995
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1973
+#: sssd-ldap.5.xml:2000
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5623,7 +5862,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:2007
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5631,7 +5870,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1986
+#: sssd-ldap.5.xml:2013
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5640,7 +5879,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2022
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -5648,22 +5887,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2035
 msgid "ldap_access_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2011
+#: sssd-ldap.5.xml:2038
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2042
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2045
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5673,14 +5912,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2028
+#: sssd-ldap.5.xml:2055
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2062
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5693,12 +5932,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2052
+#: sssd-ldap.5.xml:2079
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2056
+#: sssd-ldap.5.xml:2083
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5708,7 +5947,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2093
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5718,49 +5957,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2101
 msgid ""
 "Note If user password is expired no explicit message is prompted by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2105
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2083
+#: sssd-ldap.5.xml:2110
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2115
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2092
+#: sssd-ldap.5.xml:2119
+msgid ""
+"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
+"remote host can access"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2123
+msgid ""
+"Please note, rhost field in pam is set by application, it is better to check "
+"what the application sends to pam, before enabling this access control option"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2128
 msgid "Default: filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2095
+#: sssd-ldap.5.xml:2131
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2102
+#: sssd-ldap.5.xml:2138
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2105
+#: sssd-ldap.5.xml:2141
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -5769,74 +6022,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2113
+#: sssd-ldap.5.xml:2149
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2152
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2122
+#: sssd-ldap.5.xml:2158
 msgid "ldap_deref (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2125
+#: sssd-ldap.5.xml:2161
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2130
+#: sssd-ldap.5.xml:2166
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2134
+#: sssd-ldap.5.xml:2170
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2139
+#: sssd-ldap.5.xml:2175
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2144
+#: sssd-ldap.5.xml:2180
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2149
+#: sssd-ldap.5.xml:2185
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2157
+#: sssd-ldap.5.xml:2193
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2196
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2200
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -5847,7 +6100,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2175
+#: sssd-ldap.5.xml:2211
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -5855,24 +6108,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187 sssd-ifp.5.xml:136
-msgid "wildcart_limit (integer)"
+#: sssd-ldap.5.xml:2223 sssd-ifp.5.xml:136
+msgid "wildcard_limit (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2226
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2194
+#: sssd-ldap.5.xml:2230
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2234
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
@@ -5887,12 +6140,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2244
 msgid "SUDO OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2210
+#: sssd-ldap.5.xml:2246
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5900,208 +6153,208 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2221
+#: sssd-ldap.5.xml:2257
 msgid "ldap_sudorule_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2260
 msgid "The object class of a sudo rule entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2227
+#: sssd-ldap.5.xml:2263
 msgid "Default: sudoRole"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2233
+#: sssd-ldap.5.xml:2269
 msgid "ldap_sudorule_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2272
 msgid "The LDAP attribute that corresponds to the sudo rule name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2246
+#: sssd-ldap.5.xml:2282
 msgid "ldap_sudorule_command (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2249
+#: sssd-ldap.5.xml:2285
 msgid "The LDAP attribute that corresponds to the command name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2253
+#: sssd-ldap.5.xml:2289
 msgid "Default: sudoCommand"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2259
+#: sssd-ldap.5.xml:2295
 msgid "ldap_sudorule_host (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2262
+#: sssd-ldap.5.xml:2298
 msgid ""
 "The LDAP attribute that corresponds to the host name (or host IP address, "
 "host IP network, or host netgroup)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2303
 msgid "Default: sudoHost"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2273
+#: sssd-ldap.5.xml:2309
 msgid "ldap_sudorule_user (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2276
+#: sssd-ldap.5.xml:2312
 msgid ""
 "The LDAP attribute that corresponds to the user name (or UID, group name or "
 "user's netgroup)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2316
 msgid "Default: sudoUser"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2286
+#: sssd-ldap.5.xml:2322
 msgid "ldap_sudorule_option (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2289
+#: sssd-ldap.5.xml:2325
 msgid "The LDAP attribute that corresponds to the sudo options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2329
 msgid "Default: sudoOption"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2335
 msgid "ldap_sudorule_runasuser (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2302
+#: sssd-ldap.5.xml:2338
 msgid ""
 "The LDAP attribute that corresponds to the user name that commands may be "
 "run as."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2306
+#: sssd-ldap.5.xml:2342
 msgid "Default: sudoRunAsUser"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2312
+#: sssd-ldap.5.xml:2348
 msgid "ldap_sudorule_runasgroup (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2351
 msgid ""
 "The LDAP attribute that corresponds to the group name or group GID that "
 "commands may be run as."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2319
+#: sssd-ldap.5.xml:2355
 msgid "Default: sudoRunAsGroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2361
 msgid "ldap_sudorule_notbefore (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2328
+#: sssd-ldap.5.xml:2364
 msgid ""
 "The LDAP attribute that corresponds to the start date/time for when the sudo "
 "rule is valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2332
+#: sssd-ldap.5.xml:2368
 msgid "Default: sudoNotBefore"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2338
+#: sssd-ldap.5.xml:2374
 msgid "ldap_sudorule_notafter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2341
+#: sssd-ldap.5.xml:2377
 msgid ""
 "The LDAP attribute that corresponds to the expiration date/time, after which "
 "the sudo rule will no longer be valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2346
+#: sssd-ldap.5.xml:2382
 msgid "Default: sudoNotAfter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2352
+#: sssd-ldap.5.xml:2388
 msgid "ldap_sudorule_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2391
 msgid "The LDAP attribute that corresponds to the ordering index of the rule."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2359
+#: sssd-ldap.5.xml:2395
 msgid "Default: sudoOrder"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2365
+#: sssd-ldap.5.xml:2401
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2368
+#: sssd-ldap.5.xml:2404
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2373
+#: sssd-ldap.5.xml:2409
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2378
+#: sssd-ldap.5.xml:2414
 msgid "Default: 21600 (6 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2420
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387
+#: sssd-ldap.5.xml:2423
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest USN "
@@ -6109,101 +6362,101 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2429
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2403
+#: sssd-ldap.5.xml:2439
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2406
+#: sssd-ldap.5.xml:2442
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2417
+#: sssd-ldap.5.xml:2453
 msgid "ldap_sudo_hostnames (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2420
+#: sssd-ldap.5.xml:2456
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2425
+#: sssd-ldap.5.xml:2461
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2430 sssd-ldap.5.xml:2453 sssd-ldap.5.xml:2471
-#: sssd-ldap.5.xml:2489
+#: sssd-ldap.5.xml:2466 sssd-ldap.5.xml:2489 sssd-ldap.5.xml:2507
+#: sssd-ldap.5.xml:2525
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2435 sssd-ldap.5.xml:2458
+#: sssd-ldap.5.xml:2471 sssd-ldap.5.xml:2494
 msgid "Default: not specified"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2477
 msgid "ldap_sudo_ip (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2444
+#: sssd-ldap.5.xml:2480
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2449
+#: sssd-ldap.5.xml:2485
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2464
+#: sssd-ldap.5.xml:2500
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2467
+#: sssd-ldap.5.xml:2503
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2482
+#: sssd-ldap.5.xml:2518
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2485
+#: sssd-ldap.5.xml:2521
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2501
+#: sssd-ldap.5.xml:2537
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -6212,111 +6465,111 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2547
 msgid "AUTOFS OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2513
+#: sssd-ldap.5.xml:2549
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2555
 msgid "ldap_autofs_map_master_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2522
+#: sssd-ldap.5.xml:2558
 msgid "The name of the automount master map in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2525
+#: sssd-ldap.5.xml:2561
 msgid "Default: auto.master"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2532
+#: sssd-ldap.5.xml:2568
 msgid "ldap_autofs_map_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2535
+#: sssd-ldap.5.xml:2571
 msgid "The object class of an automount map entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2538
+#: sssd-ldap.5.xml:2574
 msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2546
+#: sssd-ldap.5.xml:2582
 msgid "ldap_autofs_map_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2549
+#: sssd-ldap.5.xml:2585
 msgid "The name of an automount map entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2552
+#: sssd-ldap.5.xml:2588
 msgid ""
 "Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2596
 msgid "ldap_autofs_entry_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2563
+#: sssd-ldap.5.xml:2599
 msgid ""
 "The object class of an automount entry in LDAP. The entry usually "
 "corresponds to a mount point."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2568
+#: sssd-ldap.5.xml:2604
 msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2576
+#: sssd-ldap.5.xml:2612
 msgid "ldap_autofs_entry_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2579 sssd-ldap.5.xml:2594
+#: sssd-ldap.5.xml:2615 sssd-ldap.5.xml:2630
 msgid ""
 "The key of an automount entry in LDAP. The entry usually corresponds to a "
 "mount point."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2583
+#: sssd-ldap.5.xml:2619
 msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2627
 msgid "ldap_autofs_entry_value (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2598
+#: sssd-ldap.5.xml:2634
 msgid ""
 "Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
 "automountInformation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2517
+#: sssd-ldap.5.xml:2553
 msgid ""
 "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
 "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -6325,56 +6578,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2609
+#: sssd-ldap.5.xml:2645
 msgid "ADVANCED OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2616
+#: sssd-ldap.5.xml:2652
 msgid "ldap_netgroup_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2621
+#: sssd-ldap.5.xml:2657
 msgid "ldap_user_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2626
+#: sssd-ldap.5.xml:2662
 msgid "ldap_group_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2631
+#: sssd-ldap.5.xml:2667
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2633
+#: sssd-ldap.5.xml:2669
 msgid ""
-"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
+"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
 "memberships, even with no GID mapping. It is recommended to disable this "
 "feature, if group names are not being displayed correctly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2640
+#: sssd-ldap.5.xml:2676
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2642
+#: sssd-ldap.5.xml:2678
 msgid "ldap_sudo_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2647
+#: sssd-ldap.5.xml:2683
 msgid "ldap_autofs_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2611
+#: sssd-ldap.5.xml:2647
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -6382,8 +6635,15 @@ msgid ""
 "\"variablelist\" id=\"1\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2698 sssd-simple.5.xml:131 sssd-ipa.5.xml:717
+#: sssd-ad.5.xml:1018 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+msgid "EXAMPLE"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2664
+#: sssd-ldap.5.xml:2700
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -6391,7 +6651,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2670
+#: sssd-ldap.5.xml:2706
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -6404,26 +6664,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2669 sssd-ldap.5.xml:2687 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:681 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 include/ldap_id_mapping.xml:105
+#: sssd-ldap.5.xml:2705 sssd-ldap.5.xml:2723 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2681
+#: sssd-ldap.5.xml:2717
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2683
+#: sssd-ldap.5.xml:2719
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2688
+#: sssd-ldap.5.xml:2724
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -6439,13 +6700,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2703 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2739 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1041 sssd.8.xml:195 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2705
+#: sssd-ldap.5.xml:2741
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -6946,9 +7207,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:45
 msgid ""
-"The rules are process by priority while the number '0' (zero)  indicates the "
-"highest priority. The higher the number the lower is the priority. A missing "
-"value indicates the lowest priority."
+"The rules are processed by priority while the number '0' (zero)  indicates "
+"the highest priority. The higher the number the lower is the priority. A "
+"missing value indicates the lowest priority."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
@@ -7032,7 +7293,7 @@ msgstr ""
 #: sss-certmap.5.xml:112
 msgid ""
 "This option can be used to specify which key usage values the certificate "
-"should have. The following value can be used in a comma separate list:"
+"should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
@@ -7409,7 +7670,7 @@ msgid ""
 "exception is the proxy provider which is not of relevance here). Because of "
 "this the mapping rule is based on LDAP search filter syntax with templates "
 "to add certificate content to the filter. It is expected that the filter "
-"will only contain the specific data needed for the mapping an that the "
+"will only contain the specific data needed for the mapping and that the "
 "caller will embed it in another filter to do the actual search. Because of "
 "this the filter string should start and stop with '(' and ')' respectively."
 msgstr ""
@@ -7429,8 +7690,8 @@ msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
 "is that the user specific data in LDAP might change for various reasons "
-"would would break the mapping. On the other hand it would be hard to break "
-"the mapping on purpose for a specific user."
+"would break the mapping. On the other hand it would be hard to break the "
+"mapping on purpose for a specific user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -7524,7 +7785,7 @@ msgstr ""
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
-"represent the first part of the principal before the '@' sign."
+"represents the first part of the principal before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7542,8 +7803,8 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:459
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by pkinit. The 'short_name' component represent the first part of the "
+"This template will add the Kerberos principal which is given by the SAN used "
+"by pkinit. The 'short_name' component represents the first part of the "
 "principal before the '@' sign."
 msgstr ""
 
@@ -7562,9 +7823,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:473
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by AD. The 'short_name' component represent the first part of the "
-"principal before the '@' sign."
+"This template will add the Kerberos principal which is given by the SAN used "
+"by AD. The 'short_name' component represent the first part of the principal "
+"before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -7577,7 +7838,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
-"represent the first part of the address before the '@' sign."
+"represents the first part of the address before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7597,7 +7858,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
-"component represent the first part of the name before the first '.' sign."
+"component represents the first part of the name before the first '.' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7713,7 +7974,7 @@ msgstr ""
 #: sss-certmap.5.xml:367
 msgid ""
 "The templates to add certificate data to the search filter are based on "
-"Python-style formatting strings. They consists of a keyword in curly braces "
+"Python-style formatting strings. They consist of a keyword in curly braces "
 "with an optional sub-component specifier separated by a '.' or an optional "
 "conversion/formatting option separated by a '!'.  Allowed values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -7833,16 +8094,17 @@ msgstr ""
 #: sssd-ipa.5.xml:113
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
+"fully qualified name used in the IPA domain to identify this host.  The "
+"hostname must be fully qualified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121 sssd-ad.5.xml:843
+#: sssd-ipa.5.xml:122 sssd-ad.5.xml:843
 msgid "dyndns_update (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:125
 msgid ""
 "Optional. This option tells SSSD to automatically update the DNS server "
 "built into FreeIPA with the IP address of this client. The update is secured "
@@ -7852,14 +8114,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:133 sssd-ad.5.xml:857
+#: sssd-ipa.5.xml:134 sssd-ad.5.xml:857
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:139
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_update</"
@@ -7867,12 +8129,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:150 sssd-ad.5.xml:868
+#: sssd-ipa.5.xml:151 sssd-ad.5.xml:868
 msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:153 sssd-ad.5.xml:871
+#: sssd-ipa.5.xml:154 sssd-ad.5.xml:871
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -7880,7 +8142,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:159
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
@@ -7888,17 +8150,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:164
+#: sssd-ipa.5.xml:165
 msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:170 sssd-ad.5.xml:882
+#: sssd-ipa.5.xml:171 sssd-ad.5.xml:882
 msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173 sssd-ad.5.xml:885
+#: sssd-ipa.5.xml:174 sssd-ad.5.xml:885
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -7907,7 +8169,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180
+#: sssd-ipa.5.xml:181
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -7915,24 +8177,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:186
+#: sssd-ipa.5.xml:187
 msgid ""
 "Default: Use the IP addresses of the interface which is used for IPA LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:190 sssd-ad.5.xml:896
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:896
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196 sssd-ad.5.xml:947
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:947
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199 sssd-ad.5.xml:950
+#: sssd-ipa.5.xml:200 sssd-ad.5.xml:950
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -7940,22 +8202,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:205 sssd-ad.5.xml:956
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:956
 msgid "Default: GSS-TSIG"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:212
 msgid "ipa_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:197
+#: sssd-ipa.5.xml:215 sssd-ad.5.xml:197
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:218
+#: sssd-ipa.5.xml:219
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, then the SSSD will first attempt location "
@@ -7967,12 +8229,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:237 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:238 sssd-ad.5.xml:902
 msgid "dyndns_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:240
+#: sssd-ipa.5.xml:241
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -7980,234 +8242,276 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:920
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:920
 msgid "dyndns_update_ptr (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:923
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:923
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:261
+#: sssd-ipa.5.xml:262
 msgid ""
 "This option should be False in most IPA deployments as the IPA server "
 "generates the PTR records automatically when forward records are changed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:268
 msgid "Default: False (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273 sssd-ad.5.xml:934
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:934
 msgid "dyndns_force_tcp (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276 sssd-ad.5.xml:937
+#: sssd-ipa.5.xml:277 sssd-ad.5.xml:937
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:941
+#: sssd-ipa.5.xml:281 sssd-ad.5.xml:941
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:286 sssd-ad.5.xml:962
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:962
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:289 sssd-ad.5.xml:965
+#: sssd-ipa.5.xml:290 sssd-ad.5.xml:965
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:294 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:295 sssd-ad.5.xml:970
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:299 sssd-ad.5.xml:975
+#: sssd-ipa.5.xml:300 sssd-ad.5.xml:975
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:304 sssd-ad.5.xml:980
+#: sssd-ipa.5.xml:305 sssd-ad.5.xml:980
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:310
-msgid "ipa_hbac_search_base (string)"
+#: sssd-ipa.5.xml:311
+msgid "ipa_deskprofile_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Optional. Use the given string as search base for HBAC related objects."
+#: sssd-ipa.5.xml:314
+msgid ""
+"Optional. Use the given string as search base for Desktop Profile related "
+"objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:317
+#: sssd-ipa.5.xml:318 sssd-ipa.5.xml:331
 msgid "Default: Use base DN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:324
+msgid "ipa_hbac_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:327
+msgid "Optional. Use the given string as search base for HBAC related objects."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:337
 msgid "ipa_host_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:326
+#: sssd-ipa.5.xml:340
 msgid "Optional. Use the given string as search base for host objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:330 sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 sssd-ipa.5.xml:387
-#: sssd-ipa.5.xml:406
+#: sssd-ipa.5.xml:344 sssd-ipa.5.xml:363 sssd-ipa.5.xml:382 sssd-ipa.5.xml:401
+#: sssd-ipa.5.xml:420
 msgid ""
 "See <quote>ldap_search_base</quote> for information about configuring "
 "multiple search bases."
 msgstr ""
 
 #. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:335 sssd-ipa.5.xml:354 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 include/ldap_search_bases.xml:27
 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:356
 msgid "ipa_selinux_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:345
+#: sssd-ipa.5.xml:359
 msgid "Optional. Use the given string as search base for SELinux user maps."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:375
 msgid "ipa_subdomains_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364
+#: sssd-ipa.5.xml:378
 msgid "Optional. Use the given string as search base for trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:373
+#: sssd-ipa.5.xml:387
 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:380
+#: sssd-ipa.5.xml:394
 msgid "ipa_master_domain_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:383
+#: sssd-ipa.5.xml:397
 msgid "Optional. Use the given string as search base for master domain object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:406
 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:399
+#: sssd-ipa.5.xml:413
 msgid "ipa_views_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:402
+#: sssd-ipa.5.xml:416
 msgid "Optional. Use the given string as search base for views containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:411
+#: sssd-ipa.5.xml:425
 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:435
 msgid ""
 "The name of the Kerberos realm. This is optional and defaults to the value "
 "of <quote>ipa_domain</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:425
+#: sssd-ipa.5.xml:439
 msgid ""
 "The name of the Kerberos realm has a special meaning in IPA - it is "
 "converted into the base DN to use for performing LDAP operations."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:433 sssd-ad.5.xml:989
+#: sssd-ipa.5.xml:447 sssd-ad.5.xml:989
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:436 sssd-ad.5.xml:992
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:992
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:440 sssd-ad.5.xml:996
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:996
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:444 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1000
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:465
+msgid "ipa_deskprofile_refresh (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:468
 msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server. This will reduce the latency and load on the IPA server if there "
+"are many desktop profiles requests made in a short period."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ipa.5.xml:477 sssd-ad.5.xml:408
+#: sssd-ipa.5.xml:475 sssd-ipa.5.xml:505 sssd-ipa.5.xml:521 sssd-ad.5.xml:408
 msgid "Default: 5 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:481
+msgid "ipa_deskprofile_request_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:484
+msgid ""
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server in case the last request did not return any rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:489
+msgid "Default: 60 (minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:495
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:498
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:511
 msgid "ipa_hbac_selinux (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:470
+#: sssd-ipa.5.xml:514
 msgid ""
 "The amount of time between lookups of the SELinux maps against the IPA "
 "server. This will reduce the latency and load on the IPA server if there are "
@@ -8215,192 +8519,192 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:527
 msgid "ipa_server_mode (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:486
+#: sssd-ipa.5.xml:530
 msgid ""
 "This option will be set by the IPA installer (ipa-server-install) "
 "automatically and denotes if SSSD is running on an IPA server or not."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:535
 msgid ""
 "On an IPA server SSSD will lookup users and groups from trusted domains "
 "directly while on a client it will ask an IPA server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:502
+#: sssd-ipa.5.xml:546
 msgid "ipa_automount_location (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:505
+#: sssd-ipa.5.xml:549
 msgid "The automounter location this IPA client will be using"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508
+#: sssd-ipa.5.xml:552
 msgid "Default: The location named \"default\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:516
+#: sssd-ipa.5.xml:560
 msgid "VIEWS AND OVERRIDES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:525
+#: sssd-ipa.5.xml:569
 msgid "ipa_view_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:572
 msgid "Objectclass of the view container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:575
 msgid "Default: nsContainer"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:537
+#: sssd-ipa.5.xml:581
 msgid "ipa_view_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:540
+#: sssd-ipa.5.xml:584
 msgid "Name of the attribute holding the name of the view."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:550
+#: sssd-ipa.5.xml:594
 msgid "ipa_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:597
 msgid "Objectclass of the override objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:556
+#: sssd-ipa.5.xml:600
 msgid "Default: ipaOverrideAnchor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:606
 msgid "ipa_anchor_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:565
+#: sssd-ipa.5.xml:609
 msgid ""
 "Name of the attribute containing the reference to the original object in a "
 "remote domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:613
 msgid "Default: ipaAnchorUUID"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:619
 msgid "ipa_user_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:578
+#: sssd-ipa.5.xml:622
 msgid ""
 "Name of the objectclass for user overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:583
+#: sssd-ipa.5.xml:627
 msgid "User overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:586
+#: sssd-ipa.5.xml:630
 msgid "ldap_user_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:589
+#: sssd-ipa.5.xml:633
 msgid "ldap_user_uid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:592
+#: sssd-ipa.5.xml:636
 msgid "ldap_user_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:595
+#: sssd-ipa.5.xml:639
 msgid "ldap_user_gecos"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:598
+#: sssd-ipa.5.xml:642
 msgid "ldap_user_home_directory"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:601
+#: sssd-ipa.5.xml:645
 msgid "ldap_user_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:604
+#: sssd-ipa.5.xml:648
 msgid "ldap_user_ssh_public_key"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:653
 msgid "Default: ipaUserOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:615
+#: sssd-ipa.5.xml:659
 msgid "ipa_group_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:618
+#: sssd-ipa.5.xml:662
 msgid ""
 "Name of the objectclass for group overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:623
+#: sssd-ipa.5.xml:667
 msgid "Group overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:626
+#: sssd-ipa.5.xml:670
 msgid "ldap_group_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:629
+#: sssd-ipa.5.xml:673
 msgid "ldap_group_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
+#: sssd-ipa.5.xml:678
 msgid "Default: ipaGroupOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:518
+#: sssd-ipa.5.xml:562
 msgid ""
 "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
 "later version. Since all paths and objectclasses are fixed on the server "
@@ -8410,19 +8714,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:646
+#: sssd-ipa.5.xml:690
 msgid "SUBDOMAINS PROVIDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:692
 msgid ""
 "The IPA subdomains provider behaves slightly differently if it is configured "
 "explicitly or implicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:652
+#: sssd-ipa.5.xml:696
 msgid ""
 "If the option 'subdomains_provider = ipa' is found in the domain section of "
 "sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -8430,7 +8734,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:658
+#: sssd-ipa.5.xml:702
 msgid ""
 "If the option 'subdomains_provider' is not set in the domain section of sssd."
 "conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -8442,7 +8746,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:675
+#: sssd-ipa.5.xml:719
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -8450,7 +8754,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:682
+#: sssd-ipa.5.xml:726
 #, no-wrap
 msgid ""
 "[domain/example.com]\n"
@@ -9338,10 +9642,10 @@ msgstr ""
 #: sssd-ad.5.xml:828
 msgid ""
 "This option should only be used to test the machine account renewal task. "
-"The option expect 2 integers seperated by a colon (':'). The first integer "
+"The option expects 2 integers separated by a colon (':'). The first integer "
 "defines the interval in seconds how often the task is run. The second "
-"specifies the inital timeout in seconds before the task is run for the first "
-"time after startup."
+"specifies the initial timeout in seconds before the task is run for the "
+"first time after startup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -9445,8 +9749,8 @@ msgid ""
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
+#. type: Content of: <reference><refentry><refmeta><refentrytitle>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
 msgid "sssd-sudo"
 msgstr ""
 
@@ -9769,12 +10073,12 @@ msgid "Run in the foreground, don't become a daemon."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117 sss_debuglevel.8.xml:42
+#: sssd.8.xml:117
 msgid "<option>-c</option>,<option>--config</option>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121 sss_debuglevel.8.xml:46
+#: sssd.8.xml:121
 msgid ""
 "Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
 "conf</filename>. For reference on the config file syntax and options, "
@@ -10200,10 +10504,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sss_override.8.xml:261 sssctl.8.xml:50
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "COMMON OPTIONS"
-msgstr "OPÇÕES"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:263 sssctl.8.xml:52
@@ -11446,7 +11748,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_debuglevel.8.xml:16
-msgid "change debug level while SSSD is running"
+msgid "[DEPRECATED] change debug level while SSSD is running"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
@@ -11460,14 +11762,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_debuglevel.8.xml:32
 msgid ""
-"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
-"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
-"running."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_debuglevel.8.xml:59
-msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl "
+"debug-level command. Please refer to the <command>sssctl</command> man page "
+"for more information on sssctl usage."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
@@ -11864,7 +12161,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><title>
-#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:182 include/seealso.xml:2
+#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:180 include/seealso.xml:2
 msgid "SEE ALSO"
 msgstr ""
 
@@ -12037,7 +12334,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: idmap_sss.8.xml:16
-msgid "SSSSD's idmap_sss Backend for Winbind"
+msgid "SSSD's idmap_sss Backend for Winbind"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
@@ -12049,10 +12346,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: idmap_sss.8.xml:29
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "IDMAP OPTIONS"
-msgstr "OPÇÕES"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: idmap_sss.8.xml:33
@@ -12066,11 +12361,6 @@ msgid ""
 "authoritative."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><title>
-#: idmap_sss.8.xml:43
-msgid "EXAMPLES"
-msgstr ""
-
 #. type: Content of: <reference><refentry><refsect1><para>
 #: idmap_sss.8.xml:45
 msgid ""
@@ -12236,20 +12526,53 @@ msgid ""
 "nested."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:69
+msgid "secrets"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:70
+msgid "secrets for general usage"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:73
+msgid "kcm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:75
+msgid ""
+"used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:61
+msgid ""
+"Since the secrets responder can be used both externally to store general "
+"secrets, as described in the rest of this man page, but also internally by "
+"other SSSD components to store their secret material, some configuration "
+"options, like quotas can be configured per <quote>hive</quote> in a "
+"configuration subsection named after the hive. The currently supported hives "
+"are: <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:63
+#: sssd-secrets.5.xml:89
 msgid "USING THE SECRETS RESPONDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:65
+#: sssd-secrets.5.xml:91
 msgid ""
 "The UNIX socket the SSSD responder listens on is located at <filename>/var/"
 "run/secrets.socket</filename>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:84 sssd-kcm.8.xml:132
+#: sssd-secrets.5.xml:110
 #, no-wrap
 msgid ""
 "systemctl start sssd-secrets.socket\n"
@@ -12259,7 +12582,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:69
+#: sssd-secrets.5.xml:95
 msgid ""
 "The secrets responder is socket-activated by <citerefentry> "
 "<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </"
@@ -12274,7 +12597,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:96
+#: sssd-secrets.5.xml:122
 msgid ""
 "The generic SSSD responder options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the secrets responder.  Please refer "
@@ -12283,18 +12606,27 @@ msgid ""
 "there are some secrets-specific options as well."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:132
+msgid ""
+"The secrets responder is configured with a global <quote>[secrets]</quote> "
+"section and an optional per-user <quote>[secrets/users/$uid]</quote> section "
+"in <filename>sssd.conf</filename>. Please note that some options, notably as "
+"the provider type, can only be specified in the per-user subsections."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:107
+#: sssd-secrets.5.xml:141
 msgid "provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:120
+#: sssd-secrets.5.xml:157
 msgid "local"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:123
+#: sssd-secrets.5.xml:160
 msgid ""
 "The secrets are stored in a local database, encrypted at rest with a master "
 "key. The local provider does not have any additional config options at the "
@@ -12302,141 +12634,190 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:131
+#: sssd-secrets.5.xml:168
 msgid "proxy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:134
+#: sssd-secrets.5.xml:171
 msgid ""
 "The secrets responder forwards the requests to a Custodia server. The proxy "
 "provider supports several additional options (see below)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:110
+#: sssd-secrets.5.xml:144
 msgid ""
 "This option specifies where should the secrets be stored. The secrets "
-"responder can configure a per-user subsections that define which provider "
-"store the secrets for this particular user. The per-user subsections should "
-"contain all options for that user's provider. If a per-user section does not "
-"exist, the global settings from the secret responder's section are used.  "
-"The following providers are supported: <placeholder type=\"variablelist\" id="
-"\"0\"/>"
+"responder can configure a per-user subsections (e.g. <quote>[secrets/"
+"users/123]</quote> - see bottom of this manual page for a full example using "
+"Custodia for a particular user) that define which provider store the secrets "
+"for this particular user. The per-user subsections should contain all "
+"options for that user's provider. Please note that currently the global "
+"provider is always local, the proxy provider can only be specified in a per-"
+"user section. The following providers are supported: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:143
+#: sssd-secrets.5.xml:180
 msgid "Default: local"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:186
+msgid ""
+"The following options affect only the secrets <quote>hive</quote> and "
+"therefore should be set in a per-hive subsection. Setting the option to 0 "
+"means \"unlimited\"."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:148
+#: sssd-secrets.5.xml:192
 msgid "containers_nest_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:151
+#: sssd-secrets.5.xml:195
 msgid "This option specifies the maximum allowed number of nested containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:155
+#: sssd-secrets.5.xml:199
 msgid "Default: 4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:160
+#: sssd-secrets.5.xml:204
 msgid "max_secrets (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:163
-msgid "This option specifies the maximum number of secrets that can be stored."
+#: sssd-secrets.5.xml:207
+msgid ""
+"This option specifies the maximum number of secrets that can be stored in "
+"the hive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:167
-msgid "Default: 1024"
+#: sssd-secrets.5.xml:211
+msgid "Default: 1024 (secrets hive), 256 (kcm hive)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:172
+#: sssd-secrets.5.xml:216
+msgid "max_uid_secrets (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:219
+msgid ""
+"This option specifies the maximum number of secrets that can be stored per-"
+"UID in the hive."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:223
+msgid "Default: 256 (secrets hive), 64 (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:228
 msgid "max_payload_size (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:175
+#: sssd-secrets.5.xml:231
 msgid ""
 "This option specifies the maximum payload size allowed for a secret payload "
 "in kilobytes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:179
-msgid "Default: 16"
+#: sssd-secrets.5.xml:235
+msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-secrets.5.xml:244
+#, no-wrap
+msgid ""
+"[secrets/secrets]\n"
+"max_payload_size = 128\n"
+"\n"
+"[secrets/kcm]\n"
+"max_payload_size = 256\n"
+"            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:241
+msgid ""
+"For example, to adjust quotas differently for both the <quote>secrets</"
+"quote> and the <quote>kcm</quote> hives, configure the following: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:185
+#: sssd-secrets.5.xml:252
 msgid ""
 "The following options are only applicable for configurations that use the "
 "<quote>proxy</quote> provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:190
+#: sssd-secrets.5.xml:257
 msgid "proxy_url (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:193
+#: sssd-secrets.5.xml:260
 msgid ""
 "The URL the Custodia server is listening on. At the moment, http and https "
 "protocols are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:200
+#: sssd-secrets.5.xml:267
 msgid "http[s]://&lt;host&gt;[:port]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:203
+#: sssd-secrets.5.xml:270
 msgid "Example: http://localhost:8080"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:208
+#: sssd-secrets.5.xml:275
 msgid "auth_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:211
+#: sssd-secrets.5.xml:278
 msgid ""
 "The method to use when authenticating to a Custodia server. The following "
 "authentication methods are supported:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:216
+#: sssd-secrets.5.xml:283
 msgid "basic_auth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:219
+#: sssd-secrets.5.xml:286
 msgid ""
 "Authenticate with a username and a password as set in the <quote>username</"
 "quote> and <quote>password</quote> options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:226
+#: sssd-secrets.5.xml:293
 msgid "header"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:229
+#: sssd-secrets.5.xml:296
 msgid ""
 "Authenticate with HTTP header value as defined in the "
 "<quote>auth_header_name</quote> and <quote>auth_header_value</quote> "
@@ -12444,12 +12825,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:240
+#: sssd-secrets.5.xml:307
 msgid "auth_header_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:243
+#: sssd-secrets.5.xml:310
 msgid ""
 "If set, the secrets responder would put a header with this name into the "
 "HTTP request with the value defined in the <quote>auth_header_value</quote> "
@@ -12457,81 +12838,81 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:248
+#: sssd-secrets.5.xml:315
 msgid "Example: MYSECRETNAME"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:253
+#: sssd-secrets.5.xml:320
 msgid "auth_header_value (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:256
+#: sssd-secrets.5.xml:323
 msgid ""
 "The value sssd-secrets would use for the <quote>auth_header_name</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:260
+#: sssd-secrets.5.xml:327
 msgid "Example: mysecret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:265
+#: sssd-secrets.5.xml:332
 msgid "forward_headers (list of strings)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:268
+#: sssd-secrets.5.xml:335
 msgid ""
 "The list of HTTP headers to forward to the Custodia server together with the "
 "request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:277
+#: sssd-secrets.5.xml:344
 msgid "verify_peer (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:280
+#: sssd-secrets.5.xml:347
 msgid ""
 "Whether peer's certificate should be verified and valid if HTTPS protocol is "
 "used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:289
+#: sssd-secrets.5.xml:356
 msgid "verify_host (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:292
+#: sssd-secrets.5.xml:359
 msgid ""
 "Whether peer's hostname must match with hostname in its certificate if HTTPS "
 "protocol is used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:302
+#: sssd-secrets.5.xml:369
 msgid "capath (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:305
+#: sssd-secrets.5.xml:372
 msgid ""
 "Path to directory containing stored certificate authority certificates. "
 "System default path is used if this option is not set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:315
+#: sssd-secrets.5.xml:382
 msgid "cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:318
+#: sssd-secrets.5.xml:385
 msgid ""
 "Path to file containing server's certificate authority certificate. If this "
 "option is not set then the CA's certificate is looked up in <quote>capath</"
@@ -12539,12 +12920,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:328
+#: sssd-secrets.5.xml:395
 msgid "cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:331
+#: sssd-secrets.5.xml:398
 msgid ""
 "Path to file containing client's certificate if required by the server. This "
 "file may also contain private key or the private key may be in separate file "
@@ -12552,22 +12933,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:342
+#: sssd-secrets.5.xml:409
 msgid "key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:345
+#: sssd-secrets.5.xml:412
 msgid "Path to file containing client's private key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:355
+#: sssd-secrets.5.xml:422
 msgid "USING THE REST API"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:357
+#: sssd-secrets.5.xml:424
 msgid ""
 "This section lists the available commands and includes examples using the "
 "<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> "
@@ -12582,19 +12963,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:374
+#: sssd-secrets.5.xml:441
 msgid "Listing secrets"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:377
+#: sssd-secrets.5.xml:444
 msgid ""
 "To list the available secrets, send a HTTP GET request with a trailing slash "
 "appended to the container path."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:383
+#: sssd-secrets.5.xml:450
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12604,19 +12985,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:391
+#: sssd-secrets.5.xml:458
 msgid "Retrieving a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:394
+#: sssd-secrets.5.xml:461
 msgid ""
 "To read a value of a single secret, send a HTTP GET request without a "
 "trailing slash. The last portion of the URI is the name of the secret."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:401
+#: sssd-secrets.5.xml:468
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12626,7 +13007,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:406
+#: sssd-secrets.5.xml:473
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -12636,19 +13017,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:399
+#: sssd-secrets.5.xml:466
 msgid ""
 "Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
 "\"programlisting\" id=\"1\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:414
+#: sssd-secrets.5.xml:481
 msgid "Setting a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:417
+#: sssd-secrets.5.xml:484
 msgid ""
 "To set a secret using the <quote>application/json</quote> type, send a HTTP "
 "PUT request with a JSON payload that includes type and value. The type "
@@ -12657,14 +13038,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:425
+#: sssd-secrets.5.xml:492
 msgid ""
 "The <quote>application/json</quote> type just sends the secret as the "
 "message payload."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:434
+#: sssd-secrets.5.xml:501
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12675,7 +13056,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:440
+#: sssd-secrets.5.xml:507
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -12686,7 +13067,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:429
+#: sssd-secrets.5.xml:496
 msgid ""
 "The following example sets a secret named 'foo' to a value of 'foosecret' "
 "and a secret named 'bar' to a value of 'barsecret' using a different Content "
@@ -12695,12 +13076,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:449
+#: sssd-secrets.5.xml:516
 msgid "Creating a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:452
+#: sssd-secrets.5.xml:519
 msgid ""
 "Containers provide an additional namespace for this user's secrets. To "
 "create a container, send a HTTP POST request, whose URI ends with the "
@@ -12708,7 +13089,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:462
+#: sssd-secrets.5.xml:529
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12718,14 +13099,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:459
+#: sssd-secrets.5.xml:526
 msgid ""
 "The following example creates a container named 'mycontainer': <placeholder "
 "type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:471
+#: sssd-secrets.5.xml:538
 #, no-wrap
 msgid ""
 "http://localhost/secrets/mycontainer/mysecret\n"
@@ -12733,26 +13114,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:468
+#: sssd-secrets.5.xml:535
 msgid ""
 "To manipulate secrets under this container, just nest the secrets underneath "
 "the container path: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:477
+#: sssd-secrets.5.xml:544
 msgid "Deleting a secret or a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:480
+#: sssd-secrets.5.xml:547
 msgid ""
 "To delete a secret or a container, send a HTTP DELETE request with a path to "
 "the secret or the container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:486
+#: sssd-secrets.5.xml:553
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12762,19 +13143,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:484
+#: sssd-secrets.5.xml:551
 msgid ""
 "The following example deletes a secret named 'foo'.  <placeholder type="
 "\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:496
+#: sssd-secrets.5.xml:563
 msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:498
+#: sssd-secrets.5.xml:565
 msgid ""
 "For testing the proxy provider, you need to set up a Custodia server to "
 "proxy requests to. Please always consult the Custodia documentation, the "
@@ -12782,7 +13163,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:509
+#: sssd-secrets.5.xml:576
 #, no-wrap
 msgid ""
 "[global]\n"
@@ -12812,7 +13193,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:503
+#: sssd-secrets.5.xml:570
 msgid ""
 "This configuration will set up a Custodia server listening on http://"
 "localhost:8080, allowing anyone with header named MYSECRETNAME set to "
@@ -12822,14 +13203,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:535
+#: sssd-secrets.5.xml:602
 msgid ""
 "Then run the <replaceable>custodia</replaceable> command, pointing it at the "
 "config file as a command line argument."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:539
+#: sssd-secrets.5.xml:606
 msgid ""
 "Please note that currently it's not possible to proxy all requests globally "
 "to a Custodia instance. Instead, per-user subsections for user IDs that "
@@ -12840,7 +13221,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><programlisting>
-#: sssd-secrets.5.xml:547
+#: sssd-secrets.5.xml:614
 #, no-wrap
 msgid ""
 "[secrets]\n"
@@ -12855,6 +13236,71 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-session-recording.5.xml:16
+msgid "sssd-session-recording"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-session-recording.5.xml:17
+msgid "Configuring session recording with SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:23
+msgid ""
+"This manual page describes how to configure <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to "
+"implement user session recording on text terminals.  For a detailed "
+"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> "
+"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:41
+msgid ""
+"SSSD can be set up to enable recording of everything specific users see or "
+"type during their sessions on text terminals. E.g.  when users log in on the "
+"console, or via SSH. SSSD itself doesn't record anything, but makes sure "
+"tlog-rec-session is started upon user login, so it can record according to "
+"its configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:48
+msgid ""
+"For users with session recording enabled, SSSD replaces the user shell with "
+"tlog-rec-session in NSS responses, and adds a variable specifying the "
+"original shell to the user environment, upon PAM session setup. This way "
+"tlog-rec-session can be started in place of the user shell, and know which "
+"actual shell to start, once it set up the recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:60
+msgid "These options can be used to configure the session recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:146
+msgid ""
+"The following snippet of sssd.conf enables session recording for users "
+"\"contractor1\" and \"contractor2\", and group \"students\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-session-recording.5.xml:151
+#, no-wrap
+msgid ""
+"[session_recording]\n"
+"scope = some\n"
+"users = contractor1, contractor2\n"
+"groups = students\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
 msgid "sssd-kcm"
 msgstr ""
@@ -12971,7 +13417,6 @@ msgstr ""
 msgid ""
 "systemctl start sssd-kcm.socket\n"
 "systemctl enable sssd-kcm.socket\n"
-"systemctl enable sssd-kcm.service\n"
 "            "
 msgstr ""
 
@@ -12988,12 +13433,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-kcm.8.xml:123
+#: sssd-kcm.8.xml:122
 msgid "THE CREDENTIAL CACHE STORAGE"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:131
+#, no-wrap
+msgid ""
+"systemctl start sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.socket\n"
+"            "
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:125
+#: sssd-kcm.8.xml:124
 msgid ""
 "The credential caches are stored in the SSSD secrets service (see "
 "<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
@@ -13004,7 +13458,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:143
+#: sssd-kcm.8.xml:141
 msgid ""
 "The KCM service is configured in the <quote>kcm</quote> section of the sssd."
 "conf file. Please note that currently, is it not sufficient to restart the "
@@ -13017,7 +13471,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:157
+#: sssd-kcm.8.xml:155
 msgid ""
 "The generic SSSD service options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the kcm service.  Please refer to "
@@ -13027,28 +13481,408 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-kcm.8.xml:168
+#: sssd-kcm.8.xml:166
 msgid "socket_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:171
+#: sssd-kcm.8.xml:169
 msgid "The socket the KCM service will listen on."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:174
+#: sssd-kcm.8.xml:172
 msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:184
+#: sssd-kcm.8.xml:182
 msgid ""
 "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>,"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
+msgid "sssd-systemtap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-systemtap.5.xml:17
+msgid "SSSD systemtap information"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:23
+msgid ""
+"This manual page provides information about the systemtap functionality in "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:32
+msgid ""
+"SystemTap Probe points have been added into various locations in SSSD code "
+"to assist in troubleshooting and analyzing performance related issues."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:40
+msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:46
+msgid ""
+"Probes and miscellaneous functions are defined in /usr/share/systemtap/"
+"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp "
+"respectively."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-systemtap.5.xml:57
+msgid "PROBE POINTS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:341
+msgid ""
+"The information below lists the probe points and arguments available in the "
+"following format:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:64
+msgid "probe $name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:67
+msgid "Description of probe point"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:70
+#, no-wrap
+msgid ""
+"variable1:datatype\n"
+"variable2:datatype\n"
+"variable3:datatype\n"
+"...\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:80
+msgid "Database Transaction Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:84
+msgid "probe sssd_transaction_start"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:87
+msgid ""
+"Start of a sysdb transaction, probes the sysdb_transaction_start() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118
+#: sssd-systemtap.5.xml:131
+#, no-wrap
+msgid ""
+"nesting:integer\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:97
+msgid "probe sssd_transaction_cancel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:100
+msgid ""
+"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel()  "
+"function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:111
+msgid "probe sssd_transaction_commit_before"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:114
+msgid "Probes the sysdb_transaction_commit_before()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:124
+msgid "probe sssd_transaction_commit_after"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:127
+msgid "Probes the sysdb_transaction_commit_after()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:141
+msgid "LDAP Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:145
+msgid "probe sdap_search_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:148
+msgid "Probes the sdap_get_generic_ext_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:152 sssd-systemtap.5.xml:167 sssd-systemtap.5.xml:196
+#, no-wrap
+msgid ""
+"base:string\n"
+"scope:integer\n"
+"filter:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:160
+msgid "probe sdap_search_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:163
+msgid "Probes the sdap_get_generic_ext_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:175
+msgid "probe sdap_deref_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:178
+msgid "Probes the sdap_deref_search_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:182
+#, no-wrap
+msgid ""
+"base_dn:string\n"
+"deref_attr:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:189
+msgid "probe sdap_deref_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:192
+msgid "Probes the sdap_deref_search_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:208
+msgid "LDAP Account Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:212
+msgid "probe sdap_acct_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:215
+msgid "Probes the sdap_acct_req_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:219 sssd-systemtap.5.xml:234
+#, no-wrap
+msgid ""
+"entry_type:int\n"
+"filter_type:int\n"
+"filter_value:string\n"
+"extra_value:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:227
+msgid "probe sdap_acct_req_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:230
+msgid "Probes the sdap_acct_req_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:246
+msgid "LDAP User Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:250
+msgid "probe sdap_search_user_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:253
+msgid "Probes the sdap_search_user_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
+#: sssd-systemtap.5.xml:293
+#, no-wrap
+msgid ""
+"filter:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:262
+msgid "probe sdap_search_user_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:265
+msgid "Probes the sdap_search_user_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:274
+msgid "probe sdap_search_user_save_begin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:277
+msgid "Probes the sdap_search_user_save_begin()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:286
+msgid "probe sdap_search_user_save_end"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:289
+msgid "Probes the sdap_search_user_save_end()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:302
+msgid "Data Provider Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:306
+msgid "probe dp_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:309
+msgid "A Data Provider request is submitted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:312
+#, no-wrap
+msgid ""
+"dp_req_domain:string\n"
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:320
+msgid "probe dp_req_done"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:323
+msgid "A Data Provider request is completed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:326
+#, no-wrap
+msgid ""
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"dp_ret:int\n"
+"dp_errorstr:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:339
+msgid "MISCELLANEOUS FUNCTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:346
+msgid "function acct_req_desc(entry_type)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:349
+msgid "Convert entry_type to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:354
+msgid ""
+"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
+"filter_value, extra_value)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:358
+msgid "Create probe string based on filter type"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:363
+msgid "function dp_target_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:366
+msgid "Convert target to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:371
+msgid "function dp_method_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:374
+msgid "Convert method to string and return string"
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
 msgid "SERVICE DISCOVERY"
@@ -13198,6 +14032,67 @@ msgid ""
 "offline mode, and then attempts to reconnect every 30 seconds."
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:53
+msgid "Failover time outs and tuning"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:55
+msgid ""
+"Resolving a server to connect to can be as simple as running a single DNS "
+"query or can involve several steps, such as finding the correct site or "
+"trying out multiple host names in case some of the configured servers are "
+"not reachable. The more complex scenarios can take some time and SSSD needs "
+"to balance between providing enough time to finish the resolution process "
+"but on the other hand, not trying for too long before falling back to "
+"offline mode. If the SSSD debug logs show that the server resolution is "
+"timing out before a live server is contacted, you can consider changing the "
+"time outs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:76
+msgid "dns_resolver_op_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:80
+msgid "How long would SSSD talk to a single DNS server."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:86
+msgid "dns_resolver_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:90
+msgid ""
+"How long would SSSD try to resolve a failover service. This service "
+"resolution internally might include several steps, such as resolving DNS SRV "
+"queries or locating the site."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:67
+msgid ""
+"This section lists the available tunables. Please refer to their description "
+"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, manual page.  <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:100
+msgid ""
+"For LDAP-based providers, the resolve operation is performed as part of an "
+"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"quote> timeout should be set to a larger value than "
+"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
+"value than <quote>dns_resolver_op_timeout</quote>."
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/ldap_id_mapping.xml:2
 msgid "ID MAPPING"
@@ -13777,34 +14672,37 @@ msgid ""
 "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> "
 "<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+"citerefentry>, </phrase> <citerefentry> <refentrytitle>sssd-session-"
+"recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, "
+"<citerefentry> <refentrytitle>sss_cache</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
-"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
+"\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
 "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>.  <citerefentry> "
 "<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
+"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
+"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> </phrase>"
 msgstr ""
 
 #. type: Content of: <listitem><para>
@@ -13961,10 +14859,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><title>
 #: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2
-#, fuzzy
-#| msgid "GENERAL OPTIONS"
 msgid "MODIFIED DEFAULT OPTIONS"
-msgstr "OPÇÕES GERAIS "
+msgstr ""
 
 #. type: Content of: <refsect1><para>
 #: include/ad_modified_defaults.xml:4
@@ -14097,42 +14993,37 @@ msgstr ""
 msgid "ldap_user_auth_type = ipaUserAuthType"
 msgstr ""
 
-#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:88
-msgid "ldap_user_certificate = userCertificate;binary"
-msgstr ""
-
 #. type: Content of: <refsect1><refsect2><title>
-#: include/ipa_modified_defaults.xml:94
+#: include/ipa_modified_defaults.xml:89
 msgid "LDAP Provider - Group options"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:98
+#: include/ipa_modified_defaults.xml:93
 msgid "ldap_group_object_class = ipaUserGroup"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:103
+#: include/ipa_modified_defaults.xml:98
 msgid "ldap_group_object_class_alt = posixGroup"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:108
+#: include/ipa_modified_defaults.xml:103
 msgid "ldap_group_member = member"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:113
+#: include/ipa_modified_defaults.xml:108
 msgid "ldap_group_uuid = ipaUniqueID"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:118
+#: include/ipa_modified_defaults.xml:113
 msgid "ldap_group_objectsid = ipaNTSecurityIdentifier"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:123
+#: include/ipa_modified_defaults.xml:118
 msgid "ldap_group_external_member = ipaExternalMember"
 msgstr ""
diff --git a/src/man/po/ru.po b/src/man/po/ru.po
index bb5089c29..4f93a289b 100644
--- a/src/man/po/ru.po
+++ b/src/man/po/ru.po
@@ -6,9 +6,9 @@
 # Artyom Kunyov <artkun@guitarplayer.ru>, 2012
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.12.90\n"
+"Project-Id-Version: sssd-docs 1.15.3\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2017-07-25 11:51+0200\n"
+"POT-Creation-Date: 2017-10-20 16:15+0200\n"
 "PO-Revision-Date: 2014-12-15 12:07-0500\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Russian (http://www.transifex.com/projects/p/sssd/language/"
@@ -31,7 +31,8 @@ msgstr ""
 #: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
 #: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
 #: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5
-#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-kcm.8.xml:5
+#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-session-recording.5.xml:5
+#: sssd-kcm.8.xml:5 sssd-systemtap.5.xml:5
 msgid "SSSD Manual pages"
 msgstr "Справка по SSSD"
 
@@ -73,7 +74,8 @@ msgstr ""
 #: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31
 #: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
 #: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30
-#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-kcm.8.xml:21
+#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-session-recording.5.xml:21
+#: sssd-kcm.8.xml:21 sssd-systemtap.5.xml:21
 msgid "DESCRIPTION"
 msgstr "ОПИСАНИЕ"
 
@@ -88,8 +90,8 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "ОПЦИИ"
 
@@ -131,7 +133,8 @@ msgstr "sssd.CONF"
 #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
 #: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11
 #: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
-#: sssd-files.5.xml:11 sssd-secrets.5.xml:11
+#: sssd-files.5.xml:11 sssd-secrets.5.xml:11 sssd-session-recording.5.xml:11
+#: sssd-systemtap.5.xml:11
 msgid "5"
 msgstr "5"
 
@@ -139,7 +142,8 @@ msgstr "5"
 #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
 #: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12
 #: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
-#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-kcm.8.xml:12
+#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-session-recording.5.xml:12
+#: sssd-kcm.8.xml:12 sssd-systemtap.5.xml:12
 msgid "File Formats and Conventions"
 msgstr ""
 
@@ -290,11 +294,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:813
-#: sssd.conf.5.xml:1422 sssd-ldap.5.xml:1695 sssd-ldap.5.xml:1792
-#: sssd-ldap.5.xml:1854 sssd-ldap.5.xml:2411 sssd-ldap.5.xml:2476
-#: sssd-ldap.5.xml:2494 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:284 sssd-secrets.5.xml:297
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
+#: sssd.conf.5.xml:1467 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1881 sssd-ldap.5.xml:2447 sssd-ldap.5.xml:2512
+#: sssd-ldap.5.xml:2530 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
+#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr ""
 
@@ -311,17 +315,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:697
-#: sssd.conf.5.xml:1376 sssd.conf.5.xml:2691 sssd-ldap.5.xml:708
-#: sssd-ldap.5.xml:1569 sssd-ldap.5.xml:1588 sssd-ldap.5.xml:1764
-#: sssd-ldap.5.xml:2181 sssd-ipa.5.xml:144 sssd-ipa.5.xml:231
-#: sssd-ipa.5.xml:496 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
+#: sssd.conf.5.xml:1400 sssd.conf.5.xml:2865 sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:1596 sssd-ldap.5.xml:1615 sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:2217 sssd-ipa.5.xml:145 sssd-ipa.5.xml:232
+#: sssd-ipa.5.xml:540 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
 #: sssd-krb5.5.xml:471
 msgid "Default: false"
 msgstr "По умолчанию: false"
 
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2219
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2255
+#: sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:210
+#: sssd-systemtap.5.xml:248 sssd-systemtap.5.xml:304
 msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
@@ -344,8 +350,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1328 sssd.conf.5.xml:2707
-#: sssd-ldap.5.xml:1440 include/ldap_id_mapping.xml:264
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1352 sssd.conf.5.xml:2881
+#: sssd-ldap.5.xml:1467 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr "По умолчанию: 10"
 
@@ -360,7 +366,7 @@ msgid "The [sssd] section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:2796
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:2970
 msgid "Section parameters"
 msgstr ""
 
@@ -408,19 +414,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:589
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
 msgid "reconnection_retries (integer)"
 msgstr "попыток_соединения (целое число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:592
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:597
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
 msgid "Default: 3"
 msgstr "По умолчанию: 3"
 
@@ -440,7 +446,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2508
 msgid "re_expression (string)"
 msgstr ""
 
@@ -460,12 +466,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2391
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2559
 msgid "full_name_format (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2394
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2562
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -473,39 +479,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2405
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2573
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2574
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2577
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2412
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2580
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2418
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2586
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2421
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2589
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2402
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2570
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -629,11 +635,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1132 sssd-ldap.5.xml:679
-#: sssd-ldap.5.xml:1528 sssd-ldap.5.xml:1540 sssd-ldap.5.xml:1622
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1156 sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:1555 sssd-ldap.5.xml:1567 sssd-ldap.5.xml:1649
 #: sssd-ad.5.xml:667 sssd-ad.5.xml:742 sssd-krb5.5.xml:410 sssd-krb5.5.xml:556
-#: sssd-secrets.5.xml:272 sssd-secrets.5.xml:310 sssd-secrets.5.xml:323
-#: sssd-secrets.5.xml:337 sssd-secrets.5.xml:348
+#: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
+#: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415
 #: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
 msgid "Default: not set"
 msgstr ""
@@ -804,8 +810,24 @@ msgid ""
 "be looked up in a random order for each parent domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:563
+msgid ""
+"Please, note that when this option is set the output format of all commands "
+"is always fully-qualified even when using short names for input.  In case "
+"the administrator wants the output not fully-qualified, the full_name_format "
+"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
+"However, keep in mind that during login, login applications often "
+"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
+"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
+"shortname is returned for a qualified input (while trying to reach a user "
+"which exists in multiple domains) might re-route the login attempt into the "
+"domain which users shortnames, making this workaround totally not "
+"recommended in cases where usernames may overlap between domains."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563 sssd.conf.5.xml:1340 sssd.conf.5.xml:2757
+#: sssd.conf.5.xml:587 sssd.conf.5.xml:1364 sssd.conf.5.xml:2931
 #: sssd-ad.5.xml:148 sssd-ad.5.xml:286 sssd-ad.5.xml:300
 msgid "Default: Not set"
 msgstr ""
@@ -822,12 +844,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:574
+#: sssd.conf.5.xml:598
 msgid "SERVICES SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:600
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -836,22 +858,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:607
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:609
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:626
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:605
+#: sssd.conf.5.xml:629
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -861,17 +883,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:614
+#: sssd.conf.5.xml:638
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:643
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:646
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -881,18 +903,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:631 sssd.conf.5.xml:663 sssd.conf.5.xml:944
-#: sssd.conf.5.xml:1198 sssd-ldap.5.xml:1267
+#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
+#: sssd.conf.5.xml:1222 sssd-ldap.5.xml:1294
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:660
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:663
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -900,24 +922,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:670
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:673
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:678
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:681
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -925,12 +947,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:692
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:695
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -942,58 +964,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685 sssd.conf.5.xml:956 sssd.conf.5.xml:1514
+#: sssd.conf.5.xml:709 sssd.conf.5.xml:980 sssd.conf.5.xml:1559
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:690
+#: sssd.conf.5.xml:714
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:717
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:729
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:731
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:712
+#: sssd.conf.5.xml:736
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715
+#: sssd.conf.5.xml:739
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:719
+#: sssd.conf.5.xml:743
 msgid "Default: 120"
 msgstr "По умолчанию: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:748
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
+#: sssd.conf.5.xml:751
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1001,7 +1023,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:733
+#: sssd.conf.5.xml:757
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1011,7 +1033,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:767
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1020,17 +1042,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:775 sssd.conf.5.xml:1421
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:780
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:783
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1038,36 +1060,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:765 sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:789 sssd.conf.5.xml:1445
 msgid "Default: 15"
 msgstr "По умолчанию: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:770
-#, fuzzy
-#| msgid "reconnection_retries (integer)"
+#: sssd.conf.5.xml:794
 msgid "local_negative_timeout (integer)"
-msgstr "попыток_соединения (целое число)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:773
+#: sssd.conf.5.xml:797
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778 sssd.conf.5.xml:1186 sssd.conf.5.xml:2641 sssd.8.xml:79
+#: sssd.conf.5.xml:802 sssd.conf.5.xml:1210 sssd.conf.5.xml:2815 sssd.8.xml:79
 msgid "Default: 0"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:807
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:786
+#: sssd.conf.5.xml:810
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1076,7 +1096,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:817
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1085,41 +1105,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:801
+#: sssd.conf.5.xml:825
 msgid "Default: root"
 msgstr "По умолчанию: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:830
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:833
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:820
+#: sssd.conf.5.xml:844
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:847
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:852
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:834
+#: sssd.conf.5.xml:858
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1127,23 +1147,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1265 sssd.conf.5.xml:1284
+#: sssd.conf.5.xml:856 sssd.conf.5.xml:1289 sssd.conf.5.xml:1308
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:862
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:868
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:871
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1151,47 +1171,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:877
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:883
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:886
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:889
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:869
+#: sssd.conf.5.xml:893
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:898
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:879
+#: sssd.conf.5.xml:903
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:906
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1199,105 +1219,105 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:913
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:892
+#: sssd.conf.5.xml:916
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:920
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:925
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:904
+#: sssd.conf.5.xml:928
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:909
+#: sssd.conf.5.xml:933
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:936
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:940
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:945
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:948
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:954
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:937 sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:961 sssd.conf.5.xml:1215
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1218
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:973
 msgid "memcache_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:952
+#: sssd.conf.5.xml:976
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:983
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:967 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:991 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:994
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1308,96 +1328,96 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1007
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1012
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:993
+#: sssd.conf.5.xml:1017
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:996
+#: sssd.conf.5.xml:1020
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1025 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1004
+#: sssd.conf.5.xml:1028
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1012
+#: sssd.conf.5.xml:1036
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1038
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1043
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1022
+#: sssd.conf.5.xml:1046
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027 sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1051 sssd.conf.5.xml:1064
 msgid "Default: 0 (No limit)"
 msgstr "По умолчанию: 0 (неограничено)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1057
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1060
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1070
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1073
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1078
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1405,124 +1425,122 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1084 sssd.conf.5.xml:1182
 msgid "Default: 5"
 msgstr "По умолчанию: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1090
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1093
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1098
 msgid "Currently sssd supports the following values:"
 msgstr "В настоящее время sssd поддерживает следующие значения:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1101
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1104
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1108
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1111
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.8.xml:63
+#: sssd.conf.5.xml:1115 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "По умолчанию: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
-#, fuzzy
-#| msgid "reconnection_retries (integer)"
+#: sssd.conf.5.xml:1121
 msgid "pam_response_filter (integer)"
-msgstr "попыток_соединения (целое число)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1124
 msgid ""
-"A comma separated list of strings which allows to remove (filter) data send "
+"A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
-"responses send to pam_sss e.g. messages displayed to the user or environment "
+"responses sent to pam_sss e.g. messages displayed to the user or environment "
 "variables which should be set by pam_sss."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1132
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1139
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1116
-msgid "Do not sent any environment variables to any service."
+#: sssd.conf.5.xml:1140
+msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1143
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
-msgid "Do not sent environment variable var_name to any service."
+#: sssd.conf.5.xml:1144
+msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1148
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1125
-msgid "Do not sent environment variable var_name to service."
+#: sssd.conf.5.xml:1149
+msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1137
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1159
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1165
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1168
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1530,7 +1548,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1174
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1539,17 +1557,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1188
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1167 sssd.conf.5.xml:1866
+#: sssd.conf.5.xml:1191 sssd.conf.5.xml:2010
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1194
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1557,26 +1575,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1869
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2013
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1205
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1227
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1206
+#: sssd.conf.5.xml:1230
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1586,74 +1604,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1240
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1220
+#: sssd.conf.5.xml:1244
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1251
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1254
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1258
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1238
+#: sssd.conf.5.xml:1262
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1242
+#: sssd.conf.5.xml:1266
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1246 sssd.conf.5.xml:1271 sssd.conf.5.xml:1290
-#: sssd.conf.5.xml:1663 sssd.conf.5.xml:2577 sssd-ldap.5.xml:1823
+#: sssd.conf.5.xml:1270 sssd.conf.5.xml:1295 sssd.conf.5.xml:1314
+#: sssd.conf.5.xml:1807 sssd.conf.5.xml:2751 sssd-ldap.5.xml:1850
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1275
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1254
+#: sssd.conf.5.xml:1278
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1283
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:1291
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1661,19 +1679,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1276
+#: sssd.conf.5.xml:1300
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1303
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1310
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1681,12 +1699,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1319
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1322
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1694,58 +1712,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1304 sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1078
-#: sssd-ldap.5.xml:1369 sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1896
+#: sssd.conf.5.xml:1328 sssd-ldap.5.xml:1078 sssd-ldap.5.xml:1105
+#: sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1417 sssd-ldap.5.xml:1923
 #: include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1309
+#: sssd.conf.5.xml:1333
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1312
+#: sssd.conf.5.xml:1336
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1340
 msgid "Default: /etc/pki/nssdb (NSS version)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1345
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1348
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1357
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1360
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1349
+#: sssd.conf.5.xml:1373
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1351
+#: sssd.conf.5.xml:1375
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1756,34 +1774,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1392
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1371
+#: sssd.conf.5.xml:1395
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1407
+msgid "sudo_threshold (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1410
+msgid ""
+"Maximum number of expired rules that can be refreshed at once. If number of "
+"expired rules is below threshold, those rules are refreshed with "
+"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
+"<quote>full refresh</quote> of sudo rules is triggered instead. This "
+"threshold number also applies to IPA sudo command and command group searches."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1429
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1431
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1390
+#: sssd.conf.5.xml:1435
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1393
+#: sssd.conf.5.xml:1438
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1791,70 +1824,68 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1409
+#: sssd.conf.5.xml:1454
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1411
+#: sssd.conf.5.xml:1456
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1415
+#: sssd.conf.5.xml:1460
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1463
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1427
+#: sssd.conf.5.xml:1472
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430
+#: sssd.conf.5.xml:1475
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1434
+#: sssd.conf.5.xml:1479
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1484
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1487
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1447
-#, fuzzy
-#| msgid "Default: gecos"
+#: sssd.conf.5.xml:1492
 msgid "Default: /etc/pki/nssdb"
-msgstr "По умолчанию: gecos"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1455
+#: sssd.conf.5.xml:1500
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1457
+#: sssd.conf.5.xml:1502
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1865,7 +1896,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1466
+#: sssd.conf.5.xml:1511
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1876,24 +1907,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1519
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1525
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1484 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1529 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1487
+#: sssd.conf.5.xml:1532
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1901,12 +1932,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1538
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1497
+#: sssd.conf.5.xml:1542
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -1915,31 +1946,144 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
-#, fuzzy
-#| msgid "reconnection_retries (integer)"
+#: sssd.conf.5.xml:1551
 msgid "pac_lifetime (integer)"
-msgstr "попыток_соединения (целое число)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1554
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1567
+msgid "Session recording configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1569
+msgid ""
+"Session recording works in conjunction with <citerefentry> "
+"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>, a part of tlog package, to log what users see and type when "
+"they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
+"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1582
+msgid "These options can be used to configure session recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1586 sssd-session-recording.5.xml:64
+msgid "scope (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:71
+msgid "\"none\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:74
+msgid "No users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1601 sssd-session-recording.5.xml:79
+msgid "\"some\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1604 sssd-session-recording.5.xml:82
+msgid ""
+"Users/groups specified by <replaceable>users</replaceable> and "
+"<replaceable>groups</replaceable> options are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1613 sssd-session-recording.5.xml:91
+msgid "\"all\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1616 sssd-session-recording.5.xml:94
+msgid "All users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1589 sssd-session-recording.5.xml:67
+msgid ""
+"One of the following strings specifying the scope of session recording: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:101
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: \"none\""
+msgstr "По умолчанию: 3"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1628 sssd-session-recording.5.xml:106
+msgid "users (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1631 sssd-session-recording.5.xml:109
+msgid ""
+"A comma-separated list of users which should have session recording enabled. "
+"Matches user names as returned by NSS. I.e. after the possible space "
+"replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1637 sssd-session-recording.5.xml:115
+msgid "Default: Empty. Matches no users."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1642 sssd-session-recording.5.xml:120
+msgid "groups (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1645 sssd-session-recording.5.xml:123
+msgid ""
+"A comma-separated list of groups, members of which should have session "
+"recording enabled. Matches group names as returned by NSS. I.e. after the "
+"possible space replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1651 sssd-session-recording.5.xml:129
+msgid ""
+"NOTE: using this option (having it set to anything) has a considerable "
+"performance cost, because each uncached request for a user requires "
+"retrieving and matching the groups the user is member of."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:136
+msgid "Default: Empty. Matches no groups."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1668
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1531
+#: sssd.conf.5.xml:1675
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1534
+#: sssd.conf.5.xml:1678
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -1948,14 +2092,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1542
+#: sssd.conf.5.xml:1686
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546
+#: sssd.conf.5.xml:1690
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -1964,40 +2108,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1698
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1702
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1562
-#, fuzzy
-#| msgid "Default: posixAccount"
+#: sssd.conf.5.xml:1706
 msgid "Default: posix"
-msgstr "По умолчанию: posixAccount"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1568
+#: sssd.conf.5.xml:1712
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1715
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1720
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2006,46 +2148,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1727
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1731
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1737
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596
+#: sssd.conf.5.xml:1740
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1744
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603
+#: sssd.conf.5.xml:1747
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1821 sssd.conf.5.xml:1988
+#: sssd.conf.5.xml:1750 sssd.conf.5.xml:1965 sssd.conf.5.xml:2132
 msgid "Default: FALSE"
 msgstr "По умолчанию: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1609
+#: sssd.conf.5.xml:1753
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2057,14 +2199,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1766
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1771
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2073,39 +2215,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:1779
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1643
+#: sssd.conf.5.xml:1787
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1650
+#: sssd.conf.5.xml:1794
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1651
+#: sssd.conf.5.xml:1795
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1798
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1799
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1790
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2114,19 +2256,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1813
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672
+#: sssd.conf.5.xml:1816
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1820
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2137,151 +2279,151 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1689
+#: sssd.conf.5.xml:1833
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1695
+#: sssd.conf.5.xml:1839
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1698
+#: sssd.conf.5.xml:1842
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1702 sssd.conf.5.xml:1715 sssd.conf.5.xml:1728
-#: sssd.conf.5.xml:1741 sssd.conf.5.xml:1754 sssd.conf.5.xml:1768
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1846 sssd.conf.5.xml:1859 sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1885 sssd.conf.5.xml:1898 sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1926
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1708
+#: sssd.conf.5.xml:1852
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1711
+#: sssd.conf.5.xml:1855
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1721
+#: sssd.conf.5.xml:1865
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1868
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1878
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1881
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1891
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1750
+#: sssd.conf.5.xml:1894
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1760
+#: sssd.conf.5.xml:1904
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1763
+#: sssd.conf.5.xml:1907
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1774
+#: sssd.conf.5.xml:1918
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1921
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1932
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1791
+#: sssd.conf.5.xml:1935
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1796
+#: sssd.conf.5.xml:1940
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1944
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1804 sssd-ldap.5.xml:746 sssd-ipa.5.xml:247
+#: sssd.conf.5.xml:1948 sssd-ldap.5.xml:746 sssd-ipa.5.xml:248
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1810
+#: sssd.conf.5.xml:1954
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1957
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1961
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1827
+#: sssd.conf.5.xml:1971
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1830
+#: sssd.conf.5.xml:1974
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2289,24 +2431,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1981
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1986
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1992
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1995
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2315,17 +2457,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1858
+#: sssd.conf.5.xml:2002
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:2007
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1874
+#: sssd.conf.5.xml:2018
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2334,33 +2476,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1881
+#: sssd.conf.5.xml:2025
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:2031
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2034
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1894
+#: sssd.conf.5.xml:2038
 msgid "<quote>proxy</quote>: Support a legacy NSS provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897 sssd.conf.5.xml:2034
+#: sssd.conf.5.xml:2041 sssd.conf.5.xml:2178
 msgid "<quote>local</quote>: SSSD internal provider for local users"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:2045
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2368,8 +2510,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1909 sssd.conf.5.xml:2014 sssd.conf.5.xml:2069
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2053 sssd.conf.5.xml:2158 sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2378,8 +2520,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1918 sssd.conf.5.xml:2023 sssd.conf.5.xml:2078
-#: sssd.conf.5.xml:2141
+#: sssd.conf.5.xml:2062 sssd.conf.5.xml:2167 sssd.conf.5.xml:2222
+#: sssd.conf.5.xml:2285
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2387,19 +2529,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2073
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:2076
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2081
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2408,7 +2550,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1945
+#: sssd.conf.5.xml:2089
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2416,22 +2558,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1952
+#: sssd.conf.5.xml:2096
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2102
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1961
+#: sssd.conf.5.xml:2105
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2108
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2443,7 +2585,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1982
+#: sssd.conf.5.xml:2126
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2451,19 +2593,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1993
+#: sssd.conf.5.xml:2137
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1996
+#: sssd.conf.5.xml:2140
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000 sssd.conf.5.xml:2062
+#: sssd.conf.5.xml:2144 sssd.conf.5.xml:2206
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2471,7 +2613,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2007
+#: sssd.conf.5.xml:2151
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2479,30 +2621,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2175
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2182
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2041
+#: sssd.conf.5.xml:2185
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2191
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2194
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2510,19 +2652,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
+#: sssd.conf.5.xml:2200
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059
+#: sssd.conf.5.xml:2203
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2086
+#: sssd.conf.5.xml:2230
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2531,7 +2673,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2093
+#: sssd.conf.5.xml:2237
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -2539,29 +2681,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2244
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2247
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2108
+#: sssd.conf.5.xml:2252
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2111
+#: sssd.conf.5.xml:2255
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2116
+#: sssd.conf.5.xml:2260
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2569,7 +2711,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2124
+#: sssd.conf.5.xml:2268
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2577,35 +2719,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2149
+#: sssd.conf.5.xml:2293
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2153
+#: sssd.conf.5.xml:2297
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2300
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2163
+#: sssd.conf.5.xml:2307
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2166
+#: sssd.conf.5.xml:2310
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2314
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2613,32 +2755,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2178
+#: sssd.conf.5.xml:2322
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2326
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2186
+#: sssd.conf.5.xml:2330
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189 sssd.conf.5.xml:2267 sssd.conf.5.xml:2308
-#: sssd.conf.5.xml:2333
+#: sssd.conf.5.xml:2333 sssd.conf.5.xml:2411 sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2501
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2337
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2649,12 +2791,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2210
+#: sssd.conf.5.xml:2354
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2357
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -2662,7 +2804,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2219
+#: sssd.conf.5.xml:2363
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2670,31 +2812,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2227
+#: sssd.conf.5.xml:2371
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2230
+#: sssd.conf.5.xml:2374
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2380
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2383
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2245
+#: sssd.conf.5.xml:2389
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2702,7 +2844,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2254
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2711,23 +2853,54 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2263
+#: sssd.conf.5.xml:2407
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2417
+msgid "session_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2420
+msgid ""
+"The provider which configures and manages user session related tasks. The "
+"only user session task currently provided is the integration with Fleet "
+"Commander, which works only with IPA.  Supported session providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2427
+msgid "<quote>ipa</quote> to allow performing user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2431
+msgid ""
+"<quote>none</quote> does not perform any kind of user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2435
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can perform "
+"session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2442
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2445
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2449
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2735,7 +2908,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2288
+#: sssd.conf.5.xml:2456
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2743,7 +2916,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2296
+#: sssd.conf.5.xml:2464
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2751,24 +2924,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2305
+#: sssd.conf.5.xml:2473
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2483
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2486
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2322
+#: sssd.conf.5.xml:2490
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2776,12 +2949,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2330
+#: sssd.conf.5.xml:2498
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2343
+#: sssd.conf.5.xml:2511
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -2791,7 +2964,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2520
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2800,29 +2973,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2525
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2528
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2363
+#: sssd.conf.5.xml:2531
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2366
+#: sssd.conf.5.xml:2534
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2371
+#: sssd.conf.5.xml:2539
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2830,7 +3003,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2377
+#: sssd.conf.5.xml:2545
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2838,137 +3011,145 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2384
+#: sssd.conf.5.xml:2552
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2431
+#: sssd.conf.5.xml:2599
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "По умолчанию: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2437
+#: sssd.conf.5.xml:2605
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2440
+#: sssd.conf.5.xml:2608
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2444
+#: sssd.conf.5.xml:2612
 msgid "Supported values:"
 msgstr "Поддерживаемые значения:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2447
+#: sssd.conf.5.xml:2615
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2450
+#: sssd.conf.5.xml:2618
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2621
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2456
+#: sssd.conf.5.xml:2624
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2459
+#: sssd.conf.5.xml:2627
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2633
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2468
+#: sssd.conf.5.xml:2636
 msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
+"Defines the amount of time (in seconds) to wait for a reply from the "
+"internal fail over service before assuming that the service is unreachable. "
+"If this timeout is reached, the domain will continue to operate in offline "
+"mode."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2474 sssd-ldap.5.xml:1251 sssd-ldap.5.xml:1293
-#: sssd-ldap.5.xml:1311 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2643
+msgid ""
+"Please see the section <quote>FAILOVER</quote> for more information about "
+"the service resolution."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2648 sssd-ldap.5.xml:1278 sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1338 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2654
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2483
+#: sssd.conf.5.xml:2657
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2661
 msgid "Default: Use the domain part of machine's hostname"
 msgstr "По умолчанию: использовать доменное имя из hostname"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2493
+#: sssd.conf.5.xml:2667
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2496
+#: sssd.conf.5.xml:2670
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2502
+#: sssd.conf.5.xml:2676
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2510
+#: sssd.conf.5.xml:2684
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2513
+#: sssd.conf.5.xml:2687
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2519
+#: sssd.conf.5.xml:2693
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2695
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2525
+#: sssd.conf.5.xml:2699
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2528
+#: sssd.conf.5.xml:2702
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -2976,7 +3157,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2505
+#: sssd.conf.5.xml:2679
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -2984,17 +3165,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2540
+#: sssd.conf.5.xml:2714
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2546
+#: sssd.conf.5.xml:2720
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2549
+#: sssd.conf.5.xml:2723
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3002,34 +3183,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2729
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2558
+#: sssd.conf.5.xml:2732
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2561 sssd-ldap.5.xml:1084
+#: sssd.conf.5.xml:2735 sssd-ldap.5.xml:1111
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2564
+#: sssd.conf.5.xml:2738
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2567
+#: sssd.conf.5.xml:2741
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2573
+#: sssd.conf.5.xml:2747
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3037,32 +3218,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2571 sssd-secrets.5.xml:381
+#: sssd.conf.5.xml:2745 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2580
+#: sssd.conf.5.xml:2754
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2587
+#: sssd.conf.5.xml:2761
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2772
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2599
+#: sssd.conf.5.xml:2773
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2764
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3072,34 +3253,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:2778
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:2782
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2613
+#: sssd.conf.5.xml:2787
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2616
+#: sssd.conf.5.xml:2790
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2622
+#: sssd.conf.5.xml:2796
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2625
+#: sssd.conf.5.xml:2799
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3107,12 +3288,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2805
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2635
+#: sssd.conf.5.xml:2809
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3120,7 +3301,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1670
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3128,29 +3309,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2653
+#: sssd.conf.5.xml:2827
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2656
+#: sssd.conf.5.xml:2830
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2659
+#: sssd.conf.5.xml:2833
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2841
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2670
+#: sssd.conf.5.xml:2844
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3158,12 +3339,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2680
+#: sssd.conf.5.xml:2854
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2683
+#: sssd.conf.5.xml:2857
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3172,12 +3353,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2697
+#: sssd.conf.5.xml:2871
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2700
+#: sssd.conf.5.xml:2874
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3185,19 +3366,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2823
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2890
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2892
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3214,7 +3395,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2738
+#: sssd.conf.5.xml:2912
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3222,17 +3403,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2744
+#: sssd.conf.5.xml:2918
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2746
+#: sssd.conf.5.xml:2920
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2749
+#: sssd.conf.5.xml:2923
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3241,18 +3422,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2937
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
-"through the NSS responder. In addition, the application domains also "
-"requests the telephoneNumber attribute, stores it as the phone attribute in "
-"the cache and makes the phone attribute reachable through the D-Bus "
-"interface."
+"through the NSS responder. In addition, the application domain also requests "
+"the telephoneNumber attribute, stores it as the phone attribute in the cache "
+"and makes the phone attribute reachable through the D-Bus interface."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:2771
+#: sssd.conf.5.xml:2945
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3272,12 +3452,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2963
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2791
+#: sssd.conf.5.xml:2965
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3285,73 +3465,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2798
+#: sssd.conf.5.xml:2972
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2975
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2805
+#: sssd.conf.5.xml:2979
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2810
+#: sssd.conf.5.xml:2984
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2987
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2992
 msgid "Default: <filename>/home</filename>"
 msgstr "По умолчанию: <filename>/home</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2823
+#: sssd.conf.5.xml:2997
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:3000
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830 sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:3004 sssd.conf.5.xml:3016
 msgid "Default: TRUE"
 msgstr "По умолчанию: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2835
+#: sssd.conf.5.xml:3009
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2838
+#: sssd.conf.5.xml:3012
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2847
+#: sssd.conf.5.xml:3021
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2850
+#: sssd.conf.5.xml:3024
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3359,17 +3539,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2858
+#: sssd.conf.5.xml:3032
 msgid "Default: 077"
 msgstr "По умолчанию: 077"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:3037
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2866
+#: sssd.conf.5.xml:3040
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3378,17 +3558,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2876
+#: sssd.conf.5.xml:3050
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr "По умолчанию: <filename>/etc/skel</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2881
+#: sssd.conf.5.xml:3055
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2884
+#: sssd.conf.5.xml:3058
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3396,17 +3576,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2891
+#: sssd.conf.5.xml:3065
 msgid "Default: <filename>/var/mail</filename>"
 msgstr "По умолчанию: <filename>/var/mail</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:3070
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2899
+#: sssd.conf.5.xml:3073
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3414,86 +3594,85 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2905
+#: sssd.conf.5.xml:3079
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2915
+#: sssd.conf.5.xml:3089
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:3091
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
 "<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
-"replaceable>]</quote>.  Currently supported options in the trusted domain "
-"section are:"
+"replaceable>]</quote>.  Where DOMAIN_NAME is the actual joined-to base "
+"domain. Please refer to examples below for explanation.  Currently supported "
+"options in the trusted domain section are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2922
+#: sssd.conf.5.xml:3098
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:3099
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2924
+#: sssd.conf.5.xml:3100
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2925
+#: sssd.conf.5.xml:3101
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:3102
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2927
+#: sssd.conf.5.xml:3103
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2928
+#: sssd.conf.5.xml:3104
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2929
+#: sssd.conf.5.xml:3105
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2930
+#: sssd.conf.5.xml:3106
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2932
+#: sssd.conf.5.xml:3108
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2938 sssd-ldap.5.xml:2662 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:673 sssd-ad.5.xml:1018 sssd-krb5.5.xml:570
-#: sss_rpcidmapd.5.xml:98 sssd-files.5.xml:71
-msgid "EXAMPLE"
-msgstr "ПРИМЕР"
+#: sssd.conf.5.xml:3114 idmap_sss.8.xml:43
+msgid "EXAMPLES"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2944
+#: sssd.conf.5.xml:3120
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3523,14 +3702,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2940
+#: sssd.conf.5.xml:3116
 msgid ""
-"The following example shows a typical SSSD config. It does not describe "
+"1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 "id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:3153
+#, no-wrap
+msgid ""
+"[domain/ipa.com/child.ad.com]\n"
+"use_fully_qualified_names = false\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3147
+msgid ""
+"2. The following example shows configuration of IPA AD trust where the AD "
+"forest consists of two domains in a parent-child structure.  Suppose IPA "
+"domain (ipa.com) has trust with AD domain(ad.com).  ad.com has child domain "
+"(child.ad.com). To enable shortnames in the child domain the following "
+"configuration should be used.  <placeholder type=\"programlisting\" id=\"0\"/"
+">"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
 msgid "sssd-ldap"
@@ -3571,7 +3769,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:75 sssd-ad.5.xml:99
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
-#: sssd-secrets.5.xml:94 sssd-kcm.8.xml:141
+#: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
 msgstr "ПАРАМЕТРЫ КОНФИГУРАЦИИ"
 
@@ -3591,7 +3789,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:197
+#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:264
 msgid "The format of the URI must match the format defined in RFC 2732:"
 msgstr ""
 
@@ -3871,7 +4069,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:893
+#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:920
 msgid "Default: gidNumber"
 msgstr ""
 
@@ -3949,7 +4147,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:919
+#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:946
 msgid ""
 "Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
 "IPA"
@@ -3968,7 +4166,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:961
 msgid "Default: objectSid for ActiveDirectory, not set for other servers."
 msgstr ""
 
@@ -3978,14 +4176,14 @@ msgid "ldap_user_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:944 sssd-ldap.5.xml:1167
+#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:971 sssd-ldap.5.xml:1194
 msgid ""
 "The LDAP attribute that contains timestamp of the last modification of the "
 "parent object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:948 sssd-ldap.5.xml:1174
+#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:975 sssd-ldap.5.xml:1201
 msgid "Default: modifyTimestamp"
 msgstr "По умолчанию: modifyTimestamp"
 
@@ -4380,8 +4578,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1199
-#: sssd-ldap.5.xml:2240 sssd-ipa.5.xml:544
+#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1152 sssd-ldap.5.xml:1226
+#: sssd-ldap.5.xml:2276 sssd-ipa.5.xml:588
 msgid "Default: cn"
 msgstr ""
 
@@ -4468,132 +4666,167 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:833
-msgid "ldap_user_certificate (string)"
+msgid "ldap_user_authorized_rhost (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:836
-msgid "Name of the LDAP attribute containing the X509 certificate of the user."
+msgid ""
+"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
+"presence of the rhost attribute in the user's LDAP entry to determine access "
+"privilege. Similarly to host verification process."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:843
+msgid ""
+"An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
+"explicit allow (rhost) and finally for allow_all (*)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:848
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>rhost</quote> in order for the "
+"ldap_user_authorized_rhost option to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:855
+#, fuzzy
+#| msgid "Default: root"
+msgid "Default: rhost"
+msgstr "По умолчанию: root"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:861
+msgid "ldap_user_certificate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:840
-msgid "Default: no set in the general case, userCertificate;binary for IPA"
+#: sssd-ldap.5.xml:864
+msgid "Name of the LDAP attribute containing the X509 certificate of the user."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:868
+#, fuzzy
+#| msgid "Default: homeDirectory"
+msgid "Default: userCertificate;binary"
+msgstr "По умолчанию: homeDirectory"
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:847
+#: sssd-ldap.5.xml:874
 msgid "ldap_user_email (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:850
+#: sssd-ldap.5.xml:877
 msgid "Name of the LDAP attribute containing the email address of the user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-#, fuzzy
-#| msgid "Default: false"
+#: sssd-ldap.5.xml:881
 msgid "Default: mail"
-msgstr "По умолчанию: false"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:860
+#: sssd-ldap.5.xml:887
 msgid "ldap_group_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:890
 msgid "The object class of a group entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:893
 msgid "Default: posixGroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:872
+#: sssd-ldap.5.xml:899
 msgid "ldap_group_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:875
+#: sssd-ldap.5.xml:902
 msgid "The LDAP attribute that corresponds to the group name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:879
+#: sssd-ldap.5.xml:906
 msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:886
+#: sssd-ldap.5.xml:913
 msgid "ldap_group_gid_number (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:916
 msgid "The LDAP attribute that corresponds to the group's id."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:926
 msgid "ldap_group_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:902
+#: sssd-ldap.5.xml:929
 msgid "The LDAP attribute that contains the names of the group's members."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:933
 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:939
 msgid "ldap_group_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:942
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:953
 msgid "ldap_group_objectsid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:929
+#: sssd-ldap.5.xml:956
 msgid ""
 "The LDAP attribute that contains the objectSID of an LDAP group object. This "
 "is usually only necessary for ActiveDirectory servers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:968
 msgid "ldap_group_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:981
 msgid "ldap_group_type (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:957
+#: sssd-ldap.5.xml:984
 msgid ""
 "The LDAP attribute that contains an integer value indicating the type of the "
 "group and maybe other flags."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:962
+#: sssd-ldap.5.xml:989
 msgid ""
 "This attribute is currently only used by the AD provider to determine if a "
 "group is a domain local groups and has to be filtered out for trusted "
@@ -4601,34 +4834,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:968
+#: sssd-ldap.5.xml:995
 msgid "Default: groupType in the AD provider, otherwise not set"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:975
+#: sssd-ldap.5.xml:1002
 msgid "ldap_group_external_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:978
+#: sssd-ldap.5.xml:1005
 msgid ""
 "The LDAP attribute that references group members that are defined in an "
 "external domain. At the moment, only IPA's external members are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:1011
 msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1018
 msgid "ldap_group_nesting_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1021
 msgid ""
 "If ldap_schema is set to a schema format that supports nested groups (e.g. "
 "RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -4636,7 +4869,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
+#: sssd-ldap.5.xml:1028
 msgid ""
 "Note: This option specifies the guaranteed level of nested groups to be "
 "processed for any lookup. However, nested groups beyond this limit "
@@ -4646,7 +4879,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1037
 msgid ""
 "If ldap_group_nesting_level is set to 0 then no nested groups are processed "
 "at all. However, when connected to Active-Directory Server 2008 and later "
@@ -4656,17 +4889,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1046
 msgid "Default: 2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1025
+#: sssd-ldap.5.xml:1052
 msgid "ldap_groups_use_matching_rule_in_chain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1028
+#: sssd-ldap.5.xml:1055
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which may speed up group lookup operations on deployments with "
@@ -4674,14 +4907,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1034
+#: sssd-ldap.5.xml:1061
 msgid ""
 "In most common cases, it is best to leave this option disabled. It generally "
 "only provides a performance increase on very complex nestings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039 sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1093
 msgid ""
 "If this option is enabled, SSSD will use it if it detects that the server "
 "supports it during initial connection. So \"True\" here essentially means "
@@ -4689,7 +4922,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1072
+#: sssd-ldap.5.xml:1072 sssd-ldap.5.xml:1099
 msgid ""
 "Note: This feature is currently known to work only with Active Directory "
 "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4698,12 +4931,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1057
+#: sssd-ldap.5.xml:1084
 msgid "ldap_initgroups_use_matching_rule_in_chain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1087
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which might speed up initgroups operations (most notably when "
@@ -4711,168 +4944,168 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1114
 msgid ""
 "This options enables or disables use of Token-Groups attribute when "
 "performing initgroup for users from Active Directory Server 2008 and later."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1092
+#: sssd-ldap.5.xml:1119
 msgid "Default: True for AD and IPA otherwise False."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1125
 msgid "ldap_netgroup_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1101
+#: sssd-ldap.5.xml:1128
 msgid "The object class of a netgroup entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1104
+#: sssd-ldap.5.xml:1131
 msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1108
+#: sssd-ldap.5.xml:1135
 msgid "Default: nisNetgroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1114
+#: sssd-ldap.5.xml:1141
 msgid "ldap_netgroup_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1117
+#: sssd-ldap.5.xml:1144
 msgid "The LDAP attribute that corresponds to the netgroup name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1121
+#: sssd-ldap.5.xml:1148
 msgid "In IPA provider, ipa_netgroup_name should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1131
+#: sssd-ldap.5.xml:1158
 msgid "ldap_netgroup_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1134
+#: sssd-ldap.5.xml:1161
 msgid "The LDAP attribute that contains the names of the netgroup's members."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1165
 msgid "In IPA provider, ipa_netgroup_member should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1142
+#: sssd-ldap.5.xml:1169
 msgid "Default: memberNisNetgroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1175
 msgid "ldap_netgroup_triple (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1178
 msgid ""
 "The LDAP attribute that contains the (host, user, domain) netgroup triples."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1155 sssd-ldap.5.xml:1171
+#: sssd-ldap.5.xml:1182 sssd-ldap.5.xml:1198
 msgid "This option is not available in IPA provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1158
+#: sssd-ldap.5.xml:1185
 msgid "Default: nisNetgroupTriple"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1191
 msgid "ldap_netgroup_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1207
 msgid "ldap_service_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1210
 msgid "The object class of a service entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1186
+#: sssd-ldap.5.xml:1213
 msgid "Default: ipService"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1192
+#: sssd-ldap.5.xml:1219
 msgid "ldap_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1195
+#: sssd-ldap.5.xml:1222
 msgid ""
 "The LDAP attribute that contains the name of service attributes and their "
 "aliases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1205
+#: sssd-ldap.5.xml:1232
 msgid "ldap_service_port (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1235
 msgid "The LDAP attribute that contains the port managed by this service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1239
 msgid "Default: ipServicePort"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1245
 msgid "ldap_service_proto (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1248
 msgid ""
 "The LDAP attribute that contains the protocols understood by this service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1252
 msgid "Default: ipServiceProtocol"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1231
+#: sssd-ldap.5.xml:1258
 msgid "ldap_service_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1236
+#: sssd-ldap.5.xml:1263
 msgid "ldap_search_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1266
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches are allowed to run "
 "before they are cancelled and cached results are returned (and offline mode "
@@ -4880,7 +5113,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1245
+#: sssd-ldap.5.xml:1272
 msgid ""
 "Note: this option is subject to change in future versions of the SSSD. It "
 "will likely be replaced at some point by a series of timeouts for specific "
@@ -4888,12 +5121,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1257
+#: sssd-ldap.5.xml:1284
 msgid "ldap_enumeration_search_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1260
+#: sssd-ldap.5.xml:1287
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches for user and group "
 "enumerations are allowed to run before they are cancelled and cached results "
@@ -4901,12 +5134,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1273
+#: sssd-ldap.5.xml:1300
 msgid "ldap_network_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1303
 msgid ""
 "Specifies the timeout (in seconds) after which the <citerefentry> "
 "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4917,12 +5150,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1326
 msgid "ldap_opt_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1329
 msgid ""
 "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
 "will abort if no response is received. Also controls the timeout when "
@@ -4931,12 +5164,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1344
 msgid "ldap_connection_expire_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1347
 msgid ""
 "Specifies a timeout (in seconds) that a connection to an LDAP server will be "
 "maintained. After this time, the connection will be re-established. If used "
@@ -4945,34 +5178,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1328 sssd-ldap.5.xml:2397
+#: sssd-ldap.5.xml:1355 sssd-ldap.5.xml:2433
 msgid "Default: 900 (15 minutes)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1361
 msgid "ldap_page_size (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1364
 msgid ""
 "Specify the number of records to retrieve from LDAP in a single request. "
 "Some LDAP servers enforce a maximum limit per-request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1342
+#: sssd-ldap.5.xml:1369
 msgid "Default: 1000"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1375
 msgid "ldap_disable_paging (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1378
 msgid ""
 "Disable the LDAP paging control. This option should be used if the LDAP "
 "server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4980,14 +5213,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1384
 msgid ""
 "Example: OpenLDAP servers with the paging control module installed on the "
 "server but not enabled will report it in the RootDSE but be unable to use it."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1363
+#: sssd-ldap.5.xml:1390
 msgid ""
 "Example: 389 DS has a bug where it can only support a one paging control at "
 "a time on a single connection. On busy clients, this can result in some "
@@ -4995,17 +5228,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1375
+#: sssd-ldap.5.xml:1402
 msgid "ldap_disable_range_retrieval (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1378
+#: sssd-ldap.5.xml:1405
 msgid "Disable Active Directory range retrieval."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1381
+#: sssd-ldap.5.xml:1408
 msgid ""
 "Active Directory limits the number of members to be retrieved in a single "
 "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -5015,12 +5248,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1396
+#: sssd-ldap.5.xml:1423
 msgid "ldap_sasl_minssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1426
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -5028,17 +5261,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1432
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1439
 msgid "ldap_deref_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1415
+#: sssd-ldap.5.xml:1442
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -5046,13 +5279,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1448
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1452
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -5061,7 +5294,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1433
+#: sssd-ldap.5.xml:1460
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -5069,26 +5302,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1473
 msgid "ldap_tls_reqcert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1449
+#: sssd-ldap.5.xml:1476
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1482
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1486
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5096,7 +5329,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466
+#: sssd-ldap.5.xml:1493
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5104,7 +5337,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1472
+#: sssd-ldap.5.xml:1499
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -5112,41 +5345,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1478
+#: sssd-ldap.5.xml:1505
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1509
 msgid "Default: hard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1515
 msgid "ldap_tls_cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1518
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1496 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1523 sssd-ldap.5.xml:1541 sssd-ldap.5.xml:1582
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1530
 msgid "ldap_tls_cacertdir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1533
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -5155,32 +5388,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1548
 msgid "ldap_tls_cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1524
+#: sssd-ldap.5.xml:1551
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1534
+#: sssd-ldap.5.xml:1561
 msgid "ldap_tls_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1564
 msgid "Specifies the file that contains the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1573
 msgid "ldap_tls_cipher_suite (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1576
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -5188,24 +5421,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1589
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1565
+#: sssd-ldap.5.xml:1592
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem class="
 "\"protocol\">tls</systemitem> to protect the channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1602
 msgid "ldap_id_mapping (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1605
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -5213,17 +5446,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1584
+#: sssd-ldap.5.xml:1611
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1621
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1624
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -5234,29 +5467,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1636
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1642
 msgid "ldap_sasl_mech (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1645
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
 "supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1655
 msgid "ldap_sasl_authid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1658
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI is used, this "
 "represents the Kerberos principal used for authentication to the directory.  "
@@ -5265,17 +5498,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1666
 msgid "Default: host/hostname@REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1672
 msgid "ldap_sasl_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1648
+#: sssd-ldap.5.xml:1675
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -5283,49 +5516,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1681
 msgid "Default: the value of krb5_realm."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1687
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1663
+#: sssd-ldap.5.xml:1690
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1668
+#: sssd-ldap.5.xml:1695
 msgid "Default: false;"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1701
 msgid "ldap_krb5_keytab (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1677
+#: sssd-ldap.5.xml:1704
 msgid "Specify the keytab to use when using SASL/GSSAPI."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1680
+#: sssd-ldap.5.xml:1707
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1686
+#: sssd-ldap.5.xml:1713
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1689
+#: sssd-ldap.5.xml:1716
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -5333,27 +5566,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1728
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1704
+#: sssd-ldap.5.xml:1731
 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1708 sssd-ad.5.xml:914
+#: sssd-ldap.5.xml:1735 sssd-ad.5.xml:914
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1714 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1741 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1717
+#: sssd-ldap.5.xml:1744
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -5365,7 +5598,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1756 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -5373,7 +5606,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1761 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -5381,39 +5614,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1743 sssd-ipa.5.xml:418 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1770 sssd-ipa.5.xml:432 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1746
+#: sssd-ldap.5.xml:1773
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1749
+#: sssd-ldap.5.xml:1776
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1755 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1782 sssd-krb5.5.xml:462
 msgid "krb5_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1785
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1770 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1797 sssd-krb5.5.xml:477
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1773 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1800 sssd-krb5.5.xml:480
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -5423,7 +5656,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1811 sssd-krb5.5.xml:491
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -5431,26 +5664,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1825
 msgid "ldap_pwd_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1828
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1806
+#: sssd-ldap.5.xml:1833
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1811
+#: sssd-ldap.5.xml:1838
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -5458,7 +5691,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1817
+#: sssd-ldap.5.xml:1844
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5466,31 +5699,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1826
+#: sssd-ldap.5.xml:1853
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1861
 msgid "ldap_referrals (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1864
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1868
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1873
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5499,56 +5732,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1887
 msgid "ldap_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1890
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1894
 msgid "Default: ldap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1900
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1876
+#: sssd-ldap.5.xml:1903
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1881
+#: sssd-ldap.5.xml:1908
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1887
+#: sssd-ldap.5.xml:1914
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1890
+#: sssd-ldap.5.xml:1917
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1902
+#: sssd-ldap.5.xml:1929
 msgid "ldap_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1932
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -5564,12 +5797,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1952
 msgid "Example:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1928
+#: sssd-ldap.5.xml:1955
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -5578,14 +5811,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1959
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1964
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -5594,24 +5827,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1945 sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:1972 sssd-ldap.5.xml:2029
 msgid "Default: Empty"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1951
+#: sssd-ldap.5.xml:1978
 msgid "ldap_account_expire_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1981
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1958
+#: sssd-ldap.5.xml:1985
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5619,19 +5852,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1965
+#: sssd-ldap.5.xml:1992
 msgid "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1995
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1973
+#: sssd-ldap.5.xml:2000
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5640,7 +5873,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:2007
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5648,7 +5881,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1986
+#: sssd-ldap.5.xml:2013
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5657,7 +5890,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2022
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -5665,22 +5898,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2035
 msgid "ldap_access_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2011
+#: sssd-ldap.5.xml:2038
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2042
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2045
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5690,14 +5923,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2028
+#: sssd-ldap.5.xml:2055
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2062
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5710,12 +5943,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2052
+#: sssd-ldap.5.xml:2079
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2056
+#: sssd-ldap.5.xml:2083
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5725,7 +5958,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2093
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5735,49 +5968,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2101
 msgid ""
 "Note If user password is expired no explicit message is prompted by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2105
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2083
+#: sssd-ldap.5.xml:2110
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2115
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2092
+#: sssd-ldap.5.xml:2119
+msgid ""
+"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
+"remote host can access"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2123
+msgid ""
+"Please note, rhost field in pam is set by application, it is better to check "
+"what the application sends to pam, before enabling this access control option"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2128
 msgid "Default: filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2095
+#: sssd-ldap.5.xml:2131
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2102
+#: sssd-ldap.5.xml:2138
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2105
+#: sssd-ldap.5.xml:2141
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -5786,74 +6033,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2113
+#: sssd-ldap.5.xml:2149
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2152
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2122
+#: sssd-ldap.5.xml:2158
 msgid "ldap_deref (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2125
+#: sssd-ldap.5.xml:2161
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2130
+#: sssd-ldap.5.xml:2166
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2134
+#: sssd-ldap.5.xml:2170
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2139
+#: sssd-ldap.5.xml:2175
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2144
+#: sssd-ldap.5.xml:2180
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2149
+#: sssd-ldap.5.xml:2185
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2157
+#: sssd-ldap.5.xml:2193
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2196
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2200
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -5864,7 +6111,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2175
+#: sssd-ldap.5.xml:2211
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -5872,24 +6119,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187 sssd-ifp.5.xml:136
-msgid "wildcart_limit (integer)"
+#: sssd-ldap.5.xml:2223 sssd-ifp.5.xml:136
+msgid "wildcard_limit (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2226
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2194
+#: sssd-ldap.5.xml:2230
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2234
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
@@ -5904,12 +6151,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2244
 msgid "SUDO OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2210
+#: sssd-ldap.5.xml:2246
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5917,208 +6164,208 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2221
+#: sssd-ldap.5.xml:2257
 msgid "ldap_sudorule_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2260
 msgid "The object class of a sudo rule entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2227
+#: sssd-ldap.5.xml:2263
 msgid "Default: sudoRole"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2233
+#: sssd-ldap.5.xml:2269
 msgid "ldap_sudorule_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2272
 msgid "The LDAP attribute that corresponds to the sudo rule name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2246
+#: sssd-ldap.5.xml:2282
 msgid "ldap_sudorule_command (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2249
+#: sssd-ldap.5.xml:2285
 msgid "The LDAP attribute that corresponds to the command name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2253
+#: sssd-ldap.5.xml:2289
 msgid "Default: sudoCommand"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2259
+#: sssd-ldap.5.xml:2295
 msgid "ldap_sudorule_host (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2262
+#: sssd-ldap.5.xml:2298
 msgid ""
 "The LDAP attribute that corresponds to the host name (or host IP address, "
 "host IP network, or host netgroup)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2303
 msgid "Default: sudoHost"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2273
+#: sssd-ldap.5.xml:2309
 msgid "ldap_sudorule_user (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2276
+#: sssd-ldap.5.xml:2312
 msgid ""
 "The LDAP attribute that corresponds to the user name (or UID, group name or "
 "user's netgroup)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2316
 msgid "Default: sudoUser"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2286
+#: sssd-ldap.5.xml:2322
 msgid "ldap_sudorule_option (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2289
+#: sssd-ldap.5.xml:2325
 msgid "The LDAP attribute that corresponds to the sudo options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2329
 msgid "Default: sudoOption"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2335
 msgid "ldap_sudorule_runasuser (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2302
+#: sssd-ldap.5.xml:2338
 msgid ""
 "The LDAP attribute that corresponds to the user name that commands may be "
 "run as."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2306
+#: sssd-ldap.5.xml:2342
 msgid "Default: sudoRunAsUser"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2312
+#: sssd-ldap.5.xml:2348
 msgid "ldap_sudorule_runasgroup (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2351
 msgid ""
 "The LDAP attribute that corresponds to the group name or group GID that "
 "commands may be run as."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2319
+#: sssd-ldap.5.xml:2355
 msgid "Default: sudoRunAsGroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2361
 msgid "ldap_sudorule_notbefore (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2328
+#: sssd-ldap.5.xml:2364
 msgid ""
 "The LDAP attribute that corresponds to the start date/time for when the sudo "
 "rule is valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2332
+#: sssd-ldap.5.xml:2368
 msgid "Default: sudoNotBefore"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2338
+#: sssd-ldap.5.xml:2374
 msgid "ldap_sudorule_notafter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2341
+#: sssd-ldap.5.xml:2377
 msgid ""
 "The LDAP attribute that corresponds to the expiration date/time, after which "
 "the sudo rule will no longer be valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2346
+#: sssd-ldap.5.xml:2382
 msgid "Default: sudoNotAfter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2352
+#: sssd-ldap.5.xml:2388
 msgid "ldap_sudorule_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2391
 msgid "The LDAP attribute that corresponds to the ordering index of the rule."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2359
+#: sssd-ldap.5.xml:2395
 msgid "Default: sudoOrder"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2365
+#: sssd-ldap.5.xml:2401
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2368
+#: sssd-ldap.5.xml:2404
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2373
+#: sssd-ldap.5.xml:2409
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2378
+#: sssd-ldap.5.xml:2414
 msgid "Default: 21600 (6 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2420
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387
+#: sssd-ldap.5.xml:2423
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest USN "
@@ -6126,101 +6373,101 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2429
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2403
+#: sssd-ldap.5.xml:2439
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2406
+#: sssd-ldap.5.xml:2442
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2417
+#: sssd-ldap.5.xml:2453
 msgid "ldap_sudo_hostnames (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2420
+#: sssd-ldap.5.xml:2456
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2425
+#: sssd-ldap.5.xml:2461
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2430 sssd-ldap.5.xml:2453 sssd-ldap.5.xml:2471
-#: sssd-ldap.5.xml:2489
+#: sssd-ldap.5.xml:2466 sssd-ldap.5.xml:2489 sssd-ldap.5.xml:2507
+#: sssd-ldap.5.xml:2525
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2435 sssd-ldap.5.xml:2458
+#: sssd-ldap.5.xml:2471 sssd-ldap.5.xml:2494
 msgid "Default: not specified"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2477
 msgid "ldap_sudo_ip (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2444
+#: sssd-ldap.5.xml:2480
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2449
+#: sssd-ldap.5.xml:2485
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2464
+#: sssd-ldap.5.xml:2500
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2467
+#: sssd-ldap.5.xml:2503
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2482
+#: sssd-ldap.5.xml:2518
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2485
+#: sssd-ldap.5.xml:2521
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2501
+#: sssd-ldap.5.xml:2537
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -6229,111 +6476,111 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2547
 msgid "AUTOFS OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2513
+#: sssd-ldap.5.xml:2549
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2555
 msgid "ldap_autofs_map_master_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2522
+#: sssd-ldap.5.xml:2558
 msgid "The name of the automount master map in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2525
+#: sssd-ldap.5.xml:2561
 msgid "Default: auto.master"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2532
+#: sssd-ldap.5.xml:2568
 msgid "ldap_autofs_map_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2535
+#: sssd-ldap.5.xml:2571
 msgid "The object class of an automount map entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2538
+#: sssd-ldap.5.xml:2574
 msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2546
+#: sssd-ldap.5.xml:2582
 msgid "ldap_autofs_map_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2549
+#: sssd-ldap.5.xml:2585
 msgid "The name of an automount map entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2552
+#: sssd-ldap.5.xml:2588
 msgid ""
 "Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2596
 msgid "ldap_autofs_entry_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2563
+#: sssd-ldap.5.xml:2599
 msgid ""
 "The object class of an automount entry in LDAP. The entry usually "
 "corresponds to a mount point."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2568
+#: sssd-ldap.5.xml:2604
 msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2576
+#: sssd-ldap.5.xml:2612
 msgid "ldap_autofs_entry_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2579 sssd-ldap.5.xml:2594
+#: sssd-ldap.5.xml:2615 sssd-ldap.5.xml:2630
 msgid ""
 "The key of an automount entry in LDAP. The entry usually corresponds to a "
 "mount point."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2583
+#: sssd-ldap.5.xml:2619
 msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2627
 msgid "ldap_autofs_entry_value (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2598
+#: sssd-ldap.5.xml:2634
 msgid ""
 "Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
 "automountInformation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2517
+#: sssd-ldap.5.xml:2553
 msgid ""
 "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
 "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -6342,56 +6589,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2609
+#: sssd-ldap.5.xml:2645
 msgid "ADVANCED OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2616
+#: sssd-ldap.5.xml:2652
 msgid "ldap_netgroup_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2621
+#: sssd-ldap.5.xml:2657
 msgid "ldap_user_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2626
+#: sssd-ldap.5.xml:2662
 msgid "ldap_group_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2631
+#: sssd-ldap.5.xml:2667
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2633
+#: sssd-ldap.5.xml:2669
 msgid ""
-"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
+"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
 "memberships, even with no GID mapping. It is recommended to disable this "
 "feature, if group names are not being displayed correctly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2640
+#: sssd-ldap.5.xml:2676
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2642
+#: sssd-ldap.5.xml:2678
 msgid "ldap_sudo_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2647
+#: sssd-ldap.5.xml:2683
 msgid "ldap_autofs_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2611
+#: sssd-ldap.5.xml:2647
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -6399,8 +6646,15 @@ msgid ""
 "\"variablelist\" id=\"1\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2698 sssd-simple.5.xml:131 sssd-ipa.5.xml:717
+#: sssd-ad.5.xml:1018 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+msgid "EXAMPLE"
+msgstr "ПРИМЕР"
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2664
+#: sssd-ldap.5.xml:2700
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -6408,7 +6662,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2670
+#: sssd-ldap.5.xml:2706
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -6421,26 +6675,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2669 sssd-ldap.5.xml:2687 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:681 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 include/ldap_id_mapping.xml:105
+#: sssd-ldap.5.xml:2705 sssd-ldap.5.xml:2723 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2681
+#: sssd-ldap.5.xml:2717
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2683
+#: sssd-ldap.5.xml:2719
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2688
+#: sssd-ldap.5.xml:2724
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -6456,13 +6711,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2703 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2739 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1041 sssd.8.xml:195 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2705
+#: sssd-ldap.5.xml:2741
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -6963,9 +7218,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:45
 msgid ""
-"The rules are process by priority while the number '0' (zero)  indicates the "
-"highest priority. The higher the number the lower is the priority. A missing "
-"value indicates the lowest priority."
+"The rules are processed by priority while the number '0' (zero)  indicates "
+"the highest priority. The higher the number the lower is the priority. A "
+"missing value indicates the lowest priority."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
@@ -7049,7 +7304,7 @@ msgstr ""
 #: sss-certmap.5.xml:112
 msgid ""
 "This option can be used to specify which key usage values the certificate "
-"should have. The following value can be used in a comma separate list:"
+"should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
@@ -7426,7 +7681,7 @@ msgid ""
 "exception is the proxy provider which is not of relevance here). Because of "
 "this the mapping rule is based on LDAP search filter syntax with templates "
 "to add certificate content to the filter. It is expected that the filter "
-"will only contain the specific data needed for the mapping an that the "
+"will only contain the specific data needed for the mapping and that the "
 "caller will embed it in another filter to do the actual search. Because of "
 "this the filter string should start and stop with '(' and ')' respectively."
 msgstr ""
@@ -7446,8 +7701,8 @@ msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
 "is that the user specific data in LDAP might change for various reasons "
-"would would break the mapping. On the other hand it would be hard to break "
-"the mapping on purpose for a specific user."
+"would break the mapping. On the other hand it would be hard to break the "
+"mapping on purpose for a specific user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -7541,7 +7796,7 @@ msgstr ""
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
-"represent the first part of the principal before the '@' sign."
+"represents the first part of the principal before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7559,8 +7814,8 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:459
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by pkinit. The 'short_name' component represent the first part of the "
+"This template will add the Kerberos principal which is given by the SAN used "
+"by pkinit. The 'short_name' component represents the first part of the "
 "principal before the '@' sign."
 msgstr ""
 
@@ -7579,9 +7834,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:473
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by AD. The 'short_name' component represent the first part of the "
-"principal before the '@' sign."
+"This template will add the Kerberos principal which is given by the SAN used "
+"by AD. The 'short_name' component represent the first part of the principal "
+"before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -7594,7 +7849,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
-"represent the first part of the address before the '@' sign."
+"represents the first part of the address before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7614,7 +7869,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
-"component represent the first part of the name before the first '.' sign."
+"component represents the first part of the name before the first '.' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7730,7 +7985,7 @@ msgstr ""
 #: sss-certmap.5.xml:367
 msgid ""
 "The templates to add certificate data to the search filter are based on "
-"Python-style formatting strings. They consists of a keyword in curly braces "
+"Python-style formatting strings. They consist of a keyword in curly braces "
 "with an optional sub-component specifier separated by a '.' or an optional "
 "conversion/formatting option separated by a '!'.  Allowed values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -7850,16 +8105,17 @@ msgstr ""
 #: sssd-ipa.5.xml:113
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
+"fully qualified name used in the IPA domain to identify this host.  The "
+"hostname must be fully qualified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121 sssd-ad.5.xml:843
+#: sssd-ipa.5.xml:122 sssd-ad.5.xml:843
 msgid "dyndns_update (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:125
 msgid ""
 "Optional. This option tells SSSD to automatically update the DNS server "
 "built into FreeIPA with the IP address of this client. The update is secured "
@@ -7869,14 +8125,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:133 sssd-ad.5.xml:857
+#: sssd-ipa.5.xml:134 sssd-ad.5.xml:857
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:139
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_update</"
@@ -7884,12 +8140,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:150 sssd-ad.5.xml:868
+#: sssd-ipa.5.xml:151 sssd-ad.5.xml:868
 msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:153 sssd-ad.5.xml:871
+#: sssd-ipa.5.xml:154 sssd-ad.5.xml:871
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -7897,7 +8153,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:159
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
@@ -7905,17 +8161,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:164
+#: sssd-ipa.5.xml:165
 msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:170 sssd-ad.5.xml:882
+#: sssd-ipa.5.xml:171 sssd-ad.5.xml:882
 msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173 sssd-ad.5.xml:885
+#: sssd-ipa.5.xml:174 sssd-ad.5.xml:885
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -7924,7 +8180,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180
+#: sssd-ipa.5.xml:181
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -7932,24 +8188,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:186
+#: sssd-ipa.5.xml:187
 msgid ""
 "Default: Use the IP addresses of the interface which is used for IPA LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:190 sssd-ad.5.xml:896
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:896
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196 sssd-ad.5.xml:947
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:947
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199 sssd-ad.5.xml:950
+#: sssd-ipa.5.xml:200 sssd-ad.5.xml:950
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -7957,24 +8213,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:205 sssd-ad.5.xml:956
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:956
 msgid "Default: GSS-TSIG"
-msgstr "По умолчанию: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:212
 msgid "ipa_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:197
+#: sssd-ipa.5.xml:215 sssd-ad.5.xml:197
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:218
+#: sssd-ipa.5.xml:219
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, then the SSSD will first attempt location "
@@ -7986,12 +8240,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:237 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:238 sssd-ad.5.xml:902
 msgid "dyndns_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:240
+#: sssd-ipa.5.xml:241
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -7999,234 +8253,280 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:920
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:920
 msgid "dyndns_update_ptr (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:923
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:923
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:261
+#: sssd-ipa.5.xml:262
 msgid ""
 "This option should be False in most IPA deployments as the IPA server "
 "generates the PTR records automatically when forward records are changed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:268
 msgid "Default: False (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273 sssd-ad.5.xml:934
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:934
 msgid "dyndns_force_tcp (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276 sssd-ad.5.xml:937
+#: sssd-ipa.5.xml:277 sssd-ad.5.xml:937
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:941
+#: sssd-ipa.5.xml:281 sssd-ad.5.xml:941
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:286 sssd-ad.5.xml:962
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:962
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:289 sssd-ad.5.xml:965
+#: sssd-ipa.5.xml:290 sssd-ad.5.xml:965
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:294 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:295 sssd-ad.5.xml:970
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:299 sssd-ad.5.xml:975
+#: sssd-ipa.5.xml:300 sssd-ad.5.xml:975
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:304 sssd-ad.5.xml:980
+#: sssd-ipa.5.xml:305 sssd-ad.5.xml:980
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:310
-msgid "ipa_hbac_search_base (string)"
+#: sssd-ipa.5.xml:311
+msgid "ipa_deskprofile_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Optional. Use the given string as search base for HBAC related objects."
+#: sssd-ipa.5.xml:314
+msgid ""
+"Optional. Use the given string as search base for Desktop Profile related "
+"objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:317
+#: sssd-ipa.5.xml:318 sssd-ipa.5.xml:331
 msgid "Default: Use base DN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:324
+msgid "ipa_hbac_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:327
+msgid "Optional. Use the given string as search base for HBAC related objects."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:337
 msgid "ipa_host_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:326
+#: sssd-ipa.5.xml:340
 msgid "Optional. Use the given string as search base for host objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:330 sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 sssd-ipa.5.xml:387
-#: sssd-ipa.5.xml:406
+#: sssd-ipa.5.xml:344 sssd-ipa.5.xml:363 sssd-ipa.5.xml:382 sssd-ipa.5.xml:401
+#: sssd-ipa.5.xml:420
 msgid ""
 "See <quote>ldap_search_base</quote> for information about configuring "
 "multiple search bases."
 msgstr ""
 
 #. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:335 sssd-ipa.5.xml:354 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 include/ldap_search_bases.xml:27
 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:356
 msgid "ipa_selinux_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:345
+#: sssd-ipa.5.xml:359
 msgid "Optional. Use the given string as search base for SELinux user maps."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:375
 msgid "ipa_subdomains_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364
+#: sssd-ipa.5.xml:378
 msgid "Optional. Use the given string as search base for trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:373
+#: sssd-ipa.5.xml:387
 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:380
+#: sssd-ipa.5.xml:394
 msgid "ipa_master_domain_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:383
+#: sssd-ipa.5.xml:397
 msgid "Optional. Use the given string as search base for master domain object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:406
 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:399
+#: sssd-ipa.5.xml:413
 msgid "ipa_views_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:402
+#: sssd-ipa.5.xml:416
 msgid "Optional. Use the given string as search base for views containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:411
+#: sssd-ipa.5.xml:425
 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:435
 msgid ""
 "The name of the Kerberos realm. This is optional and defaults to the value "
 "of <quote>ipa_domain</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:425
+#: sssd-ipa.5.xml:439
 msgid ""
 "The name of the Kerberos realm has a special meaning in IPA - it is "
 "converted into the base DN to use for performing LDAP operations."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:433 sssd-ad.5.xml:989
+#: sssd-ipa.5.xml:447 sssd-ad.5.xml:989
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:436 sssd-ad.5.xml:992
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:992
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:440 sssd-ad.5.xml:996
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:996
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:444 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1000
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:465
+#, fuzzy
+#| msgid "reconnection_retries (integer)"
+msgid "ipa_deskprofile_refresh (integer)"
+msgstr "попыток_соединения (целое число)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:468
+msgid ""
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server. This will reduce the latency and load on the IPA server if there "
+"are many desktop profiles requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:475 sssd-ipa.5.xml:505 sssd-ipa.5.xml:521 sssd-ad.5.xml:408
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:481
+msgid "ipa_deskprofile_request_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:484
+msgid ""
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server in case the last request did not return any rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:489
+#, fuzzy
+#| msgid "Default: 0 (No limit)"
+msgid "Default: 60 (minutes)"
+msgstr "По умолчанию: 0 (неограничено)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:495
 msgid "ipa_hbac_refresh (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:498
 msgid ""
 "The amount of time between lookups of the HBAC rules against the IPA server. "
 "This will reduce the latency and load on the IPA server if there are many "
 "access-control requests made in a short period."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ipa.5.xml:477 sssd-ad.5.xml:408
-msgid "Default: 5 (seconds)"
-msgstr ""
-
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:511
 msgid "ipa_hbac_selinux (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:470
+#: sssd-ipa.5.xml:514
 msgid ""
 "The amount of time between lookups of the SELinux maps against the IPA "
 "server. This will reduce the latency and load on the IPA server if there are "
@@ -8234,192 +8534,192 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:527
 msgid "ipa_server_mode (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:486
+#: sssd-ipa.5.xml:530
 msgid ""
 "This option will be set by the IPA installer (ipa-server-install) "
 "automatically and denotes if SSSD is running on an IPA server or not."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:535
 msgid ""
 "On an IPA server SSSD will lookup users and groups from trusted domains "
 "directly while on a client it will ask an IPA server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:502
+#: sssd-ipa.5.xml:546
 msgid "ipa_automount_location (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:505
+#: sssd-ipa.5.xml:549
 msgid "The automounter location this IPA client will be using"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508
+#: sssd-ipa.5.xml:552
 msgid "Default: The location named \"default\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:516
+#: sssd-ipa.5.xml:560
 msgid "VIEWS AND OVERRIDES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:525
+#: sssd-ipa.5.xml:569
 msgid "ipa_view_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:572
 msgid "Objectclass of the view container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:575
 msgid "Default: nsContainer"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:537
+#: sssd-ipa.5.xml:581
 msgid "ipa_view_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:540
+#: sssd-ipa.5.xml:584
 msgid "Name of the attribute holding the name of the view."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:550
+#: sssd-ipa.5.xml:594
 msgid "ipa_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:597
 msgid "Objectclass of the override objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:556
+#: sssd-ipa.5.xml:600
 msgid "Default: ipaOverrideAnchor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:606
 msgid "ipa_anchor_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:565
+#: sssd-ipa.5.xml:609
 msgid ""
 "Name of the attribute containing the reference to the original object in a "
 "remote domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:613
 msgid "Default: ipaAnchorUUID"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:619
 msgid "ipa_user_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:578
+#: sssd-ipa.5.xml:622
 msgid ""
 "Name of the objectclass for user overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:583
+#: sssd-ipa.5.xml:627
 msgid "User overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:586
+#: sssd-ipa.5.xml:630
 msgid "ldap_user_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:589
+#: sssd-ipa.5.xml:633
 msgid "ldap_user_uid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:592
+#: sssd-ipa.5.xml:636
 msgid "ldap_user_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:595
+#: sssd-ipa.5.xml:639
 msgid "ldap_user_gecos"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:598
+#: sssd-ipa.5.xml:642
 msgid "ldap_user_home_directory"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:601
+#: sssd-ipa.5.xml:645
 msgid "ldap_user_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:604
+#: sssd-ipa.5.xml:648
 msgid "ldap_user_ssh_public_key"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:653
 msgid "Default: ipaUserOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:615
+#: sssd-ipa.5.xml:659
 msgid "ipa_group_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:618
+#: sssd-ipa.5.xml:662
 msgid ""
 "Name of the objectclass for group overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:623
+#: sssd-ipa.5.xml:667
 msgid "Group overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:626
+#: sssd-ipa.5.xml:670
 msgid "ldap_group_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:629
+#: sssd-ipa.5.xml:673
 msgid "ldap_group_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
+#: sssd-ipa.5.xml:678
 msgid "Default: ipaGroupOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:518
+#: sssd-ipa.5.xml:562
 msgid ""
 "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
 "later version. Since all paths and objectclasses are fixed on the server "
@@ -8429,19 +8729,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:646
+#: sssd-ipa.5.xml:690
 msgid "SUBDOMAINS PROVIDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:692
 msgid ""
 "The IPA subdomains provider behaves slightly differently if it is configured "
 "explicitly or implicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:652
+#: sssd-ipa.5.xml:696
 msgid ""
 "If the option 'subdomains_provider = ipa' is found in the domain section of "
 "sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -8449,7 +8749,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:658
+#: sssd-ipa.5.xml:702
 msgid ""
 "If the option 'subdomains_provider' is not set in the domain section of sssd."
 "conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -8461,7 +8761,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:675
+#: sssd-ipa.5.xml:719
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -8469,7 +8769,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:682
+#: sssd-ipa.5.xml:726
 #, no-wrap
 msgid ""
 "[domain/example.com]\n"
@@ -9345,10 +9645,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:819
-#, fuzzy
-#| msgid "Default: 3"
 msgid "Default: 30 days"
-msgstr "По умолчанию: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:825
@@ -9359,10 +9657,10 @@ msgstr ""
 #: sssd-ad.5.xml:828
 msgid ""
 "This option should only be used to test the machine account renewal task. "
-"The option expect 2 integers seperated by a colon (':'). The first integer "
+"The option expects 2 integers separated by a colon (':'). The first integer "
 "defines the interval in seconds how often the task is run. The second "
-"specifies the inital timeout in seconds before the task is run for the first "
-"time after startup."
+"specifies the initial timeout in seconds before the task is run for the "
+"first time after startup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -9466,8 +9764,8 @@ msgid ""
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
+#. type: Content of: <reference><refentry><refmeta><refentrytitle>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
 msgid "sssd-sudo"
 msgstr ""
 
@@ -9790,12 +10088,12 @@ msgid "Run in the foreground, don't become a daemon."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117 sss_debuglevel.8.xml:42
+#: sssd.8.xml:117
 msgid "<option>-c</option>,<option>--config</option>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121 sss_debuglevel.8.xml:46
+#: sssd.8.xml:121
 msgid ""
 "Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
 "conf</filename>. For reference on the config file syntax and options, "
@@ -10221,10 +10519,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sss_override.8.xml:261 sssctl.8.xml:50
-#, fuzzy
-#| msgid "CONFIGURATION OPTIONS"
 msgid "COMMON OPTIONS"
-msgstr "ПАРАМЕТРЫ КОНФИГУРАЦИИ"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:263 sssctl.8.xml:52
@@ -11467,7 +11763,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_debuglevel.8.xml:16
-msgid "change debug level while SSSD is running"
+msgid "[DEPRECATED] change debug level while SSSD is running"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
@@ -11481,14 +11777,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_debuglevel.8.xml:32
 msgid ""
-"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
-"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
-"running."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_debuglevel.8.xml:59
-msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl "
+"debug-level command. Please refer to the <command>sssctl</command> man page "
+"for more information on sssctl usage."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
@@ -11885,7 +12176,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><title>
-#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:182 include/seealso.xml:2
+#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:180 include/seealso.xml:2
 msgid "SEE ALSO"
 msgstr "СМ. ТАКЖЕ"
 
@@ -12058,7 +12349,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: idmap_sss.8.xml:16
-msgid "SSSSD's idmap_sss Backend for Winbind"
+msgid "SSSD's idmap_sss Backend for Winbind"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
@@ -12070,10 +12361,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: idmap_sss.8.xml:29
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "IDMAP OPTIONS"
-msgstr "ОПЦИИ"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: idmap_sss.8.xml:33
@@ -12087,13 +12376,6 @@ msgid ""
 "authoritative."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><title>
-#: idmap_sss.8.xml:43
-#, fuzzy
-#| msgid "EXAMPLE"
-msgid "EXAMPLES"
-msgstr "ПРИМЕР"
-
 #. type: Content of: <reference><refentry><refsect1><para>
 #: idmap_sss.8.xml:45
 msgid ""
@@ -12259,20 +12541,53 @@ msgid ""
 "nested."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:69
+msgid "secrets"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:70
+msgid "secrets for general usage"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:73
+msgid "kcm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:75
+msgid ""
+"used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:61
+msgid ""
+"Since the secrets responder can be used both externally to store general "
+"secrets, as described in the rest of this man page, but also internally by "
+"other SSSD components to store their secret material, some configuration "
+"options, like quotas can be configured per <quote>hive</quote> in a "
+"configuration subsection named after the hive. The currently supported hives "
+"are: <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:63
+#: sssd-secrets.5.xml:89
 msgid "USING THE SECRETS RESPONDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:65
+#: sssd-secrets.5.xml:91
 msgid ""
 "The UNIX socket the SSSD responder listens on is located at <filename>/var/"
 "run/secrets.socket</filename>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:84 sssd-kcm.8.xml:132
+#: sssd-secrets.5.xml:110
 #, no-wrap
 msgid ""
 "systemctl start sssd-secrets.socket\n"
@@ -12282,7 +12597,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:69
+#: sssd-secrets.5.xml:95
 msgid ""
 "The secrets responder is socket-activated by <citerefentry> "
 "<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </"
@@ -12297,7 +12612,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:96
+#: sssd-secrets.5.xml:122
 msgid ""
 "The generic SSSD responder options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the secrets responder.  Please refer "
@@ -12306,18 +12621,27 @@ msgid ""
 "there are some secrets-specific options as well."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:132
+msgid ""
+"The secrets responder is configured with a global <quote>[secrets]</quote> "
+"section and an optional per-user <quote>[secrets/users/$uid]</quote> section "
+"in <filename>sssd.conf</filename>. Please note that some options, notably as "
+"the provider type, can only be specified in the per-user subsections."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:107
+#: sssd-secrets.5.xml:141
 msgid "provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:120
+#: sssd-secrets.5.xml:157
 msgid "local"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:123
+#: sssd-secrets.5.xml:160
 msgid ""
 "The secrets are stored in a local database, encrypted at rest with a master "
 "key. The local provider does not have any additional config options at the "
@@ -12325,153 +12649,190 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:131
+#: sssd-secrets.5.xml:168
 msgid "proxy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:134
+#: sssd-secrets.5.xml:171
 msgid ""
 "The secrets responder forwards the requests to a Custodia server. The proxy "
 "provider supports several additional options (see below)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:110
+#: sssd-secrets.5.xml:144
 msgid ""
 "This option specifies where should the secrets be stored. The secrets "
-"responder can configure a per-user subsections that define which provider "
-"store the secrets for this particular user. The per-user subsections should "
-"contain all options for that user's provider. If a per-user section does not "
-"exist, the global settings from the secret responder's section are used.  "
-"The following providers are supported: <placeholder type=\"variablelist\" id="
-"\"0\"/>"
+"responder can configure a per-user subsections (e.g. <quote>[secrets/"
+"users/123]</quote> - see bottom of this manual page for a full example using "
+"Custodia for a particular user) that define which provider store the secrets "
+"for this particular user. The per-user subsections should contain all "
+"options for that user's provider. Please note that currently the global "
+"provider is always local, the proxy provider can only be specified in a per-"
+"user section. The following providers are supported: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:143
-#, fuzzy
-#| msgid "Default: false"
+#: sssd-secrets.5.xml:180
 msgid "Default: local"
-msgstr "По умолчанию: false"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:186
+msgid ""
+"The following options affect only the secrets <quote>hive</quote> and "
+"therefore should be set in a per-hive subsection. Setting the option to 0 "
+"means \"unlimited\"."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:148
-#, fuzzy
-#| msgid "reconnection_retries (integer)"
+#: sssd-secrets.5.xml:192
 msgid "containers_nest_level (integer)"
-msgstr "попыток_соединения (целое число)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:151
+#: sssd-secrets.5.xml:195
 msgid "This option specifies the maximum allowed number of nested containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:155
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-secrets.5.xml:199
 msgid "Default: 4"
-msgstr "По умолчанию: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:160
-#, fuzzy
-#| msgid "reconnection_retries (integer)"
+#: sssd-secrets.5.xml:204
 msgid "max_secrets (integer)"
-msgstr "попыток_соединения (целое число)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:163
-msgid "This option specifies the maximum number of secrets that can be stored."
+#: sssd-secrets.5.xml:207
+msgid ""
+"This option specifies the maximum number of secrets that can be stored in "
+"the hive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:167
-#, fuzzy
-#| msgid "Default: 10"
-msgid "Default: 1024"
-msgstr "По умолчанию: 10"
+#: sssd-secrets.5.xml:211
+msgid "Default: 1024 (secrets hive), 256 (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:216
+msgid "max_uid_secrets (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:219
+msgid ""
+"This option specifies the maximum number of secrets that can be stored per-"
+"UID in the hive."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:223
+msgid "Default: 256 (secrets hive), 64 (kcm hive)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:172
+#: sssd-secrets.5.xml:228
 msgid "max_payload_size (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:175
+#: sssd-secrets.5.xml:231
 msgid ""
 "This option specifies the maximum payload size allowed for a secret payload "
 "in kilobytes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:179
-#, fuzzy
-#| msgid "Default: 1"
-msgid "Default: 16"
-msgstr "По умолчанию: 1"
+#: sssd-secrets.5.xml:235
+msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-secrets.5.xml:244
+#, no-wrap
+msgid ""
+"[secrets/secrets]\n"
+"max_payload_size = 128\n"
+"\n"
+"[secrets/kcm]\n"
+"max_payload_size = 256\n"
+"            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:241
+msgid ""
+"For example, to adjust quotas differently for both the <quote>secrets</"
+"quote> and the <quote>kcm</quote> hives, configure the following: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:185
+#: sssd-secrets.5.xml:252
 msgid ""
 "The following options are only applicable for configurations that use the "
 "<quote>proxy</quote> provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:190
+#: sssd-secrets.5.xml:257
 msgid "proxy_url (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:193
+#: sssd-secrets.5.xml:260
 msgid ""
 "The URL the Custodia server is listening on. At the moment, http and https "
 "protocols are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:200
+#: sssd-secrets.5.xml:267
 msgid "http[s]://&lt;host&gt;[:port]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:203
+#: sssd-secrets.5.xml:270
 msgid "Example: http://localhost:8080"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:208
+#: sssd-secrets.5.xml:275
 msgid "auth_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:211
+#: sssd-secrets.5.xml:278
 msgid ""
 "The method to use when authenticating to a Custodia server. The following "
 "authentication methods are supported:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:216
+#: sssd-secrets.5.xml:283
 msgid "basic_auth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:219
+#: sssd-secrets.5.xml:286
 msgid ""
 "Authenticate with a username and a password as set in the <quote>username</"
 "quote> and <quote>password</quote> options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:226
+#: sssd-secrets.5.xml:293
 msgid "header"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:229
+#: sssd-secrets.5.xml:296
 msgid ""
 "Authenticate with HTTP header value as defined in the "
 "<quote>auth_header_name</quote> and <quote>auth_header_value</quote> "
@@ -12479,12 +12840,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:240
+#: sssd-secrets.5.xml:307
 msgid "auth_header_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:243
+#: sssd-secrets.5.xml:310
 msgid ""
 "If set, the secrets responder would put a header with this name into the "
 "HTTP request with the value defined in the <quote>auth_header_value</quote> "
@@ -12492,81 +12853,81 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:248
+#: sssd-secrets.5.xml:315
 msgid "Example: MYSECRETNAME"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:253
+#: sssd-secrets.5.xml:320
 msgid "auth_header_value (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:256
+#: sssd-secrets.5.xml:323
 msgid ""
 "The value sssd-secrets would use for the <quote>auth_header_name</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:260
+#: sssd-secrets.5.xml:327
 msgid "Example: mysecret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:265
+#: sssd-secrets.5.xml:332
 msgid "forward_headers (list of strings)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:268
+#: sssd-secrets.5.xml:335
 msgid ""
 "The list of HTTP headers to forward to the Custodia server together with the "
 "request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:277
+#: sssd-secrets.5.xml:344
 msgid "verify_peer (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:280
+#: sssd-secrets.5.xml:347
 msgid ""
 "Whether peer's certificate should be verified and valid if HTTPS protocol is "
 "used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:289
+#: sssd-secrets.5.xml:356
 msgid "verify_host (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:292
+#: sssd-secrets.5.xml:359
 msgid ""
 "Whether peer's hostname must match with hostname in its certificate if HTTPS "
 "protocol is used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:302
+#: sssd-secrets.5.xml:369
 msgid "capath (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:305
+#: sssd-secrets.5.xml:372
 msgid ""
 "Path to directory containing stored certificate authority certificates. "
 "System default path is used if this option is not set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:315
+#: sssd-secrets.5.xml:382
 msgid "cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:318
+#: sssd-secrets.5.xml:385
 msgid ""
 "Path to file containing server's certificate authority certificate. If this "
 "option is not set then the CA's certificate is looked up in <quote>capath</"
@@ -12574,12 +12935,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:328
+#: sssd-secrets.5.xml:395
 msgid "cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:331
+#: sssd-secrets.5.xml:398
 msgid ""
 "Path to file containing client's certificate if required by the server. This "
 "file may also contain private key or the private key may be in separate file "
@@ -12587,22 +12948,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:342
+#: sssd-secrets.5.xml:409
 msgid "key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:345
+#: sssd-secrets.5.xml:412
 msgid "Path to file containing client's private key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:355
+#: sssd-secrets.5.xml:422
 msgid "USING THE REST API"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:357
+#: sssd-secrets.5.xml:424
 msgid ""
 "This section lists the available commands and includes examples using the "
 "<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> "
@@ -12617,19 +12978,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:374
+#: sssd-secrets.5.xml:441
 msgid "Listing secrets"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:377
+#: sssd-secrets.5.xml:444
 msgid ""
 "To list the available secrets, send a HTTP GET request with a trailing slash "
 "appended to the container path."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:383
+#: sssd-secrets.5.xml:450
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12639,19 +13000,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:391
+#: sssd-secrets.5.xml:458
 msgid "Retrieving a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:394
+#: sssd-secrets.5.xml:461
 msgid ""
 "To read a value of a single secret, send a HTTP GET request without a "
 "trailing slash. The last portion of the URI is the name of the secret."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:401
+#: sssd-secrets.5.xml:468
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12661,7 +13022,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:406
+#: sssd-secrets.5.xml:473
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -12671,19 +13032,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:399
+#: sssd-secrets.5.xml:466
 msgid ""
 "Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
 "\"programlisting\" id=\"1\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:414
+#: sssd-secrets.5.xml:481
 msgid "Setting a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:417
+#: sssd-secrets.5.xml:484
 msgid ""
 "To set a secret using the <quote>application/json</quote> type, send a HTTP "
 "PUT request with a JSON payload that includes type and value. The type "
@@ -12692,14 +13053,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:425
+#: sssd-secrets.5.xml:492
 msgid ""
 "The <quote>application/json</quote> type just sends the secret as the "
 "message payload."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:434
+#: sssd-secrets.5.xml:501
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12710,7 +13071,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:440
+#: sssd-secrets.5.xml:507
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -12721,7 +13082,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:429
+#: sssd-secrets.5.xml:496
 msgid ""
 "The following example sets a secret named 'foo' to a value of 'foosecret' "
 "and a secret named 'bar' to a value of 'barsecret' using a different Content "
@@ -12730,12 +13091,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:449
+#: sssd-secrets.5.xml:516
 msgid "Creating a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:452
+#: sssd-secrets.5.xml:519
 msgid ""
 "Containers provide an additional namespace for this user's secrets. To "
 "create a container, send a HTTP POST request, whose URI ends with the "
@@ -12743,7 +13104,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:462
+#: sssd-secrets.5.xml:529
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12753,14 +13114,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:459
+#: sssd-secrets.5.xml:526
 msgid ""
 "The following example creates a container named 'mycontainer': <placeholder "
 "type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:471
+#: sssd-secrets.5.xml:538
 #, no-wrap
 msgid ""
 "http://localhost/secrets/mycontainer/mysecret\n"
@@ -12768,26 +13129,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:468
+#: sssd-secrets.5.xml:535
 msgid ""
 "To manipulate secrets under this container, just nest the secrets underneath "
 "the container path: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:477
+#: sssd-secrets.5.xml:544
 msgid "Deleting a secret or a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:480
+#: sssd-secrets.5.xml:547
 msgid ""
 "To delete a secret or a container, send a HTTP DELETE request with a path to "
 "the secret or the container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:486
+#: sssd-secrets.5.xml:553
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12797,19 +13158,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:484
+#: sssd-secrets.5.xml:551
 msgid ""
 "The following example deletes a secret named 'foo'.  <placeholder type="
 "\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:496
+#: sssd-secrets.5.xml:563
 msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:498
+#: sssd-secrets.5.xml:565
 msgid ""
 "For testing the proxy provider, you need to set up a Custodia server to "
 "proxy requests to. Please always consult the Custodia documentation, the "
@@ -12817,7 +13178,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:509
+#: sssd-secrets.5.xml:576
 #, no-wrap
 msgid ""
 "[global]\n"
@@ -12847,7 +13208,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:503
+#: sssd-secrets.5.xml:570
 msgid ""
 "This configuration will set up a Custodia server listening on http://"
 "localhost:8080, allowing anyone with header named MYSECRETNAME set to "
@@ -12857,14 +13218,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:535
+#: sssd-secrets.5.xml:602
 msgid ""
 "Then run the <replaceable>custodia</replaceable> command, pointing it at the "
 "config file as a command line argument."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:539
+#: sssd-secrets.5.xml:606
 msgid ""
 "Please note that currently it's not possible to proxy all requests globally "
 "to a Custodia instance. Instead, per-user subsections for user IDs that "
@@ -12875,7 +13236,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><programlisting>
-#: sssd-secrets.5.xml:547
+#: sssd-secrets.5.xml:614
 #, no-wrap
 msgid ""
 "[secrets]\n"
@@ -12890,6 +13251,71 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-session-recording.5.xml:16
+msgid "sssd-session-recording"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-session-recording.5.xml:17
+msgid "Configuring session recording with SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:23
+msgid ""
+"This manual page describes how to configure <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to "
+"implement user session recording on text terminals.  For a detailed "
+"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> "
+"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:41
+msgid ""
+"SSSD can be set up to enable recording of everything specific users see or "
+"type during their sessions on text terminals. E.g.  when users log in on the "
+"console, or via SSH. SSSD itself doesn't record anything, but makes sure "
+"tlog-rec-session is started upon user login, so it can record according to "
+"its configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:48
+msgid ""
+"For users with session recording enabled, SSSD replaces the user shell with "
+"tlog-rec-session in NSS responses, and adds a variable specifying the "
+"original shell to the user environment, upon PAM session setup. This way "
+"tlog-rec-session can be started in place of the user shell, and know which "
+"actual shell to start, once it set up the recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:60
+msgid "These options can be used to configure the session recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:146
+msgid ""
+"The following snippet of sssd.conf enables session recording for users "
+"\"contractor1\" and \"contractor2\", and group \"students\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-session-recording.5.xml:151
+#, no-wrap
+msgid ""
+"[session_recording]\n"
+"scope = some\n"
+"users = contractor1, contractor2\n"
+"groups = students\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
 msgid "sssd-kcm"
 msgstr ""
@@ -13006,7 +13432,6 @@ msgstr ""
 msgid ""
 "systemctl start sssd-kcm.socket\n"
 "systemctl enable sssd-kcm.socket\n"
-"systemctl enable sssd-kcm.service\n"
 "            "
 msgstr ""
 
@@ -13023,12 +13448,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-kcm.8.xml:123
+#: sssd-kcm.8.xml:122
 msgid "THE CREDENTIAL CACHE STORAGE"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:131
+#, no-wrap
+msgid ""
+"systemctl start sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.socket\n"
+"            "
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:125
+#: sssd-kcm.8.xml:124
 msgid ""
 "The credential caches are stored in the SSSD secrets service (see "
 "<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
@@ -13039,7 +13473,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:143
+#: sssd-kcm.8.xml:141
 msgid ""
 "The KCM service is configured in the <quote>kcm</quote> section of the sssd."
 "conf file. Please note that currently, is it not sufficient to restart the "
@@ -13052,7 +13486,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:157
+#: sssd-kcm.8.xml:155
 msgid ""
 "The generic SSSD service options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the kcm service.  Please refer to "
@@ -13062,28 +13496,408 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-kcm.8.xml:168
+#: sssd-kcm.8.xml:166
 msgid "socket_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:171
+#: sssd-kcm.8.xml:169
 msgid "The socket the KCM service will listen on."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:174
+#: sssd-kcm.8.xml:172
 msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:184
+#: sssd-kcm.8.xml:182
 msgid ""
 "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>,"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
+msgid "sssd-systemtap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-systemtap.5.xml:17
+msgid "SSSD systemtap information"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:23
+msgid ""
+"This manual page provides information about the systemtap functionality in "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:32
+msgid ""
+"SystemTap Probe points have been added into various locations in SSSD code "
+"to assist in troubleshooting and analyzing performance related issues."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:40
+msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:46
+msgid ""
+"Probes and miscellaneous functions are defined in /usr/share/systemtap/"
+"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp "
+"respectively."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-systemtap.5.xml:57
+msgid "PROBE POINTS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:341
+msgid ""
+"The information below lists the probe points and arguments available in the "
+"following format:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:64
+msgid "probe $name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:67
+msgid "Description of probe point"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:70
+#, no-wrap
+msgid ""
+"variable1:datatype\n"
+"variable2:datatype\n"
+"variable3:datatype\n"
+"...\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:80
+msgid "Database Transaction Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:84
+msgid "probe sssd_transaction_start"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:87
+msgid ""
+"Start of a sysdb transaction, probes the sysdb_transaction_start() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118
+#: sssd-systemtap.5.xml:131
+#, no-wrap
+msgid ""
+"nesting:integer\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:97
+msgid "probe sssd_transaction_cancel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:100
+msgid ""
+"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel()  "
+"function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:111
+msgid "probe sssd_transaction_commit_before"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:114
+msgid "Probes the sysdb_transaction_commit_before()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:124
+msgid "probe sssd_transaction_commit_after"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:127
+msgid "Probes the sysdb_transaction_commit_after()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:141
+msgid "LDAP Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:145
+msgid "probe sdap_search_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:148
+msgid "Probes the sdap_get_generic_ext_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:152 sssd-systemtap.5.xml:167 sssd-systemtap.5.xml:196
+#, no-wrap
+msgid ""
+"base:string\n"
+"scope:integer\n"
+"filter:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:160
+msgid "probe sdap_search_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:163
+msgid "Probes the sdap_get_generic_ext_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:175
+msgid "probe sdap_deref_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:178
+msgid "Probes the sdap_deref_search_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:182
+#, no-wrap
+msgid ""
+"base_dn:string\n"
+"deref_attr:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:189
+msgid "probe sdap_deref_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:192
+msgid "Probes the sdap_deref_search_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:208
+msgid "LDAP Account Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:212
+msgid "probe sdap_acct_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:215
+msgid "Probes the sdap_acct_req_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:219 sssd-systemtap.5.xml:234
+#, no-wrap
+msgid ""
+"entry_type:int\n"
+"filter_type:int\n"
+"filter_value:string\n"
+"extra_value:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:227
+msgid "probe sdap_acct_req_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:230
+msgid "Probes the sdap_acct_req_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:246
+msgid "LDAP User Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:250
+msgid "probe sdap_search_user_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:253
+msgid "Probes the sdap_search_user_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
+#: sssd-systemtap.5.xml:293
+#, no-wrap
+msgid ""
+"filter:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:262
+msgid "probe sdap_search_user_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:265
+msgid "Probes the sdap_search_user_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:274
+msgid "probe sdap_search_user_save_begin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:277
+msgid "Probes the sdap_search_user_save_begin()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:286
+msgid "probe sdap_search_user_save_end"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:289
+msgid "Probes the sdap_search_user_save_end()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:302
+msgid "Data Provider Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:306
+msgid "probe dp_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:309
+msgid "A Data Provider request is submitted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:312
+#, no-wrap
+msgid ""
+"dp_req_domain:string\n"
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:320
+msgid "probe dp_req_done"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:323
+msgid "A Data Provider request is completed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:326
+#, no-wrap
+msgid ""
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"dp_ret:int\n"
+"dp_errorstr:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:339
+msgid "MISCELLANEOUS FUNCTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:346
+msgid "function acct_req_desc(entry_type)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:349
+msgid "Convert entry_type to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:354
+msgid ""
+"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
+"filter_value, extra_value)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:358
+msgid "Create probe string based on filter type"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:363
+msgid "function dp_target_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:366
+msgid "Convert target to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:371
+msgid "function dp_method_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:374
+msgid "Convert method to string and return string"
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
 msgid "SERVICE DISCOVERY"
@@ -13233,6 +14047,67 @@ msgid ""
 "offline mode, and then attempts to reconnect every 30 seconds."
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:53
+msgid "Failover time outs and tuning"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:55
+msgid ""
+"Resolving a server to connect to can be as simple as running a single DNS "
+"query or can involve several steps, such as finding the correct site or "
+"trying out multiple host names in case some of the configured servers are "
+"not reachable. The more complex scenarios can take some time and SSSD needs "
+"to balance between providing enough time to finish the resolution process "
+"but on the other hand, not trying for too long before falling back to "
+"offline mode. If the SSSD debug logs show that the server resolution is "
+"timing out before a live server is contacted, you can consider changing the "
+"time outs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:76
+msgid "dns_resolver_op_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:80
+msgid "How long would SSSD talk to a single DNS server."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:86
+msgid "dns_resolver_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:90
+msgid ""
+"How long would SSSD try to resolve a failover service. This service "
+"resolution internally might include several steps, such as resolving DNS SRV "
+"queries or locating the site."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:67
+msgid ""
+"This section lists the available tunables. Please refer to their description "
+"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, manual page.  <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:100
+msgid ""
+"For LDAP-based providers, the resolve operation is performed as part of an "
+"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"quote> timeout should be set to a larger value than "
+"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
+"value than <quote>dns_resolver_op_timeout</quote>."
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/ldap_id_mapping.xml:2
 msgid "ID MAPPING"
@@ -13812,34 +14687,37 @@ msgid ""
 "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> "
 "<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+"citerefentry>, </phrase> <citerefentry> <refentrytitle>sssd-session-"
+"recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, "
+"<citerefentry> <refentrytitle>sss_cache</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
-"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
+"\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
 "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>.  <citerefentry> "
 "<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
+"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
+"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> </phrase>"
 msgstr ""
 
 #. type: Content of: <listitem><para>
@@ -14130,42 +15008,37 @@ msgstr ""
 msgid "ldap_user_auth_type = ipaUserAuthType"
 msgstr ""
 
-#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:88
-msgid "ldap_user_certificate = userCertificate;binary"
-msgstr ""
-
 #. type: Content of: <refsect1><refsect2><title>
-#: include/ipa_modified_defaults.xml:94
+#: include/ipa_modified_defaults.xml:89
 msgid "LDAP Provider - Group options"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:98
+#: include/ipa_modified_defaults.xml:93
 msgid "ldap_group_object_class = ipaUserGroup"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:103
+#: include/ipa_modified_defaults.xml:98
 msgid "ldap_group_object_class_alt = posixGroup"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:108
+#: include/ipa_modified_defaults.xml:103
 msgid "ldap_group_member = member"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:113
+#: include/ipa_modified_defaults.xml:108
 msgid "ldap_group_uuid = ipaUniqueID"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:118
+#: include/ipa_modified_defaults.xml:113
 msgid "ldap_group_objectsid = ipaNTSecurityIdentifier"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:123
+#: include/ipa_modified_defaults.xml:118
 msgid "ldap_group_external_member = ipaExternalMember"
 msgstr ""
diff --git a/src/man/po/sssd-docs.pot b/src/man/po/sssd-docs.pot
index 41ebdee83..d6f6ac3b7 100644
--- a/src/man/po/sssd-docs.pot
+++ b/src/man/po/sssd-docs.pot
@@ -6,9 +6,9 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.15.3\n"
+"Project-Id-Version: sssd-docs 1.15.4\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2017-07-25 11:51+0200\n"
+"POT-Creation-Date: 2017-10-20 16:15+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -18,7 +18,7 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 
 #. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sss-certmap.5.xml:5 sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_override.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5 sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-kcm.8.xml:5
+#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sss-certmap.5.xml:5 sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_override.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5 sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-session-recording.5.xml:5 sssd-kcm.8.xml:5 sssd-systemtap.5.xml:5
 msgid "SSSD Manual pages"
 msgstr ""
 
@@ -46,7 +46,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:57 sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sss-certmap.5.xml:21 sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30 sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-kcm.8.xml:21
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:57 sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sss-certmap.5.xml:21 sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30 sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-session-recording.5.xml:21 sssd-kcm.8.xml:21 sssd-systemtap.5.xml:21
 msgid "DESCRIPTION"
 msgstr ""
 
@@ -58,7 +58,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58 sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 sss_cache.8.xml:39 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58 sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr ""
 
@@ -98,12 +98,12 @@ msgid "sssd.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 sssd-files.5.xml:11 sssd-secrets.5.xml:11
+#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 sssd-files.5.xml:11 sssd-secrets.5.xml:11 sssd-session-recording.5.xml:11 sssd-systemtap.5.xml:11
 msgid "5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-kcm.8.xml:12
+#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-session-recording.5.xml:12 sssd-kcm.8.xml:12 sssd-systemtap.5.xml:12
 msgid "File Formats and Conventions"
 msgstr ""
 
@@ -254,7 +254,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:813 sssd.conf.5.xml:1422 sssd-ldap.5.xml:1695 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1854 sssd-ldap.5.xml:2411 sssd-ldap.5.xml:2476 sssd-ldap.5.xml:2494 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862 sssd-krb5.5.xml:499 sssd-secrets.5.xml:284 sssd-secrets.5.xml:297
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837 sssd.conf.5.xml:1467 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1819 sssd-ldap.5.xml:1881 sssd-ldap.5.xml:2447 sssd-ldap.5.xml:2512 sssd-ldap.5.xml:2530 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862 sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr ""
 
@@ -271,12 +271,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:697 sssd.conf.5.xml:1376 sssd.conf.5.xml:2691 sssd-ldap.5.xml:708 sssd-ldap.5.xml:1569 sssd-ldap.5.xml:1588 sssd-ldap.5.xml:1764 sssd-ldap.5.xml:2181 sssd-ipa.5.xml:144 sssd-ipa.5.xml:231 sssd-ipa.5.xml:496 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721 sssd.conf.5.xml:1400 sssd.conf.5.xml:2865 sssd-ldap.5.xml:708 sssd-ldap.5.xml:1596 sssd-ldap.5.xml:1615 sssd-ldap.5.xml:1791 sssd-ldap.5.xml:2217 sssd-ipa.5.xml:145 sssd-ipa.5.xml:232 sssd-ipa.5.xml:540 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
 msgid "Default: false"
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2219
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2255 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:210 sssd-systemtap.5.xml:248 sssd-systemtap.5.xml:304
 msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
@@ -299,7 +299,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1328 sssd.conf.5.xml:2707 sssd-ldap.5.xml:1440 include/ldap_id_mapping.xml:264
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1352 sssd.conf.5.xml:2881 sssd-ldap.5.xml:1467 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr ""
 
@@ -314,7 +314,7 @@ msgid "The [sssd] section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:2796
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:2970
 msgid "Section parameters"
 msgstr ""
 
@@ -363,19 +363,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:589
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
 msgid "reconnection_retries (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:592
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:597
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
 msgid "Default: 3"
 msgstr ""
 
@@ -395,7 +395,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2508
 msgid "re_expression (string)"
 msgstr ""
 
@@ -415,12 +415,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2391
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2559
 msgid "full_name_format (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2394
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2562
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> "
 "<manvolnum>3</manvolnum> </citerefentry>-compatible format that describes "
@@ -429,39 +429,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2405
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2573
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2574
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2577
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2412
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2580
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2418
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2586
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2421
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2589
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2402
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2570
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -585,7 +585,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1132 sssd-ldap.5.xml:679 sssd-ldap.5.xml:1528 sssd-ldap.5.xml:1540 sssd-ldap.5.xml:1622 sssd-ad.5.xml:667 sssd-ad.5.xml:742 sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 sssd-secrets.5.xml:272 sssd-secrets.5.xml:310 sssd-secrets.5.xml:323 sssd-secrets.5.xml:337 sssd-secrets.5.xml:348 include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1156 sssd-ldap.5.xml:679 sssd-ldap.5.xml:1555 sssd-ldap.5.xml:1567 sssd-ldap.5.xml:1649 sssd-ad.5.xml:667 sssd-ad.5.xml:742 sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
 msgid "Default: not set"
 msgstr ""
 
@@ -754,8 +754,25 @@ msgid ""
 "be looked up in a random order for each parent domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:563
+msgid ""
+"Please, note that when this option is set the output format of all commands "
+"is always fully-qualified even when using short names for input.  In case "
+"the administrator wants the output not fully-qualified, the full_name_format "
+"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
+"However, keep in mind that during login, login applications often "
+"canonicalize the username by calling <citerefentry> "
+"<refentrytitle>getpwnam</refentrytitle> <manvolnum>3</manvolnum> "
+"</citerefentry> which, if a shortname is returned for a qualified input "
+"(while trying to reach a user which exists in multiple domains) might "
+"re-route the login attempt into the domain which users shortnames, making "
+"this workaround totally not recommended in cases where usernames may overlap "
+"between domains."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563 sssd.conf.5.xml:1340 sssd.conf.5.xml:2757 sssd-ad.5.xml:148 sssd-ad.5.xml:286 sssd-ad.5.xml:300
+#: sssd.conf.5.xml:587 sssd.conf.5.xml:1364 sssd.conf.5.xml:2931 sssd-ad.5.xml:148 sssd-ad.5.xml:286 sssd-ad.5.xml:300
 msgid "Default: Not set"
 msgstr ""
 
@@ -771,12 +788,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:574
+#: sssd.conf.5.xml:598
 msgid "SERVICES SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:600
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -785,22 +802,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:607
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:609
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:626
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:605
+#: sssd.conf.5.xml:629
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -810,17 +827,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:614
+#: sssd.conf.5.xml:638
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:643
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:646
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -830,17 +847,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:631 sssd.conf.5.xml:663 sssd.conf.5.xml:944 sssd.conf.5.xml:1198 sssd-ldap.5.xml:1267
+#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968 sssd.conf.5.xml:1222 sssd-ldap.5.xml:1294
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:660
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:663
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -848,24 +865,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:670
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:673
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:678
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:681
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -873,12 +890,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:692
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:695
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -890,58 +907,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685 sssd.conf.5.xml:956 sssd.conf.5.xml:1514 sssd-ldap.5.xml:722
+#: sssd.conf.5.xml:709 sssd.conf.5.xml:980 sssd.conf.5.xml:1559 sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:690
+#: sssd.conf.5.xml:714
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:717
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:729
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:731
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) "
 "service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:712
+#: sssd.conf.5.xml:736
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715
+#: sssd.conf.5.xml:739
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:719
+#: sssd.conf.5.xml:743
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:748
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
+#: sssd.conf.5.xml:751
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -949,7 +966,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:733
+#: sssd.conf.5.xml:757
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -959,7 +976,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:767
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -968,17 +985,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:775 sssd.conf.5.xml:1421
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:780
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:783
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -986,34 +1003,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:765 sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:789 sssd.conf.5.xml:1445
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:770
+#: sssd.conf.5.xml:794
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:773
+#: sssd.conf.5.xml:797
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778 sssd.conf.5.xml:1186 sssd.conf.5.xml:2641 sssd.8.xml:79
+#: sssd.conf.5.xml:802 sssd.conf.5.xml:1210 sssd.conf.5.xml:2815 sssd.8.xml:79
 msgid "Default: 0"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:807
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:786
+#: sssd.conf.5.xml:810
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1022,7 +1039,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:817
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1031,39 +1048,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:801
+#: sssd.conf.5.xml:825
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:830
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:833
 msgid "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:820
+#: sssd.conf.5.xml:844
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:847
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:852
 msgid "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:834
+#: sssd.conf.5.xml:858
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1071,22 +1088,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1265 sssd.conf.5.xml:1284 sssd-krb5.5.xml:539 include/override_homedir.xml:59
+#: sssd.conf.5.xml:856 sssd.conf.5.xml:1289 sssd.conf.5.xml:1308 sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:862
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:868
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:871
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1094,46 +1111,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:877
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:883
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:886
 msgid "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:889
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:869
+#: sssd.conf.5.xml:893
 msgid ""
 "2. If the shell is in the allowed_shells list but not in "
 "<quote>/etc/shells</quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:898
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in "
 "<quote>/etc/shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:879
+#: sssd.conf.5.xml:903
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:906
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1141,56 +1158,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:913
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:892
+#: sssd.conf.5.xml:916
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:920
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:925
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:904
+#: sssd.conf.5.xml:928
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:909
+#: sssd.conf.5.xml:933
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:936
 msgid ""
 "The default shell to use if an allowed shell is not installed on the "
 "machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:940
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:945
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:948
 msgid ""
 "The default shell to use if the provider does not return one during "
 "lookup. This option can be specified globally in the [nss] section or "
@@ -1198,50 +1215,50 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:954
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:937 sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:961 sssd.conf.5.xml:1215
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1218
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:973
 msgid "memcache_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:952
+#: sssd.conf.5.xml:976
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:983
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:967 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:991 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:994
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1253,96 +1270,96 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1007
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1012
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:993
+#: sssd.conf.5.xml:1017
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:996
+#: sssd.conf.5.xml:1020
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1025 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1004
+#: sssd.conf.5.xml:1028
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1012
+#: sssd.conf.5.xml:1036
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1038
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1043
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1022
+#: sssd.conf.5.xml:1046
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027 sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1051 sssd.conf.5.xml:1064
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1057
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1060
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1070
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1073
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1078
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1350,122 +1367,122 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1084 sssd.conf.5.xml:1182
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1090
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1093
 msgid ""
 "Controls what kind of messages are shown to the user during "
 "authentication. The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1098
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1101
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1104
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1108
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1111
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.8.xml:63
+#: sssd.conf.5.xml:1115 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1121
 msgid "pam_response_filter (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1124
 msgid ""
-"A comma separated list of strings which allows to remove (filter) data send "
+"A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
-"responses send to pam_sss e.g. messages displayed to the user or environment "
+"responses sent to pam_sss e.g. messages displayed to the user or environment "
 "variables which should be set by pam_sss."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1132
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1139
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1116
-msgid "Do not sent any environment variables to any service."
+#: sssd.conf.5.xml:1140
+msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1143
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
-msgid "Do not sent environment variable var_name to any service."
+#: sssd.conf.5.xml:1144
+msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1148
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1125
-msgid "Do not sent environment variable var_name to service."
+#: sssd.conf.5.xml:1149
+msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1137
 msgid ""
 "Currently the following filters are supported: <placeholder "
 "type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1159
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1165
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1168
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1473,7 +1490,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1174
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a "
@@ -1483,17 +1500,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1188
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1167 sssd.conf.5.xml:1866
+#: sssd.conf.5.xml:1191 sssd.conf.5.xml:2010
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1194
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1501,7 +1518,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1869
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2013
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be "
@@ -1509,19 +1526,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1205
 msgid ""
 "This setting can be overridden by setting "
 "<emphasis>pwd_expiration_warning</emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1227
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1206
+#: sssd.conf.5.xml:1230
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1531,72 +1548,72 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1240
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1220
+#: sssd.conf.5.xml:1244
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1251
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1254
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1258
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1238
+#: sssd.conf.5.xml:1262
 msgid "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1242
+#: sssd.conf.5.xml:1266
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1246 sssd.conf.5.xml:1271 sssd.conf.5.xml:1290 sssd.conf.5.xml:1663 sssd.conf.5.xml:2577 sssd-ldap.5.xml:1823
+#: sssd.conf.5.xml:1270 sssd.conf.5.xml:1295 sssd.conf.5.xml:1314 sssd.conf.5.xml:1807 sssd.conf.5.xml:2751 sssd-ldap.5.xml:1850
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1275
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1254
+#: sssd.conf.5.xml:1278
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1283
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:1291
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1604,19 +1621,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1276
+#: sssd.conf.5.xml:1300
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1303
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1310
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1624,12 +1641,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1319
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1322
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1637,56 +1654,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1304 sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1078 sssd-ldap.5.xml:1369 sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1896 include/ldap_id_mapping.xml:244
+#: sssd.conf.5.xml:1328 sssd-ldap.5.xml:1078 sssd-ldap.5.xml:1105 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1417 sssd-ldap.5.xml:1923 include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1309
+#: sssd.conf.5.xml:1333
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1312
+#: sssd.conf.5.xml:1336
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1340
 msgid "Default: /etc/pki/nssdb (NSS version)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1345
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1348
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1357
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1360
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1349
+#: sssd.conf.5.xml:1373
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1351
+#: sssd.conf.5.xml:1375
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> "
@@ -1698,34 +1715,50 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1392
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1371
+#: sssd.conf.5.xml:1395
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1407
+msgid "sudo_threshold (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1410
+msgid ""
+"Maximum number of expired rules that can be refreshed at once. If number of "
+"expired rules is below threshold, those rules are refreshed with "
+"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
+"<quote>full refresh</quote> of sudo rules is triggered instead. This "
+"threshold number also applies to IPA sudo command and command group "
+"searches."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1429
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1431
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1390
+#: sssd.conf.5.xml:1435
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1393
+#: sssd.conf.5.xml:1438
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1733,68 +1766,68 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1409
+#: sssd.conf.5.xml:1454
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1411
+#: sssd.conf.5.xml:1456
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1415
+#: sssd.conf.5.xml:1460
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1463
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1427
+#: sssd.conf.5.xml:1472
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430
+#: sssd.conf.5.xml:1475
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1434
+#: sssd.conf.5.xml:1479
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1484
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1487
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1447
+#: sssd.conf.5.xml:1492
 msgid "Default: /etc/pki/nssdb"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1455
+#: sssd.conf.5.xml:1500
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1457
+#: sssd.conf.5.xml:1502
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1805,7 +1838,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1466
+#: sssd.conf.5.xml:1511
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1816,24 +1849,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1519
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1525
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1484 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1529 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1487
+#: sssd.conf.5.xml:1532
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1841,12 +1874,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1538
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1497
+#: sssd.conf.5.xml:1542
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -1855,29 +1888,143 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
+#: sssd.conf.5.xml:1551
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1554
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1567
+msgid "Session recording configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1569
+msgid ""
+"Session recording works in conjunction with <citerefentry> "
+"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>, a part of tlog package, to log what users see and type when "
+"they log in on a text terminal.  See also <citerefentry> "
+"<refentrytitle>sssd-session-recording</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1582
+msgid "These options can be used to configure session recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1586 sssd-session-recording.5.xml:64
+msgid "scope (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:71
+msgid "\"none\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:74
+msgid "No users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1601 sssd-session-recording.5.xml:79
+msgid "\"some\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1604 sssd-session-recording.5.xml:82
+msgid ""
+"Users/groups specified by <replaceable>users</replaceable> and "
+"<replaceable>groups</replaceable> options are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1613 sssd-session-recording.5.xml:91
+msgid "\"all\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1616 sssd-session-recording.5.xml:94
+msgid "All users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1589 sssd-session-recording.5.xml:67
+msgid ""
+"One of the following strings specifying the scope of session recording: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:101
+msgid "Default: \"none\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1628 sssd-session-recording.5.xml:106
+msgid "users (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1631 sssd-session-recording.5.xml:109
+msgid ""
+"A comma-separated list of users which should have session recording "
+"enabled. Matches user names as returned by NSS. I.e. after the possible "
+"space replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1637 sssd-session-recording.5.xml:115
+msgid "Default: Empty. Matches no users."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1642 sssd-session-recording.5.xml:120
+msgid "groups (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1645 sssd-session-recording.5.xml:123
+msgid ""
+"A comma-separated list of groups, members of which should have session "
+"recording enabled. Matches group names as returned by NSS. I.e. after the "
+"possible space replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1651 sssd-session-recording.5.xml:129
+msgid ""
+"NOTE: using this option (having it set to anything) has a considerable "
+"performance cost, because each uncached request for a user requires "
+"retrieving and matching the groups the user is member of."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:136
+msgid "Default: Empty. Matches no groups."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1668
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1531
+#: sssd.conf.5.xml:1675
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1534
+#: sssd.conf.5.xml:1678
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -1886,14 +2033,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1542
+#: sssd.conf.5.xml:1686
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546
+#: sssd.conf.5.xml:1690
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -1902,38 +2049,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1698
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1702
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1562
+#: sssd.conf.5.xml:1706
 msgid "Default: posix"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1568
+#: sssd.conf.5.xml:1712
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1715
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1720
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For "
@@ -1942,46 +2089,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1727
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1731
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1737
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596
+#: sssd.conf.5.xml:1740
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1744
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603
+#: sssd.conf.5.xml:1747
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1821 sssd.conf.5.xml:1988
+#: sssd.conf.5.xml:1750 sssd.conf.5.xml:1965 sssd.conf.5.xml:2132
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1609
+#: sssd.conf.5.xml:1753
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1993,14 +2140,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1766
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1771
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2009,39 +2156,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:1779
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1643
+#: sssd.conf.5.xml:1787
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1650
+#: sssd.conf.5.xml:1794
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1651
+#: sssd.conf.5.xml:1795
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1798
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1799
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1790
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2050,19 +2197,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1813
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672
+#: sssd.conf.5.xml:1816
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1820
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2073,150 +2220,150 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1689
+#: sssd.conf.5.xml:1833
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1695
+#: sssd.conf.5.xml:1839
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1698
+#: sssd.conf.5.xml:1842
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1702 sssd.conf.5.xml:1715 sssd.conf.5.xml:1728 sssd.conf.5.xml:1741 sssd.conf.5.xml:1754 sssd.conf.5.xml:1768 sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1846 sssd.conf.5.xml:1859 sssd.conf.5.xml:1872 sssd.conf.5.xml:1885 sssd.conf.5.xml:1898 sssd.conf.5.xml:1912 sssd.conf.5.xml:1926
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1708
+#: sssd.conf.5.xml:1852
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1711
+#: sssd.conf.5.xml:1855
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1721
+#: sssd.conf.5.xml:1865
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1868
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1878
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1881
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1891
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1750
+#: sssd.conf.5.xml:1894
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1760
+#: sssd.conf.5.xml:1904
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1763
+#: sssd.conf.5.xml:1907
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1774
+#: sssd.conf.5.xml:1918
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1921
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1932
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1791
+#: sssd.conf.5.xml:1935
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1796
+#: sssd.conf.5.xml:1940
 msgid ""
 "The background refresh will process users, groups and netgroups in the "
 "cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1944
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1804 sssd-ldap.5.xml:746 sssd-ipa.5.xml:247
+#: sssd.conf.5.xml:1948 sssd-ldap.5.xml:746 sssd-ipa.5.xml:248
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1810
+#: sssd.conf.5.xml:1954
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1957
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1961
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1827
+#: sssd.conf.5.xml:1971
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1830
+#: sssd.conf.5.xml:1974
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2224,24 +2371,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1981
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1986
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1992
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1995
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2250,17 +2397,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1858
+#: sssd.conf.5.xml:2002
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:2007
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1874
+#: sssd.conf.5.xml:2018
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2269,34 +2416,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1881
+#: sssd.conf.5.xml:2025
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:2031
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2034
 msgid ""
 "The identification provider used for the domain.  Supported ID providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1894
+#: sssd.conf.5.xml:2038
 msgid "<quote>proxy</quote>: Support a legacy NSS provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897 sssd.conf.5.xml:2034
+#: sssd.conf.5.xml:2041 sssd.conf.5.xml:2178
 msgid "<quote>local</quote>: SSSD internal provider for local users"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:2045
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -2304,7 +2451,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1909 sssd.conf.5.xml:2014 sssd.conf.5.xml:2069 sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2053 sssd.conf.5.xml:2158 sssd.conf.5.xml:2213 sssd.conf.5.xml:2276
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2313,7 +2460,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1918 sssd.conf.5.xml:2023 sssd.conf.5.xml:2078 sssd.conf.5.xml:2141
+#: sssd.conf.5.xml:2062 sssd.conf.5.xml:2167 sssd.conf.5.xml:2222 sssd.conf.5.xml:2285
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> "
@@ -2321,19 +2468,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2073
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:2076
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2081
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified "
 "names. For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2342,7 +2489,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1945
+#: sssd.conf.5.xml:2089
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2350,22 +2497,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1952
+#: sssd.conf.5.xml:2096
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2102
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1961
+#: sssd.conf.5.xml:2105
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2108
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2377,7 +2524,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1982
+#: sssd.conf.5.xml:2126
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2385,19 +2532,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1993
+#: sssd.conf.5.xml:2137
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1996
+#: sssd.conf.5.xml:2140
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000 sssd.conf.5.xml:2062
+#: sssd.conf.5.xml:2144 sssd.conf.5.xml:2206
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -2405,7 +2552,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2007
+#: sssd.conf.5.xml:2151
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
@@ -2413,29 +2560,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2175
 msgid "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2182
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2041
+#: sssd.conf.5.xml:2185
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2191
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2194
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2443,19 +2590,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
+#: sssd.conf.5.xml:2200
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059
+#: sssd.conf.5.xml:2203
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2086
+#: sssd.conf.5.xml:2230
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> "
@@ -2464,7 +2611,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2093
+#: sssd.conf.5.xml:2237
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> "
@@ -2473,29 +2620,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2244
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2247
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2108
+#: sssd.conf.5.xml:2252
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2111
+#: sssd.conf.5.xml:2255
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2116
+#: sssd.conf.5.xml:2260
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
@@ -2504,7 +2651,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2124
+#: sssd.conf.5.xml:2268
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
@@ -2512,34 +2659,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2149
+#: sssd.conf.5.xml:2293
 msgid "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2153
+#: sssd.conf.5.xml:2297
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2300
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2163
+#: sssd.conf.5.xml:2307
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2166
+#: sssd.conf.5.xml:2310
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2314
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -2547,31 +2694,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2178
+#: sssd.conf.5.xml:2322
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2326
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2186
+#: sssd.conf.5.xml:2330
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189 sssd.conf.5.xml:2267 sssd.conf.5.xml:2308 sssd.conf.5.xml:2333
+#: sssd.conf.5.xml:2333 sssd.conf.5.xml:2411 sssd.conf.5.xml:2476 sssd.conf.5.xml:2501
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2337
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2582,12 +2729,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2210
+#: sssd.conf.5.xml:2354
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2357
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -2595,7 +2742,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2219
+#: sssd.conf.5.xml:2363
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2604,31 +2751,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2227
+#: sssd.conf.5.xml:2371
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2230
+#: sssd.conf.5.xml:2374
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2380
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2383
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2245
+#: sssd.conf.5.xml:2389
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2637,7 +2784,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2254
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2646,22 +2793,52 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2263
+#: sssd.conf.5.xml:2407
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2417
+msgid "session_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2420
+msgid ""
+"The provider which configures and manages user session related tasks. The "
+"only user session task currently provided is the integration with Fleet "
+"Commander, which works only with IPA.  Supported session providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2427
+msgid "<quote>ipa</quote> to allow performing user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2431
+msgid "<quote>none</quote> does not perform any kind of user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2435
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can perform "
+"session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2442
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2445
 msgid "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2449
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -2669,7 +2846,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2288
+#: sssd.conf.5.xml:2456
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> "
@@ -2677,7 +2854,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2296
+#: sssd.conf.5.xml:2464
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> "
@@ -2685,24 +2862,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2305
+#: sssd.conf.5.xml:2473
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2483
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2486
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2322
+#: sssd.conf.5.xml:2490
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2711,12 +2888,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2330
+#: sssd.conf.5.xml:2498
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2343
+#: sssd.conf.5.xml:2511
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -2726,7 +2903,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2520
 msgid ""
 "Default for the AD and IPA provider: "
 "<quote>(((?P&lt;domain&gt;[^\\\\]+)\\\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?P&lt;name&gt;[^@\\\\]+)$))</quote> "
@@ -2734,29 +2911,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2525
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2528
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2363
+#: sssd.conf.5.xml:2531
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2366
+#: sssd.conf.5.xml:2534
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2371
+#: sssd.conf.5.xml:2539
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2764,7 +2941,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2377
+#: sssd.conf.5.xml:2545
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2772,136 +2949,144 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2384
+#: sssd.conf.5.xml:2552
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax "
 "(?P&lt;name&gt;) to label subpatterns."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2431
+#: sssd.conf.5.xml:2599
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2437
+#: sssd.conf.5.xml:2605
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2440
+#: sssd.conf.5.xml:2608
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2444
+#: sssd.conf.5.xml:2612
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2447
+#: sssd.conf.5.xml:2615
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2450
+#: sssd.conf.5.xml:2618
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2621
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2456
+#: sssd.conf.5.xml:2624
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2459
+#: sssd.conf.5.xml:2627
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2633
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2468
+#: sssd.conf.5.xml:2636
 msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
+"Defines the amount of time (in seconds) to wait for a reply from the "
+"internal fail over service before assuming that the service is "
+"unreachable. If this timeout is reached, the domain will continue to operate "
+"in offline mode."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2474 sssd-ldap.5.xml:1251 sssd-ldap.5.xml:1293 sssd-ldap.5.xml:1311 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2643
+msgid ""
+"Please see the section <quote>FAILOVER</quote> for more information about "
+"the service resolution."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2648 sssd-ldap.5.xml:1278 sssd-ldap.5.xml:1320 sssd-ldap.5.xml:1338 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2654
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2483
+#: sssd.conf.5.xml:2657
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2661
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2493
+#: sssd.conf.5.xml:2667
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2496
+#: sssd.conf.5.xml:2670
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2502
+#: sssd.conf.5.xml:2676
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2510
+#: sssd.conf.5.xml:2684
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2513
+#: sssd.conf.5.xml:2687
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2519
+#: sssd.conf.5.xml:2693
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2695
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2525
+#: sssd.conf.5.xml:2699
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2528
+#: sssd.conf.5.xml:2702
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -2909,7 +3094,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2505
+#: sssd.conf.5.xml:2679
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -2917,17 +3102,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2540
+#: sssd.conf.5.xml:2714
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2546
+#: sssd.conf.5.xml:2720
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2549
+#: sssd.conf.5.xml:2723
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -2935,34 +3120,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2729
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2558
+#: sssd.conf.5.xml:2732
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2561 sssd-ldap.5.xml:1084
+#: sssd.conf.5.xml:2735 sssd-ldap.5.xml:1111
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2564
+#: sssd.conf.5.xml:2738
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2567
+#: sssd.conf.5.xml:2741
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2573
+#: sssd.conf.5.xml:2747
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -2970,32 +3155,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2571 sssd-secrets.5.xml:381
+#: sssd.conf.5.xml:2745 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2580
+#: sssd.conf.5.xml:2754
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2587
+#: sssd.conf.5.xml:2761
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2772
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2599
+#: sssd.conf.5.xml:2773
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2764
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3005,32 +3190,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:2778
 msgid "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:2782
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2613
+#: sssd.conf.5.xml:2787
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2616
+#: sssd.conf.5.xml:2790
 msgid "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2622
+#: sssd.conf.5.xml:2796
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2625
+#: sssd.conf.5.xml:2799
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3038,12 +3223,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2805
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2635
+#: sssd.conf.5.xml:2809
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3051,7 +3236,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1670
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called "
@@ -3060,29 +3245,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2653
+#: sssd.conf.5.xml:2827
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2656
+#: sssd.conf.5.xml:2830
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2659
+#: sssd.conf.5.xml:2833
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2841
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2670
+#: sssd.conf.5.xml:2844
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3090,12 +3275,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2680
+#: sssd.conf.5.xml:2854
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2683
+#: sssd.conf.5.xml:2857
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3104,12 +3289,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2697
+#: sssd.conf.5.xml:2871
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2700
+#: sssd.conf.5.xml:2874
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3117,19 +3302,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2823
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2890
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2892
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> "
 "<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> "
@@ -3147,7 +3332,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2738
+#: sssd.conf.5.xml:2912
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3155,17 +3340,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2744
+#: sssd.conf.5.xml:2918
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2746
+#: sssd.conf.5.xml:2920
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2749
+#: sssd.conf.5.xml:2923
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3174,18 +3359,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2937
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
-"through the NSS responder. In addition, the application domains also "
-"requests the telephoneNumber attribute, stores it as the phone attribute in "
-"the cache and makes the phone attribute reachable through the D-Bus "
-"interface."
+"through the NSS responder. In addition, the application domain also requests "
+"the telephoneNumber attribute, stores it as the phone attribute in the cache "
+"and makes the phone attribute reachable through the D-Bus interface."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:2771
+#: sssd.conf.5.xml:2945
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3205,12 +3389,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2963
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2791
+#: sssd.conf.5.xml:2965
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3218,73 +3402,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2798
+#: sssd.conf.5.xml:2972
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2975
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2805
+#: sssd.conf.5.xml:2979
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2810
+#: sssd.conf.5.xml:2984
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2987
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2992
 msgid "Default: <filename>/home</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2823
+#: sssd.conf.5.xml:2997
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:3000
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830 sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:3004 sssd.conf.5.xml:3016
 msgid "Default: TRUE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2835
+#: sssd.conf.5.xml:3009
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2838
+#: sssd.conf.5.xml:3012
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2847
+#: sssd.conf.5.xml:3021
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2850
+#: sssd.conf.5.xml:3024
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3292,17 +3476,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2858
+#: sssd.conf.5.xml:3032
 msgid "Default: 077"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:3037
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2866
+#: sssd.conf.5.xml:3040
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3311,17 +3495,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2876
+#: sssd.conf.5.xml:3050
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2881
+#: sssd.conf.5.xml:3055
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2884
+#: sssd.conf.5.xml:3058
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3329,17 +3513,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2891
+#: sssd.conf.5.xml:3065
 msgid "Default: <filename>/var/mail</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:3070
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2899
+#: sssd.conf.5.xml:3073
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3347,83 +3531,85 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2905
+#: sssd.conf.5.xml:3079
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2915
+#: sssd.conf.5.xml:3089
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:3091
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called "
 "<quote>[domain/<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</replaceable>]</quote>.  "
-"Currently supported options in the trusted domain section are:"
+"Where DOMAIN_NAME is the actual joined-to base domain. Please refer to "
+"examples below for explanation.  Currently supported options in the trusted "
+"domain section are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2922
+#: sssd.conf.5.xml:3098
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:3099
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2924
+#: sssd.conf.5.xml:3100
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2925
+#: sssd.conf.5.xml:3101
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:3102
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2927
+#: sssd.conf.5.xml:3103
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2928
+#: sssd.conf.5.xml:3104
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2929
+#: sssd.conf.5.xml:3105
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2930
+#: sssd.conf.5.xml:3106
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2932
+#: sssd.conf.5.xml:3108
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2938 sssd-ldap.5.xml:2662 sssd-simple.5.xml:131 sssd-ipa.5.xml:673 sssd-ad.5.xml:1018 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98 sssd-files.5.xml:71
-msgid "EXAMPLE"
+#: sssd.conf.5.xml:3114 idmap_sss.8.xml:43
+msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2944
+#: sssd.conf.5.xml:3120
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3453,14 +3639,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2940
+#: sssd.conf.5.xml:3116
 msgid ""
-"The following example shows a typical SSSD config. It does not describe "
+"1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 "id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:3153
+#, no-wrap
+msgid ""
+"[domain/ipa.com/child.ad.com]\n"
+"use_fully_qualified_names = false\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3147
+msgid ""
+"2. The following example shows configuration of IPA AD trust where the AD "
+"forest consists of two domains in a parent-child structure.  Suppose IPA "
+"domain (ipa.com) has trust with AD domain(ad.com).  ad.com has child domain "
+"(child.ad.com). To enable shortnames in the child domain the following "
+"configuration should be used.  <placeholder type=\"programlisting\" "
+"id=\"0\"/>"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
 msgid "sssd-ldap"
@@ -3500,7 +3705,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:75 sssd-ad.5.xml:99 sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57 sssd-secrets.5.xml:94 sssd-kcm.8.xml:141
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:75 sssd-ad.5.xml:99 sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57 sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
 msgstr ""
 
@@ -3521,7 +3726,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:197
+#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:264
 msgid "The format of the URI must match the format defined in RFC 2732:"
 msgstr ""
 
@@ -3799,7 +4004,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:893
+#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:920
 msgid "Default: gidNumber"
 msgstr ""
 
@@ -3877,7 +4082,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:919
+#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:946
 msgid ""
 "Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
 "IPA"
@@ -3896,7 +4101,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:961
 msgid "Default: objectSid for ActiveDirectory, not set for other servers."
 msgstr ""
 
@@ -3906,14 +4111,14 @@ msgid "ldap_user_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:944 sssd-ldap.5.xml:1167
+#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:971 sssd-ldap.5.xml:1194
 msgid ""
 "The LDAP attribute that contains timestamp of the last modification of the "
 "parent object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:948 sssd-ldap.5.xml:1174
+#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:975 sssd-ldap.5.xml:1201
 msgid "Default: modifyTimestamp"
 msgstr ""
 
@@ -4310,7 +4515,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1199 sssd-ldap.5.xml:2240 sssd-ipa.5.xml:544
+#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1152 sssd-ldap.5.xml:1226 sssd-ldap.5.xml:2276 sssd-ipa.5.xml:588
 msgid "Default: cn"
 msgstr ""
 
@@ -4397,130 +4602,163 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:833
-msgid "ldap_user_certificate (string)"
+msgid "ldap_user_authorized_rhost (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:836
+msgid ""
+"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
+"presence of the rhost attribute in the user's LDAP entry to determine access "
+"privilege. Similarly to host verification process."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:843
+msgid ""
+"An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
+"explicit allow (rhost) and finally for allow_all (*)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:848
+msgid ""
+"Please note that the ldap_access_order configuration option "
+"<emphasis>must</emphasis> include <quote>rhost</quote> in order for the "
+"ldap_user_authorized_rhost option to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:855
+msgid "Default: rhost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:861
+msgid "ldap_user_certificate (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
 msgid "Name of the LDAP attribute containing the X509 certificate of the user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:840
-msgid "Default: no set in the general case, userCertificate;binary for IPA"
+#: sssd-ldap.5.xml:868
+msgid "Default: userCertificate;binary"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:847
+#: sssd-ldap.5.xml:874
 msgid "ldap_user_email (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:850
+#: sssd-ldap.5.xml:877
 msgid "Name of the LDAP attribute containing the email address of the user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
+#: sssd-ldap.5.xml:881
 msgid "Default: mail"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:860
+#: sssd-ldap.5.xml:887
 msgid "ldap_group_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:890
 msgid "The object class of a group entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:893
 msgid "Default: posixGroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:872
+#: sssd-ldap.5.xml:899
 msgid "ldap_group_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:875
+#: sssd-ldap.5.xml:902
 msgid "The LDAP attribute that corresponds to the group name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:879
+#: sssd-ldap.5.xml:906
 msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:886
+#: sssd-ldap.5.xml:913
 msgid "ldap_group_gid_number (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:916
 msgid "The LDAP attribute that corresponds to the group's id."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:926
 msgid "ldap_group_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:902
+#: sssd-ldap.5.xml:929
 msgid "The LDAP attribute that contains the names of the group's members."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:933
 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:939
 msgid "ldap_group_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:942
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:953
 msgid "ldap_group_objectsid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:929
+#: sssd-ldap.5.xml:956
 msgid ""
 "The LDAP attribute that contains the objectSID of an LDAP group object. This "
 "is usually only necessary for ActiveDirectory servers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:968
 msgid "ldap_group_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:981
 msgid "ldap_group_type (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:957
+#: sssd-ldap.5.xml:984
 msgid ""
 "The LDAP attribute that contains an integer value indicating the type of the "
 "group and maybe other flags."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:962
+#: sssd-ldap.5.xml:989
 msgid ""
 "This attribute is currently only used by the AD provider to determine if a "
 "group is a domain local groups and has to be filtered out for trusted "
@@ -4528,34 +4766,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:968
+#: sssd-ldap.5.xml:995
 msgid "Default: groupType in the AD provider, otherwise not set"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:975
+#: sssd-ldap.5.xml:1002
 msgid "ldap_group_external_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:978
+#: sssd-ldap.5.xml:1005
 msgid ""
 "The LDAP attribute that references group members that are defined in an "
 "external domain. At the moment, only IPA's external members are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:1011
 msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1018
 msgid "ldap_group_nesting_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1021
 msgid ""
 "If ldap_schema is set to a schema format that supports nested groups "
 "(e.g. RFC2307bis), then this option controls how many levels of nesting SSSD "
@@ -4563,7 +4801,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
+#: sssd-ldap.5.xml:1028
 msgid ""
 "Note: This option specifies the guaranteed level of nested groups to be "
 "processed for any lookup. However, nested groups beyond this limit "
@@ -4573,7 +4811,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1037
 msgid ""
 "If ldap_group_nesting_level is set to 0 then no nested groups are processed "
 "at all. However, when connected to Active-Directory Server 2008 and later "
@@ -4583,17 +4821,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1046
 msgid "Default: 2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1025
+#: sssd-ldap.5.xml:1052
 msgid "ldap_groups_use_matching_rule_in_chain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1028
+#: sssd-ldap.5.xml:1055
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which may speed up group lookup operations on deployments with "
@@ -4601,14 +4839,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1034
+#: sssd-ldap.5.xml:1061
 msgid ""
 "In most common cases, it is best to leave this option disabled. It generally "
 "only provides a performance increase on very complex nestings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039 sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1093
 msgid ""
 "If this option is enabled, SSSD will use it if it detects that the server "
 "supports it during initial connection. So \"True\" here essentially means "
@@ -4616,7 +4854,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1072
+#: sssd-ldap.5.xml:1072 sssd-ldap.5.xml:1099
 msgid ""
 "Note: This feature is currently known to work only with Active Directory "
 "2008 R1 and later. See <ulink "
@@ -4625,12 +4863,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1057
+#: sssd-ldap.5.xml:1084
 msgid "ldap_initgroups_use_matching_rule_in_chain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1087
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which might speed up initgroups operations (most notably when "
@@ -4638,166 +4876,166 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1114
 msgid ""
 "This options enables or disables use of Token-Groups attribute when "
 "performing initgroup for users from Active Directory Server 2008 and later."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1092
+#: sssd-ldap.5.xml:1119
 msgid "Default: True for AD and IPA otherwise False."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1125
 msgid "ldap_netgroup_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1101
+#: sssd-ldap.5.xml:1128
 msgid "The object class of a netgroup entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1104
+#: sssd-ldap.5.xml:1131
 msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1108
+#: sssd-ldap.5.xml:1135
 msgid "Default: nisNetgroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1114
+#: sssd-ldap.5.xml:1141
 msgid "ldap_netgroup_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1117
+#: sssd-ldap.5.xml:1144
 msgid "The LDAP attribute that corresponds to the netgroup name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1121
+#: sssd-ldap.5.xml:1148
 msgid "In IPA provider, ipa_netgroup_name should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1131
+#: sssd-ldap.5.xml:1158
 msgid "ldap_netgroup_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1134
+#: sssd-ldap.5.xml:1161
 msgid "The LDAP attribute that contains the names of the netgroup's members."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1165
 msgid "In IPA provider, ipa_netgroup_member should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1142
+#: sssd-ldap.5.xml:1169
 msgid "Default: memberNisNetgroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1175
 msgid "ldap_netgroup_triple (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1178
 msgid "The LDAP attribute that contains the (host, user, domain) netgroup triples."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1155 sssd-ldap.5.xml:1171
+#: sssd-ldap.5.xml:1182 sssd-ldap.5.xml:1198
 msgid "This option is not available in IPA provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1158
+#: sssd-ldap.5.xml:1185
 msgid "Default: nisNetgroupTriple"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1191
 msgid "ldap_netgroup_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1207
 msgid "ldap_service_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1210
 msgid "The object class of a service entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1186
+#: sssd-ldap.5.xml:1213
 msgid "Default: ipService"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1192
+#: sssd-ldap.5.xml:1219
 msgid "ldap_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1195
+#: sssd-ldap.5.xml:1222
 msgid ""
 "The LDAP attribute that contains the name of service attributes and their "
 "aliases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1205
+#: sssd-ldap.5.xml:1232
 msgid "ldap_service_port (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1235
 msgid "The LDAP attribute that contains the port managed by this service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1239
 msgid "Default: ipServicePort"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1245
 msgid "ldap_service_proto (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1248
 msgid "The LDAP attribute that contains the protocols understood by this service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1252
 msgid "Default: ipServiceProtocol"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1231
+#: sssd-ldap.5.xml:1258
 msgid "ldap_service_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1236
+#: sssd-ldap.5.xml:1263
 msgid "ldap_search_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1266
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches are allowed to run "
 "before they are cancelled and cached results are returned (and offline mode "
@@ -4805,7 +5043,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1245
+#: sssd-ldap.5.xml:1272
 msgid ""
 "Note: this option is subject to change in future versions of the SSSD. It "
 "will likely be replaced at some point by a series of timeouts for specific "
@@ -4813,12 +5051,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1257
+#: sssd-ldap.5.xml:1284
 msgid "ldap_enumeration_search_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1260
+#: sssd-ldap.5.xml:1287
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches for user and group "
 "enumerations are allowed to run before they are cancelled and cached results "
@@ -4826,12 +5064,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1273
+#: sssd-ldap.5.xml:1300
 msgid "ldap_network_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1303
 msgid ""
 "Specifies the timeout (in seconds) after which the <citerefentry> "
 "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> "
@@ -4842,12 +5080,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1326
 msgid "ldap_opt_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1329
 msgid ""
 "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
 "will abort if no response is received. Also controls the timeout when "
@@ -4856,12 +5094,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1344
 msgid "ldap_connection_expire_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1347
 msgid ""
 "Specifies a timeout (in seconds) that a connection to an LDAP server will be "
 "maintained. After this time, the connection will be re-established. If used "
@@ -4870,34 +5108,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1328 sssd-ldap.5.xml:2397
+#: sssd-ldap.5.xml:1355 sssd-ldap.5.xml:2433
 msgid "Default: 900 (15 minutes)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1361
 msgid "ldap_page_size (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1364
 msgid ""
 "Specify the number of records to retrieve from LDAP in a single "
 "request. Some LDAP servers enforce a maximum limit per-request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1342
+#: sssd-ldap.5.xml:1369
 msgid "Default: 1000"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1375
 msgid "ldap_disable_paging (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1378
 msgid ""
 "Disable the LDAP paging control. This option should be used if the LDAP "
 "server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4905,7 +5143,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1384
 msgid ""
 "Example: OpenLDAP servers with the paging control module installed on the "
 "server but not enabled will report it in the RootDSE but be unable to use "
@@ -4913,7 +5151,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1363
+#: sssd-ldap.5.xml:1390
 msgid ""
 "Example: 389 DS has a bug where it can only support a one paging control at "
 "a time on a single connection. On busy clients, this can result in some "
@@ -4921,17 +5159,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1375
+#: sssd-ldap.5.xml:1402
 msgid "ldap_disable_range_retrieval (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1378
+#: sssd-ldap.5.xml:1405
 msgid "Disable Active Directory range retrieval."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1381
+#: sssd-ldap.5.xml:1408
 msgid ""
 "Active Directory limits the number of members to be retrieved in a single "
 "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4941,12 +5179,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1396
+#: sssd-ldap.5.xml:1423
 msgid "ldap_sasl_minssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1426
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -4954,17 +5192,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1432
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1439
 msgid "ldap_deref_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1415
+#: sssd-ldap.5.xml:1442
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4972,12 +5210,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1448
 msgid "You can turn off dereference lookups completely by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1452
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -4986,7 +5224,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1433
+#: sssd-ldap.5.xml:1460
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -4994,26 +5232,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1473
 msgid "ldap_tls_reqcert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1449
+#: sssd-ldap.5.xml:1476
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1482
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1486
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5021,7 +5259,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466
+#: sssd-ldap.5.xml:1493
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5029,7 +5267,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1472
+#: sssd-ldap.5.xml:1499
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -5037,41 +5275,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1478
+#: sssd-ldap.5.xml:1505
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1509
 msgid "Default: hard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1515
 msgid "ldap_tls_cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1518
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1496 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1523 sssd-ldap.5.xml:1541 sssd-ldap.5.xml:1582
 msgid ""
 "Default: use OpenLDAP defaults, typically in "
 "<filename>/etc/openldap/ldap.conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1530
 msgid "ldap_tls_cacertdir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1533
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -5080,32 +5318,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1548
 msgid "ldap_tls_cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1524
+#: sssd-ldap.5.xml:1551
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1534
+#: sssd-ldap.5.xml:1561
 msgid "ldap_tls_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1564
 msgid "Specifies the file that contains the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1573
 msgid "ldap_tls_cipher_suite (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1576
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -5113,24 +5351,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1589
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1565
+#: sssd-ldap.5.xml:1592
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem "
 "class=\"protocol\">tls</systemitem> to protect the channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1602
 msgid "ldap_id_mapping (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1605
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -5138,17 +5376,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1584
+#: sssd-ldap.5.xml:1611
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1621
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1624
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -5159,29 +5397,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1636
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1642
 msgid "ldap_sasl_mech (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1645
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
 "supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1655
 msgid "ldap_sasl_authid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1658
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI is used, this "
 "represents the Kerberos principal used for authentication to the directory.  "
@@ -5191,17 +5429,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1666
 msgid "Default: host/hostname@REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1672
 msgid "ldap_sasl_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1648
+#: sssd-ldap.5.xml:1675
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -5209,49 +5447,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1681
 msgid "Default: the value of krb5_realm."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1687
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1663
+#: sssd-ldap.5.xml:1690
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1668
+#: sssd-ldap.5.xml:1695
 msgid "Default: false;"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1701
 msgid "ldap_krb5_keytab (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1677
+#: sssd-ldap.5.xml:1704
 msgid "Specify the keytab to use when using SASL/GSSAPI."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1680
+#: sssd-ldap.5.xml:1707
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1686
+#: sssd-ldap.5.xml:1713
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1689
+#: sssd-ldap.5.xml:1716
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -5259,27 +5497,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1728
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1704
+#: sssd-ldap.5.xml:1731
 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1708 sssd-ad.5.xml:914
+#: sssd-ldap.5.xml:1735 sssd-ad.5.xml:914
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1714 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1741 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1717
+#: sssd-ldap.5.xml:1744
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of "
@@ -5291,7 +5529,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1756 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -5299,7 +5537,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1761 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of "
 "SSSD. While the legacy name is recognized for the time being, users are "
@@ -5308,39 +5546,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1743 sssd-ipa.5.xml:418 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1770 sssd-ipa.5.xml:432 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1746
+#: sssd-ldap.5.xml:1773
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1749
+#: sssd-ldap.5.xml:1776
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1755 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1782 sssd-krb5.5.xml:462
 msgid "krb5_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1785
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1770 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1797 sssd-krb5.5.xml:477
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1773 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1800 sssd-krb5.5.xml:480
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -5350,7 +5588,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1811 sssd-krb5.5.xml:491
 msgid ""
 "See the <citerefentry> "
 "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> "
@@ -5359,26 +5597,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1825
 msgid "ldap_pwd_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1828
 msgid ""
 "Select the policy to evaluate the password expiration on the client "
 "side. The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1806
+#: sssd-ldap.5.xml:1833
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1811
+#: sssd-ldap.5.xml:1838
 msgid ""
 "<emphasis>shadow</emphasis> - Use "
 "<citerefentry><refentrytitle>shadow</refentrytitle> "
@@ -5387,7 +5625,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1817
+#: sssd-ldap.5.xml:1844
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5395,31 +5633,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1826
+#: sssd-ldap.5.xml:1853
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1861
 msgid "ldap_referrals (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1864
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1868
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1873
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5428,56 +5666,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1887
 msgid "ldap_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1890
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1894
 msgid "Default: ldap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1900
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1876
+#: sssd-ldap.5.xml:1903
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1881
+#: sssd-ldap.5.xml:1908
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1887
+#: sssd-ldap.5.xml:1914
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1890
+#: sssd-ldap.5.xml:1917
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1902
+#: sssd-ldap.5.xml:1929
 msgid "ldap_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1932
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -5494,12 +5732,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1952
 msgid "Example:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1928
+#: sssd-ldap.5.xml:1955
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -5508,14 +5746,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1959
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1964
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -5524,24 +5762,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1945 sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:1972 sssd-ldap.5.xml:2029
 msgid "Default: Empty"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1951
+#: sssd-ldap.5.xml:1978
 msgid "ldap_account_expire_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1981
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1958
+#: sssd-ldap.5.xml:1985
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5549,19 +5787,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1965
+#: sssd-ldap.5.xml:1992
 msgid "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1995
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1973
+#: sssd-ldap.5.xml:2000
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5570,7 +5808,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:2007
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, "
 "<emphasis>389ds</emphasis>: use the value of ldap_ns_account_lock to check "
@@ -5578,7 +5816,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1986
+#: sssd-ldap.5.xml:2013
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5587,7 +5825,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2022
 msgid ""
 "Please note that the ldap_access_order configuration option "
 "<emphasis>must</emphasis> include <quote>expire</quote> in order for the "
@@ -5595,22 +5833,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2035
 msgid "ldap_access_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2011
+#: sssd-ldap.5.xml:2038
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2042
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2045
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5620,7 +5858,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2028
+#: sssd-ldap.5.xml:2055
 msgid ""
 "<emphasis> Please note that this option is superseded by the "
 "<quote>ppolicy</quote> option and might be removed in a future release.  "
@@ -5628,7 +5866,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2062
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5641,12 +5879,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2052
+#: sssd-ldap.5.xml:2079
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2056
+#: sssd-ldap.5.xml:2083
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5656,7 +5894,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2093
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5666,48 +5904,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2101
 msgid "Note If user password is expired no explicit message is prompted by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2105
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2083
+#: sssd-ldap.5.xml:2110
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2115
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2092
+#: sssd-ldap.5.xml:2119
+msgid ""
+"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
+"remote host can access"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2123
+msgid ""
+"Please note, rhost field in pam is set by application, it is better to check "
+"what the application sends to pam, before enabling this access control "
+"option"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2128
 msgid "Default: filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2095
+#: sssd-ldap.5.xml:2131
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2102
+#: sssd-ldap.5.xml:2138
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2105
+#: sssd-ldap.5.xml:2141
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -5716,74 +5969,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2113
+#: sssd-ldap.5.xml:2149
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2152
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2122
+#: sssd-ldap.5.xml:2158
 msgid "ldap_deref (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2125
+#: sssd-ldap.5.xml:2161
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2130
+#: sssd-ldap.5.xml:2166
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2134
+#: sssd-ldap.5.xml:2170
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2139
+#: sssd-ldap.5.xml:2175
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2144
+#: sssd-ldap.5.xml:2180
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2149
+#: sssd-ldap.5.xml:2185
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2157
+#: sssd-ldap.5.xml:2193
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2196
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2200
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -5794,7 +6047,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2175
+#: sssd-ldap.5.xml:2211
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -5802,24 +6055,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187 sssd-ifp.5.xml:136
-msgid "wildcart_limit (integer)"
+#: sssd-ldap.5.xml:2223 sssd-ifp.5.xml:136
+msgid "wildcard_limit (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2226
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2194
+#: sssd-ldap.5.xml:2230
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2234
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
@@ -5834,12 +6087,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2244
 msgid "SUDO OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2210
+#: sssd-ldap.5.xml:2246
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5847,208 +6100,208 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2221
+#: sssd-ldap.5.xml:2257
 msgid "ldap_sudorule_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2260
 msgid "The object class of a sudo rule entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2227
+#: sssd-ldap.5.xml:2263
 msgid "Default: sudoRole"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2233
+#: sssd-ldap.5.xml:2269
 msgid "ldap_sudorule_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2272
 msgid "The LDAP attribute that corresponds to the sudo rule name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2246
+#: sssd-ldap.5.xml:2282
 msgid "ldap_sudorule_command (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2249
+#: sssd-ldap.5.xml:2285
 msgid "The LDAP attribute that corresponds to the command name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2253
+#: sssd-ldap.5.xml:2289
 msgid "Default: sudoCommand"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2259
+#: sssd-ldap.5.xml:2295
 msgid "ldap_sudorule_host (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2262
+#: sssd-ldap.5.xml:2298
 msgid ""
 "The LDAP attribute that corresponds to the host name (or host IP address, "
 "host IP network, or host netgroup)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2303
 msgid "Default: sudoHost"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2273
+#: sssd-ldap.5.xml:2309
 msgid "ldap_sudorule_user (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2276
+#: sssd-ldap.5.xml:2312
 msgid ""
 "The LDAP attribute that corresponds to the user name (or UID, group name or "
 "user's netgroup)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2316
 msgid "Default: sudoUser"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2286
+#: sssd-ldap.5.xml:2322
 msgid "ldap_sudorule_option (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2289
+#: sssd-ldap.5.xml:2325
 msgid "The LDAP attribute that corresponds to the sudo options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2329
 msgid "Default: sudoOption"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2335
 msgid "ldap_sudorule_runasuser (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2302
+#: sssd-ldap.5.xml:2338
 msgid ""
 "The LDAP attribute that corresponds to the user name that commands may be "
 "run as."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2306
+#: sssd-ldap.5.xml:2342
 msgid "Default: sudoRunAsUser"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2312
+#: sssd-ldap.5.xml:2348
 msgid "ldap_sudorule_runasgroup (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2351
 msgid ""
 "The LDAP attribute that corresponds to the group name or group GID that "
 "commands may be run as."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2319
+#: sssd-ldap.5.xml:2355
 msgid "Default: sudoRunAsGroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2361
 msgid "ldap_sudorule_notbefore (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2328
+#: sssd-ldap.5.xml:2364
 msgid ""
 "The LDAP attribute that corresponds to the start date/time for when the sudo "
 "rule is valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2332
+#: sssd-ldap.5.xml:2368
 msgid "Default: sudoNotBefore"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2338
+#: sssd-ldap.5.xml:2374
 msgid "ldap_sudorule_notafter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2341
+#: sssd-ldap.5.xml:2377
 msgid ""
 "The LDAP attribute that corresponds to the expiration date/time, after which "
 "the sudo rule will no longer be valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2346
+#: sssd-ldap.5.xml:2382
 msgid "Default: sudoNotAfter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2352
+#: sssd-ldap.5.xml:2388
 msgid "ldap_sudorule_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2391
 msgid "The LDAP attribute that corresponds to the ordering index of the rule."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2359
+#: sssd-ldap.5.xml:2395
 msgid "Default: sudoOrder"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2365
+#: sssd-ldap.5.xml:2401
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2368
+#: sssd-ldap.5.xml:2404
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2373
+#: sssd-ldap.5.xml:2409
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval "
 "</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2378
+#: sssd-ldap.5.xml:2414
 msgid "Default: 21600 (6 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2420
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387
+#: sssd-ldap.5.xml:2423
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest USN "
@@ -6056,100 +6309,100 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2429
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2403
+#: sssd-ldap.5.xml:2439
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2406
+#: sssd-ldap.5.xml:2442
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2417
+#: sssd-ldap.5.xml:2453
 msgid "ldap_sudo_hostnames (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2420
+#: sssd-ldap.5.xml:2456
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2425
+#: sssd-ldap.5.xml:2461
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2430 sssd-ldap.5.xml:2453 sssd-ldap.5.xml:2471 sssd-ldap.5.xml:2489
+#: sssd-ldap.5.xml:2466 sssd-ldap.5.xml:2489 sssd-ldap.5.xml:2507 sssd-ldap.5.xml:2525
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is "
 "<emphasis>false</emphasis> then this option has no effect."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2435 sssd-ldap.5.xml:2458
+#: sssd-ldap.5.xml:2471 sssd-ldap.5.xml:2494
 msgid "Default: not specified"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2477
 msgid "ldap_sudo_ip (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2444
+#: sssd-ldap.5.xml:2480
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2449
+#: sssd-ldap.5.xml:2485
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2464
+#: sssd-ldap.5.xml:2500
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2467
+#: sssd-ldap.5.xml:2503
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2482
+#: sssd-ldap.5.xml:2518
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2485
+#: sssd-ldap.5.xml:2521
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2501
+#: sssd-ldap.5.xml:2537
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -6158,112 +6411,112 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2547
 msgid "AUTOFS OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2513
+#: sssd-ldap.5.xml:2549
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2555
 msgid "ldap_autofs_map_master_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2522
+#: sssd-ldap.5.xml:2558
 msgid "The name of the automount master map in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2525
+#: sssd-ldap.5.xml:2561
 msgid "Default: auto.master"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2532
+#: sssd-ldap.5.xml:2568
 msgid "ldap_autofs_map_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2535
+#: sssd-ldap.5.xml:2571
 msgid "The object class of an automount map entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2538
+#: sssd-ldap.5.xml:2574
 msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2546
+#: sssd-ldap.5.xml:2582
 msgid "ldap_autofs_map_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2549
+#: sssd-ldap.5.xml:2585
 msgid "The name of an automount map entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2552
+#: sssd-ldap.5.xml:2588
 msgid ""
 "Default: nisMapName (rfc2307, autofs_provider=ad), otherwise "
 "automountMapName"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2596
 msgid "ldap_autofs_entry_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2563
+#: sssd-ldap.5.xml:2599
 msgid ""
 "The object class of an automount entry in LDAP. The entry usually "
 "corresponds to a mount point."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2568
+#: sssd-ldap.5.xml:2604
 msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2576
+#: sssd-ldap.5.xml:2612
 msgid "ldap_autofs_entry_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2579 sssd-ldap.5.xml:2594
+#: sssd-ldap.5.xml:2615 sssd-ldap.5.xml:2630
 msgid ""
 "The key of an automount entry in LDAP. The entry usually corresponds to a "
 "mount point."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2583
+#: sssd-ldap.5.xml:2619
 msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2627
 msgid "ldap_autofs_entry_value (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2598
+#: sssd-ldap.5.xml:2634
 msgid ""
 "Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
 "automountInformation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2517
+#: sssd-ldap.5.xml:2553
 msgid ""
 "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder "
 "type=\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" "
@@ -6273,56 +6526,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2609
+#: sssd-ldap.5.xml:2645
 msgid "ADVANCED OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2616
+#: sssd-ldap.5.xml:2652
 msgid "ldap_netgroup_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2621
+#: sssd-ldap.5.xml:2657
 msgid "ldap_user_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2626
+#: sssd-ldap.5.xml:2662
 msgid "ldap_group_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2631
+#: sssd-ldap.5.xml:2667
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2633
+#: sssd-ldap.5.xml:2669
 msgid ""
-"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
+"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
 "memberships, even with no GID mapping. It is recommended to disable this "
 "feature, if group names are not being displayed correctly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2640
+#: sssd-ldap.5.xml:2676
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2642
+#: sssd-ldap.5.xml:2678
 msgid "ldap_sudo_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2647
+#: sssd-ldap.5.xml:2683
 msgid "ldap_autofs_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2611
+#: sssd-ldap.5.xml:2647
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -6330,8 +6583,13 @@ msgid ""
 "type=\"variablelist\" id=\"1\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2698 sssd-simple.5.xml:131 sssd-ipa.5.xml:717 sssd-ad.5.xml:1018 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98 sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+msgid "EXAMPLE"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2664
+#: sssd-ldap.5.xml:2700
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -6339,7 +6597,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2670
+#: sssd-ldap.5.xml:2706
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -6352,24 +6610,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2669 sssd-ldap.5.xml:2687 sssd-simple.5.xml:139 sssd-ipa.5.xml:681 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579 sssd-files.5.xml:78 include/ldap_id_mapping.xml:105
+#: sssd-ldap.5.xml:2705 sssd-ldap.5.xml:2723 sssd-simple.5.xml:139 sssd-ipa.5.xml:725 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579 sssd-files.5.xml:78 sssd-session-recording.5.xml:150 include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2681
+#: sssd-ldap.5.xml:2717
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2683
+#: sssd-ldap.5.xml:2719
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2688
+#: sssd-ldap.5.xml:2724
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -6385,12 +6643,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2703 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148 sssd-ad.5.xml:1041 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2739 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148 sssd-ad.5.xml:1041 sssd.8.xml:195 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2705
+#: sssd-ldap.5.xml:2741
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -6896,9 +7154,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:45
 msgid ""
-"The rules are process by priority while the number '0' (zero)  indicates the "
-"highest priority. The higher the number the lower is the priority. A missing "
-"value indicates the lowest priority."
+"The rules are processed by priority while the number '0' (zero)  indicates "
+"the highest priority. The higher the number the lower is the priority. A "
+"missing value indicates the lowest priority."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
@@ -6982,7 +7240,7 @@ msgstr ""
 #: sss-certmap.5.xml:112
 msgid ""
 "This option can be used to specify which key usage values the certificate "
-"should have. The following value can be used in a comma separate list:"
+"should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
@@ -7358,7 +7616,7 @@ msgid ""
 "exception is the proxy provider which is not of relevance here). Because of "
 "this the mapping rule is based on LDAP search filter syntax with templates "
 "to add certificate content to the filter. It is expected that the filter "
-"will only contain the specific data needed for the mapping an that the "
+"will only contain the specific data needed for the mapping and that the "
 "caller will embed it in another filter to do the actual search. Because of "
 "this the filter string should start and stop with '(' and ')' respectively."
 msgstr ""
@@ -7378,8 +7636,8 @@ msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
 "is that the user specific data in LDAP might change for various reasons "
-"would would break the mapping. On the other hand it would be hard to break "
-"the mapping on purpose for a specific user."
+"would break the mapping. On the other hand it would be hard to break the "
+"mapping on purpose for a specific user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -7473,7 +7731,7 @@ msgstr ""
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
-"represent the first part of the principal before the '@' sign."
+"represents the first part of the principal before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7491,8 +7749,8 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:459
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by pkinit. The 'short_name' component represent the first part of the "
+"This template will add the Kerberos principal which is given by the SAN used "
+"by pkinit. The 'short_name' component represents the first part of the "
 "principal before the '@' sign."
 msgstr ""
 
@@ -7511,9 +7769,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:473
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by AD. The 'short_name' component represent the first part of the "
-"principal before the '@' sign."
+"This template will add the Kerberos principal which is given by the SAN used "
+"by AD. The 'short_name' component represent the first part of the principal "
+"before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -7526,7 +7784,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
-"represent the first part of the address before the '@' sign."
+"represents the first part of the address before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7546,7 +7804,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
-"component represent the first part of the name before the first '.' sign."
+"component represents the first part of the name before the first '.' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7660,7 +7918,7 @@ msgstr ""
 #: sss-certmap.5.xml:367
 msgid ""
 "The templates to add certificate data to the search filter are based on "
-"Python-style formatting strings. They consists of a keyword in curly braces "
+"Python-style formatting strings. They consist of a keyword in curly braces "
 "with an optional sub-component specifier separated by a '.' or an optional "
 "conversion/formatting option separated by a '!'.  Allowed values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -7782,16 +8040,17 @@ msgstr ""
 #: sssd-ipa.5.xml:113
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
+"fully qualified name used in the IPA domain to identify this host.  The "
+"hostname must be fully qualified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121 sssd-ad.5.xml:843
+#: sssd-ipa.5.xml:122 sssd-ad.5.xml:843
 msgid "dyndns_update (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:125
 msgid ""
 "Optional. This option tells SSSD to automatically update the DNS server "
 "built into FreeIPA with the IP address of this client. The update is secured "
@@ -7801,14 +8060,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:133 sssd-ad.5.xml:857
+#: sssd-ipa.5.xml:134 sssd-ad.5.xml:857
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:139
 msgid ""
 "NOTE: While it is still possible to use the old "
 "<emphasis>ipa_dyndns_update</emphasis> option, users should migrate to using "
@@ -7816,12 +8075,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:150 sssd-ad.5.xml:868
+#: sssd-ipa.5.xml:151 sssd-ad.5.xml:868
 msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:153 sssd-ad.5.xml:871
+#: sssd-ipa.5.xml:154 sssd-ad.5.xml:871
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -7829,7 +8088,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:159
 msgid ""
 "NOTE: While it is still possible to use the old "
 "<emphasis>ipa_dyndns_ttl</emphasis> option, users should migrate to using "
@@ -7837,17 +8096,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:164
+#: sssd-ipa.5.xml:165
 msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:170 sssd-ad.5.xml:882
+#: sssd-ipa.5.xml:171 sssd-ad.5.xml:882
 msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173 sssd-ad.5.xml:885
+#: sssd-ipa.5.xml:174 sssd-ad.5.xml:885
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -7856,7 +8115,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180
+#: sssd-ipa.5.xml:181
 msgid ""
 "NOTE: While it is still possible to use the old "
 "<emphasis>ipa_dyndns_iface</emphasis> option, users should migrate to using "
@@ -7864,24 +8123,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:186
+#: sssd-ipa.5.xml:187
 msgid ""
 "Default: Use the IP addresses of the interface which is used for IPA LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:190 sssd-ad.5.xml:896
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:896
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196 sssd-ad.5.xml:947
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:947
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199 sssd-ad.5.xml:950
+#: sssd-ipa.5.xml:200 sssd-ad.5.xml:950
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -7889,22 +8148,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:205 sssd-ad.5.xml:956
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:956
 msgid "Default: GSS-TSIG"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:212
 msgid "ipa_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:197
+#: sssd-ipa.5.xml:215 sssd-ad.5.xml:197
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:218
+#: sssd-ipa.5.xml:219
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, then the SSSD will first attempt location "
@@ -7917,12 +8176,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:237 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:238 sssd-ad.5.xml:902
 msgid "dyndns_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:240
+#: sssd-ipa.5.xml:241
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -7930,232 +8189,274 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:920
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:920
 msgid "dyndns_update_ptr (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:923
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:923
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:261
+#: sssd-ipa.5.xml:262
 msgid ""
 "This option should be False in most IPA deployments as the IPA server "
 "generates the PTR records automatically when forward records are changed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:268
 msgid "Default: False (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273 sssd-ad.5.xml:934
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:934
 msgid "dyndns_force_tcp (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276 sssd-ad.5.xml:937
+#: sssd-ipa.5.xml:277 sssd-ad.5.xml:937
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:941
+#: sssd-ipa.5.xml:281 sssd-ad.5.xml:941
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:286 sssd-ad.5.xml:962
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:962
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:289 sssd-ad.5.xml:965
+#: sssd-ipa.5.xml:290 sssd-ad.5.xml:965
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:294 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:295 sssd-ad.5.xml:970
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:299 sssd-ad.5.xml:975
+#: sssd-ipa.5.xml:300 sssd-ad.5.xml:975
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:304 sssd-ad.5.xml:980
+#: sssd-ipa.5.xml:305 sssd-ad.5.xml:980
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:310
-msgid "ipa_hbac_search_base (string)"
+#: sssd-ipa.5.xml:311
+msgid "ipa_deskprofile_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Optional. Use the given string as search base for HBAC related objects."
+#: sssd-ipa.5.xml:314
+msgid ""
+"Optional. Use the given string as search base for Desktop Profile related "
+"objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:317
+#: sssd-ipa.5.xml:318 sssd-ipa.5.xml:331
 msgid "Default: Use base DN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:324
+msgid "ipa_hbac_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:327
+msgid "Optional. Use the given string as search base for HBAC related objects."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:337
 msgid "ipa_host_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:326
+#: sssd-ipa.5.xml:340
 msgid "Optional. Use the given string as search base for host objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:330 sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 sssd-ipa.5.xml:387 sssd-ipa.5.xml:406
+#: sssd-ipa.5.xml:344 sssd-ipa.5.xml:363 sssd-ipa.5.xml:382 sssd-ipa.5.xml:401 sssd-ipa.5.xml:420
 msgid ""
 "See <quote>ldap_search_base</quote> for information about configuring "
 "multiple search bases."
 msgstr ""
 
 #. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:335 sssd-ipa.5.xml:354 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 include/ldap_search_bases.xml:27
 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:356
 msgid "ipa_selinux_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:345
+#: sssd-ipa.5.xml:359
 msgid "Optional. Use the given string as search base for SELinux user maps."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:375
 msgid "ipa_subdomains_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364
+#: sssd-ipa.5.xml:378
 msgid "Optional. Use the given string as search base for trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:373
+#: sssd-ipa.5.xml:387
 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:380
+#: sssd-ipa.5.xml:394
 msgid "ipa_master_domain_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:383
+#: sssd-ipa.5.xml:397
 msgid "Optional. Use the given string as search base for master domain object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:406
 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:399
+#: sssd-ipa.5.xml:413
 msgid "ipa_views_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:402
+#: sssd-ipa.5.xml:416
 msgid "Optional. Use the given string as search base for views containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:411
+#: sssd-ipa.5.xml:425
 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:435
 msgid ""
 "The name of the Kerberos realm. This is optional and defaults to the value "
 "of <quote>ipa_domain</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:425
+#: sssd-ipa.5.xml:439
 msgid ""
 "The name of the Kerberos realm has a special meaning in IPA - it is "
 "converted into the base DN to use for performing LDAP operations."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:433 sssd-ad.5.xml:989
+#: sssd-ipa.5.xml:447 sssd-ad.5.xml:989
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:436 sssd-ad.5.xml:992
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:992
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:440 sssd-ad.5.xml:996
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:996
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:444 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1000
 msgid "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:465
+msgid "ipa_deskprofile_refresh (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:468
 msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA "
-"server. This will reduce the latency and load on the IPA server if there are "
-"many access-control requests made in a short period."
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server. This will reduce the latency and load on the IPA server if there "
+"are many desktop profiles requests made in a short period."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ipa.5.xml:477 sssd-ad.5.xml:408
+#: sssd-ipa.5.xml:475 sssd-ipa.5.xml:505 sssd-ipa.5.xml:521 sssd-ad.5.xml:408
 msgid "Default: 5 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:481
+msgid "ipa_deskprofile_request_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:484
+msgid ""
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server in case the last request did not return any rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:489
+msgid "Default: 60 (minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:495
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:498
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA "
+"server. This will reduce the latency and load on the IPA server if there are "
+"many access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:511
 msgid "ipa_hbac_selinux (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:470
+#: sssd-ipa.5.xml:514
 msgid ""
 "The amount of time between lookups of the SELinux maps against the IPA "
 "server. This will reduce the latency and load on the IPA server if there are "
@@ -8163,192 +8464,192 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:527
 msgid "ipa_server_mode (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:486
+#: sssd-ipa.5.xml:530
 msgid ""
 "This option will be set by the IPA installer (ipa-server-install) "
 "automatically and denotes if SSSD is running on an IPA server or not."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:535
 msgid ""
 "On an IPA server SSSD will lookup users and groups from trusted domains "
 "directly while on a client it will ask an IPA server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:502
+#: sssd-ipa.5.xml:546
 msgid "ipa_automount_location (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:505
+#: sssd-ipa.5.xml:549
 msgid "The automounter location this IPA client will be using"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508
+#: sssd-ipa.5.xml:552
 msgid "Default: The location named \"default\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:516
+#: sssd-ipa.5.xml:560
 msgid "VIEWS AND OVERRIDES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:525
+#: sssd-ipa.5.xml:569
 msgid "ipa_view_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:572
 msgid "Objectclass of the view container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:575
 msgid "Default: nsContainer"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:537
+#: sssd-ipa.5.xml:581
 msgid "ipa_view_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:540
+#: sssd-ipa.5.xml:584
 msgid "Name of the attribute holding the name of the view."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:550
+#: sssd-ipa.5.xml:594
 msgid "ipa_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:597
 msgid "Objectclass of the override objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:556
+#: sssd-ipa.5.xml:600
 msgid "Default: ipaOverrideAnchor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:606
 msgid "ipa_anchor_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:565
+#: sssd-ipa.5.xml:609
 msgid ""
 "Name of the attribute containing the reference to the original object in a "
 "remote domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:613
 msgid "Default: ipaAnchorUUID"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:619
 msgid "ipa_user_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:578
+#: sssd-ipa.5.xml:622
 msgid ""
 "Name of the objectclass for user overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:583
+#: sssd-ipa.5.xml:627
 msgid "User overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:586
+#: sssd-ipa.5.xml:630
 msgid "ldap_user_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:589
+#: sssd-ipa.5.xml:633
 msgid "ldap_user_uid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:592
+#: sssd-ipa.5.xml:636
 msgid "ldap_user_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:595
+#: sssd-ipa.5.xml:639
 msgid "ldap_user_gecos"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:598
+#: sssd-ipa.5.xml:642
 msgid "ldap_user_home_directory"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:601
+#: sssd-ipa.5.xml:645
 msgid "ldap_user_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:604
+#: sssd-ipa.5.xml:648
 msgid "ldap_user_ssh_public_key"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:653
 msgid "Default: ipaUserOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:615
+#: sssd-ipa.5.xml:659
 msgid "ipa_group_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:618
+#: sssd-ipa.5.xml:662
 msgid ""
 "Name of the objectclass for group overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:623
+#: sssd-ipa.5.xml:667
 msgid "Group overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:626
+#: sssd-ipa.5.xml:670
 msgid "ldap_group_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:629
+#: sssd-ipa.5.xml:673
 msgid "ldap_group_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
+#: sssd-ipa.5.xml:678
 msgid "Default: ipaGroupOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:518
+#: sssd-ipa.5.xml:562
 msgid ""
 "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
 "later version. Since all paths and objectclasses are fixed on the server "
@@ -8358,19 +8659,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:646
+#: sssd-ipa.5.xml:690
 msgid "SUBDOMAINS PROVIDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:692
 msgid ""
 "The IPA subdomains provider behaves slightly differently if it is configured "
 "explicitly or implicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:652
+#: sssd-ipa.5.xml:696
 msgid ""
 "If the option 'subdomains_provider = ipa' is found in the domain section of "
 "sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -8378,7 +8679,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:658
+#: sssd-ipa.5.xml:702
 msgid ""
 "If the option 'subdomains_provider' is not set in the domain section of "
 "sssd.conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -8390,7 +8691,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:675
+#: sssd-ipa.5.xml:719
 msgid ""
 "The following example assumes that SSSD is correctly configured and "
 "example.com is one of the domains in the <replaceable>[sssd]</replaceable> "
@@ -8398,7 +8699,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:682
+#: sssd-ipa.5.xml:726
 #, no-wrap
 msgid ""
 "[domain/example.com]\n"
@@ -9285,9 +9586,9 @@ msgstr ""
 #: sssd-ad.5.xml:828
 msgid ""
 "This option should only be used to test the machine account renewal "
-"task. The option expect 2 integers seperated by a colon (':'). The first "
+"task. The option expects 2 integers separated by a colon (':'). The first "
 "integer defines the interval in seconds how often the task is run. The "
-"second specifies the inital timeout in seconds before the task is run for "
+"second specifies the initial timeout in seconds before the task is run for "
 "the first time after startup."
 msgstr ""
 
@@ -9392,8 +9693,8 @@ msgid ""
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
+#. type: Content of: <reference><refentry><refmeta><refentrytitle>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
 msgid "sssd-sudo"
 msgstr ""
 
@@ -9717,12 +10018,12 @@ msgid "Run in the foreground, don't become a daemon."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117 sss_debuglevel.8.xml:42
+#: sssd.8.xml:117
 msgid "<option>-c</option>,<option>--config</option>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121 sss_debuglevel.8.xml:46
+#: sssd.8.xml:121
 msgid ""
 "Specify a non-default config file. The default is "
 "<filename>/etc/sssd/sssd.conf</filename>. For reference on the config file "
@@ -11397,7 +11698,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_debuglevel.8.xml:16
-msgid "change debug level while SSSD is running"
+msgid "[DEPRECATED] change debug level while SSSD is running"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
@@ -11411,14 +11712,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_debuglevel.8.xml:32
 msgid ""
-"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
-"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
-"running."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_debuglevel.8.xml:59
-msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl "
+"debug-level command. Please refer to the <command>sssctl</command> man page "
+"for more information on sssctl usage."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
@@ -11816,7 +12112,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><title>
-#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:182 include/seealso.xml:2
+#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:180 include/seealso.xml:2
 msgid "SEE ALSO"
 msgstr ""
 
@@ -11997,7 +12293,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: idmap_sss.8.xml:16
-msgid "SSSSD's idmap_sss Backend for Winbind"
+msgid "SSSD's idmap_sss Backend for Winbind"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
@@ -12024,11 +12320,6 @@ msgid ""
 "authoritative."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><title>
-#: idmap_sss.8.xml:43
-msgid "EXAMPLES"
-msgstr ""
-
 #. type: Content of: <reference><refentry><refsect1><para>
 #: idmap_sss.8.xml:45
 msgid "This example shows how to configure idmap_sss as the default mapping module."
@@ -12196,20 +12487,53 @@ msgid ""
 "nested."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:69
+msgid "secrets"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:70
+msgid "secrets for general usage"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:73
+msgid "kcm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:75
+msgid ""
+"used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:61
+msgid ""
+"Since the secrets responder can be used both externally to store general "
+"secrets, as described in the rest of this man page, but also internally by "
+"other SSSD components to store their secret material, some configuration "
+"options, like quotas can be configured per <quote>hive</quote> in a "
+"configuration subsection named after the hive. The currently supported hives "
+"are: <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:63
+#: sssd-secrets.5.xml:89
 msgid "USING THE SECRETS RESPONDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:65
+#: sssd-secrets.5.xml:91
 msgid ""
 "The UNIX socket the SSSD responder listens on is located at "
 "<filename>/var/run/secrets.socket</filename>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:84 sssd-kcm.8.xml:132
+#: sssd-secrets.5.xml:110
 #, no-wrap
 msgid ""
 "systemctl start sssd-secrets.socket\n"
@@ -12219,7 +12543,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:69
+#: sssd-secrets.5.xml:95
 msgid ""
 "The secrets responder is socket-activated by <citerefentry> "
 "<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> "
@@ -12234,7 +12558,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:96
+#: sssd-secrets.5.xml:122
 msgid ""
 "The generic SSSD responder options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the secrets responder.  Please refer "
@@ -12243,18 +12567,27 @@ msgid ""
 "addition, there are some secrets-specific options as well."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:132
+msgid ""
+"The secrets responder is configured with a global <quote>[secrets]</quote> "
+"section and an optional per-user <quote>[secrets/users/$uid]</quote> section "
+"in <filename>sssd.conf</filename>. Please note that some options, notably as "
+"the provider type, can only be specified in the per-user subsections."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:107
+#: sssd-secrets.5.xml:141
 msgid "provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:120
+#: sssd-secrets.5.xml:157
 msgid "local"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:123
+#: sssd-secrets.5.xml:160
 msgid ""
 "The secrets are stored in a local database, encrypted at rest with a master "
 "key. The local provider does not have any additional config options at the "
@@ -12262,141 +12595,190 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:131
+#: sssd-secrets.5.xml:168
 msgid "proxy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:134
+#: sssd-secrets.5.xml:171
 msgid ""
 "The secrets responder forwards the requests to a Custodia server. The proxy "
 "provider supports several additional options (see below)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:110
+#: sssd-secrets.5.xml:144
 msgid ""
 "This option specifies where should the secrets be stored. The secrets "
-"responder can configure a per-user subsections that define which provider "
-"store the secrets for this particular user. The per-user subsections should "
-"contain all options for that user's provider. If a per-user section does not "
-"exist, the global settings from the secret responder's section are used.  "
-"The following providers are supported: <placeholder type=\"variablelist\" "
-"id=\"0\"/>"
+"responder can configure a per-user subsections "
+"(e.g. <quote>[secrets/users/123]</quote> - see bottom of this manual page "
+"for a full example using Custodia for a particular user) that define which "
+"provider store the secrets for this particular user. The per-user "
+"subsections should contain all options for that user's provider. Please note "
+"that currently the global provider is always local, the proxy provider can "
+"only be specified in a per-user section. The following providers are "
+"supported: <placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:143
+#: sssd-secrets.5.xml:180
 msgid "Default: local"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:186
+msgid ""
+"The following options affect only the secrets <quote>hive</quote> and "
+"therefore should be set in a per-hive subsection. Setting the option to 0 "
+"means \"unlimited\"."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:148
+#: sssd-secrets.5.xml:192
 msgid "containers_nest_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:151
+#: sssd-secrets.5.xml:195
 msgid "This option specifies the maximum allowed number of nested containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:155
+#: sssd-secrets.5.xml:199
 msgid "Default: 4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:160
+#: sssd-secrets.5.xml:204
 msgid "max_secrets (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:163
-msgid "This option specifies the maximum number of secrets that can be stored."
+#: sssd-secrets.5.xml:207
+msgid ""
+"This option specifies the maximum number of secrets that can be stored in "
+"the hive."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:211
+msgid "Default: 1024 (secrets hive), 256 (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:216
+msgid "max_uid_secrets (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:219
+msgid ""
+"This option specifies the maximum number of secrets that can be stored "
+"per-UID in the hive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:167
-msgid "Default: 1024"
+#: sssd-secrets.5.xml:223
+msgid "Default: 256 (secrets hive), 64 (kcm hive)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:172
+#: sssd-secrets.5.xml:228
 msgid "max_payload_size (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:175
+#: sssd-secrets.5.xml:231
 msgid ""
 "This option specifies the maximum payload size allowed for a secret payload "
 "in kilobytes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:179
-msgid "Default: 16"
+#: sssd-secrets.5.xml:235
+msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-secrets.5.xml:244
+#, no-wrap
+msgid ""
+"[secrets/secrets]\n"
+"max_payload_size = 128\n"
+"\n"
+"[secrets/kcm]\n"
+"max_payload_size = 256\n"
+"            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:241
+msgid ""
+"For example, to adjust quotas differently for both the "
+"<quote>secrets</quote> and the <quote>kcm</quote> hives, configure the "
+"following: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:185
+#: sssd-secrets.5.xml:252
 msgid ""
 "The following options are only applicable for configurations that use the "
 "<quote>proxy</quote> provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:190
+#: sssd-secrets.5.xml:257
 msgid "proxy_url (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:193
+#: sssd-secrets.5.xml:260
 msgid ""
 "The URL the Custodia server is listening on. At the moment, http and https "
 "protocols are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:200
+#: sssd-secrets.5.xml:267
 msgid "http[s]://&lt;host&gt;[:port]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:203
+#: sssd-secrets.5.xml:270
 msgid "Example: http://localhost:8080"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:208
+#: sssd-secrets.5.xml:275
 msgid "auth_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:211
+#: sssd-secrets.5.xml:278
 msgid ""
 "The method to use when authenticating to a Custodia server. The following "
 "authentication methods are supported:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:216
+#: sssd-secrets.5.xml:283
 msgid "basic_auth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:219
+#: sssd-secrets.5.xml:286
 msgid ""
 "Authenticate with a username and a password as set in the "
 "<quote>username</quote> and <quote>password</quote> options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:226
+#: sssd-secrets.5.xml:293
 msgid "header"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:229
+#: sssd-secrets.5.xml:296
 msgid ""
 "Authenticate with HTTP header value as defined in the "
 "<quote>auth_header_name</quote> and <quote>auth_header_value</quote> "
@@ -12404,12 +12786,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:240
+#: sssd-secrets.5.xml:307
 msgid "auth_header_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:243
+#: sssd-secrets.5.xml:310
 msgid ""
 "If set, the secrets responder would put a header with this name into the "
 "HTTP request with the value defined in the <quote>auth_header_value</quote> "
@@ -12417,80 +12799,80 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:248
+#: sssd-secrets.5.xml:315
 msgid "Example: MYSECRETNAME"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:253
+#: sssd-secrets.5.xml:320
 msgid "auth_header_value (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:256
+#: sssd-secrets.5.xml:323
 msgid "The value sssd-secrets would use for the <quote>auth_header_name</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:260
+#: sssd-secrets.5.xml:327
 msgid "Example: mysecret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:265
+#: sssd-secrets.5.xml:332
 msgid "forward_headers (list of strings)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:268
+#: sssd-secrets.5.xml:335
 msgid ""
 "The list of HTTP headers to forward to the Custodia server together with the "
 "request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:277
+#: sssd-secrets.5.xml:344
 msgid "verify_peer (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:280
+#: sssd-secrets.5.xml:347
 msgid ""
 "Whether peer's certificate should be verified and valid if HTTPS protocol is "
 "used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:289
+#: sssd-secrets.5.xml:356
 msgid "verify_host (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:292
+#: sssd-secrets.5.xml:359
 msgid ""
 "Whether peer's hostname must match with hostname in its certificate if HTTPS "
 "protocol is used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:302
+#: sssd-secrets.5.xml:369
 msgid "capath (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:305
+#: sssd-secrets.5.xml:372
 msgid ""
 "Path to directory containing stored certificate authority "
 "certificates. System default path is used if this option is not set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:315
+#: sssd-secrets.5.xml:382
 msgid "cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:318
+#: sssd-secrets.5.xml:385
 msgid ""
 "Path to file containing server's certificate authority certificate. If this "
 "option is not set then the CA's certificate is looked up in "
@@ -12498,12 +12880,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:328
+#: sssd-secrets.5.xml:395
 msgid "cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:331
+#: sssd-secrets.5.xml:398
 msgid ""
 "Path to file containing client's certificate if required by the server. This "
 "file may also contain private key or the private key may be in separate file "
@@ -12511,22 +12893,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:342
+#: sssd-secrets.5.xml:409
 msgid "key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:345
+#: sssd-secrets.5.xml:412
 msgid "Path to file containing client's private key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:355
+#: sssd-secrets.5.xml:422
 msgid "USING THE REST API"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:357
+#: sssd-secrets.5.xml:424
 msgid ""
 "This section lists the available commands and includes examples using the "
 "<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> "
@@ -12541,19 +12923,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:374
+#: sssd-secrets.5.xml:441
 msgid "Listing secrets"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:377
+#: sssd-secrets.5.xml:444
 msgid ""
 "To list the available secrets, send a HTTP GET request with a trailing slash "
 "appended to the container path."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:383
+#: sssd-secrets.5.xml:450
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12563,19 +12945,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:391
+#: sssd-secrets.5.xml:458
 msgid "Retrieving a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:394
+#: sssd-secrets.5.xml:461
 msgid ""
 "To read a value of a single secret, send a HTTP GET request without a "
 "trailing slash. The last portion of the URI is the name of the secret."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:401
+#: sssd-secrets.5.xml:468
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12585,7 +12967,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:406
+#: sssd-secrets.5.xml:473
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -12595,19 +12977,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:399
+#: sssd-secrets.5.xml:466
 msgid ""
 "Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder "
 "type=\"programlisting\" id=\"1\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:414
+#: sssd-secrets.5.xml:481
 msgid "Setting a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:417
+#: sssd-secrets.5.xml:484
 msgid ""
 "To set a secret using the <quote>application/json</quote> type, send a HTTP "
 "PUT request with a JSON payload that includes type and value. The type "
@@ -12617,14 +12999,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:425
+#: sssd-secrets.5.xml:492
 msgid ""
 "The <quote>application/json</quote> type just sends the secret as the "
 "message payload."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:434
+#: sssd-secrets.5.xml:501
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12635,7 +13017,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:440
+#: sssd-secrets.5.xml:507
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -12646,7 +13028,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:429
+#: sssd-secrets.5.xml:496
 msgid ""
 "The following example sets a secret named 'foo' to a value of 'foosecret' "
 "and a secret named 'bar' to a value of 'barsecret' using a different Content "
@@ -12655,12 +13037,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:449
+#: sssd-secrets.5.xml:516
 msgid "Creating a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:452
+#: sssd-secrets.5.xml:519
 msgid ""
 "Containers provide an additional namespace for this user's secrets. To "
 "create a container, send a HTTP POST request, whose URI ends with the "
@@ -12668,7 +13050,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:462
+#: sssd-secrets.5.xml:529
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12678,14 +13060,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:459
+#: sssd-secrets.5.xml:526
 msgid ""
 "The following example creates a container named 'mycontainer': <placeholder "
 "type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:471
+#: sssd-secrets.5.xml:538
 #, no-wrap
 msgid ""
 "http://localhost/secrets/mycontainer/mysecret\n"
@@ -12693,26 +13075,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:468
+#: sssd-secrets.5.xml:535
 msgid ""
 "To manipulate secrets under this container, just nest the secrets underneath "
 "the container path: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:477
+#: sssd-secrets.5.xml:544
 msgid "Deleting a secret or a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:480
+#: sssd-secrets.5.xml:547
 msgid ""
 "To delete a secret or a container, send a HTTP DELETE request with a path to "
 "the secret or the container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:486
+#: sssd-secrets.5.xml:553
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12722,19 +13104,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:484
+#: sssd-secrets.5.xml:551
 msgid ""
 "The following example deletes a secret named 'foo'.  <placeholder "
 "type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:496
+#: sssd-secrets.5.xml:563
 msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:498
+#: sssd-secrets.5.xml:565
 msgid ""
 "For testing the proxy provider, you need to set up a Custodia server to "
 "proxy requests to. Please always consult the Custodia documentation, the "
@@ -12742,7 +13124,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:509
+#: sssd-secrets.5.xml:576
 #, no-wrap
 msgid ""
 "[global]\n"
@@ -12772,7 +13154,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:503
+#: sssd-secrets.5.xml:570
 msgid ""
 "This configuration will set up a Custodia server listening on "
 "http://localhost:8080, allowing anyone with header named MYSECRETNAME set to "
@@ -12782,14 +13164,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:535
+#: sssd-secrets.5.xml:602
 msgid ""
 "Then run the <replaceable>custodia</replaceable> command, pointing it at the "
 "config file as a command line argument."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:539
+#: sssd-secrets.5.xml:606
 msgid ""
 "Please note that currently it's not possible to proxy all requests globally "
 "to a Custodia instance. Instead, per-user subsections for user IDs that "
@@ -12800,7 +13182,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><programlisting>
-#: sssd-secrets.5.xml:547
+#: sssd-secrets.5.xml:614
 #, no-wrap
 msgid ""
 "[secrets]\n"
@@ -12815,6 +13197,71 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-session-recording.5.xml:16
+msgid "sssd-session-recording"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-session-recording.5.xml:17
+msgid "Configuring session recording with SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:23
+msgid ""
+"This manual page describes how to configure <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to "
+"implement user session recording on text terminals.  For a detailed "
+"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> "
+"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:41
+msgid ""
+"SSSD can be set up to enable recording of everything specific users see or "
+"type during their sessions on text terminals. E.g.  when users log in on the "
+"console, or via SSH. SSSD itself doesn't record anything, but makes sure "
+"tlog-rec-session is started upon user login, so it can record according to "
+"its configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:48
+msgid ""
+"For users with session recording enabled, SSSD replaces the user shell with "
+"tlog-rec-session in NSS responses, and adds a variable specifying the "
+"original shell to the user environment, upon PAM session setup. This way "
+"tlog-rec-session can be started in place of the user shell, and know which "
+"actual shell to start, once it set up the recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:60
+msgid "These options can be used to configure the session recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:146
+msgid ""
+"The following snippet of sssd.conf enables session recording for users "
+"\"contractor1\" and \"contractor2\", and group \"students\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-session-recording.5.xml:151
+#, no-wrap
+msgid ""
+"[session_recording]\n"
+"scope = some\n"
+"users = contractor1, contractor2\n"
+"groups = students\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
 msgid "sssd-kcm"
 msgstr ""
@@ -12933,7 +13380,6 @@ msgstr ""
 msgid ""
 "systemctl start sssd-kcm.socket\n"
 "systemctl enable sssd-kcm.socket\n"
-"systemctl enable sssd-kcm.service\n"
 "            "
 msgstr ""
 
@@ -12950,12 +13396,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-kcm.8.xml:123
+#: sssd-kcm.8.xml:122
 msgid "THE CREDENTIAL CACHE STORAGE"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:131
+#, no-wrap
+msgid ""
+"systemctl start sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.socket\n"
+"            "
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:125
+#: sssd-kcm.8.xml:124
 msgid ""
 "The credential caches are stored in the SSSD secrets service (see "
 "<citerefentry> "
@@ -12967,7 +13422,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:143
+#: sssd-kcm.8.xml:141
 msgid ""
 "The KCM service is configured in the <quote>kcm</quote> section of the "
 "sssd.conf file. Please note that currently, is it not sufficient to restart "
@@ -12981,7 +13436,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:157
+#: sssd-kcm.8.xml:155
 msgid ""
 "The generic SSSD service options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the kcm service.  Please refer to "
@@ -12991,22 +13446,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-kcm.8.xml:168
+#: sssd-kcm.8.xml:166
 msgid "socket_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:171
+#: sssd-kcm.8.xml:169
 msgid "The socket the KCM service will listen on."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:174
+#: sssd-kcm.8.xml:172
 msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:184
+#: sssd-kcm.8.xml:182
 msgid ""
 "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> "
 "</citerefentry>, <citerefentry> "
@@ -13014,6 +13469,383 @@ msgid ""
 "</citerefentry>,"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
+msgid "sssd-systemtap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-systemtap.5.xml:17
+msgid "SSSD systemtap information"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:23
+msgid ""
+"This manual page provides information about the systemtap functionality in "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:32
+msgid ""
+"SystemTap Probe points have been added into various locations in SSSD code "
+"to assist in troubleshooting and analyzing performance related issues."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:40
+msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:46
+msgid ""
+"Probes and miscellaneous functions are defined in "
+"/usr/share/systemtap/tapset/sssd.stp and "
+"/usr/share/systemtap/tapset/sssd_functions.stp respectively."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-systemtap.5.xml:57
+msgid "PROBE POINTS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:341
+msgid ""
+"The information below lists the probe points and arguments available in the "
+"following format:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:64
+msgid "probe $name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:67
+msgid "Description of probe point"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:70
+#, no-wrap
+msgid ""
+"variable1:datatype\n"
+"variable2:datatype\n"
+"variable3:datatype\n"
+"...\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:80
+msgid "Database Transaction Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:84
+msgid "probe sssd_transaction_start"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:87
+msgid "Start of a sysdb transaction, probes the sysdb_transaction_start() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118 sssd-systemtap.5.xml:131
+#, no-wrap
+msgid ""
+"nesting:integer\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:97
+msgid "probe sssd_transaction_cancel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:100
+msgid ""
+"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel()  "
+"function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:111
+msgid "probe sssd_transaction_commit_before"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:114
+msgid "Probes the sysdb_transaction_commit_before()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:124
+msgid "probe sssd_transaction_commit_after"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:127
+msgid "Probes the sysdb_transaction_commit_after()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:141
+msgid "LDAP Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:145
+msgid "probe sdap_search_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:148
+msgid "Probes the sdap_get_generic_ext_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:152 sssd-systemtap.5.xml:167 sssd-systemtap.5.xml:196
+#, no-wrap
+msgid ""
+"base:string\n"
+"scope:integer\n"
+"filter:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:160
+msgid "probe sdap_search_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:163
+msgid "Probes the sdap_get_generic_ext_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:175
+msgid "probe sdap_deref_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:178
+msgid "Probes the sdap_deref_search_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:182
+#, no-wrap
+msgid ""
+"base_dn:string\n"
+"deref_attr:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:189
+msgid "probe sdap_deref_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:192
+msgid "Probes the sdap_deref_search_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:208
+msgid "LDAP Account Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:212
+msgid "probe sdap_acct_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:215
+msgid "Probes the sdap_acct_req_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:219 sssd-systemtap.5.xml:234
+#, no-wrap
+msgid ""
+"entry_type:int\n"
+"filter_type:int\n"
+"filter_value:string\n"
+"extra_value:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:227
+msgid "probe sdap_acct_req_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:230
+msgid "Probes the sdap_acct_req_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:246
+msgid "LDAP User Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:250
+msgid "probe sdap_search_user_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:253
+msgid "Probes the sdap_search_user_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281 sssd-systemtap.5.xml:293
+#, no-wrap
+msgid ""
+"filter:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:262
+msgid "probe sdap_search_user_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:265
+msgid "Probes the sdap_search_user_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:274
+msgid "probe sdap_search_user_save_begin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:277
+msgid "Probes the sdap_search_user_save_begin()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:286
+msgid "probe sdap_search_user_save_end"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:289
+msgid "Probes the sdap_search_user_save_end()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:302
+msgid "Data Provider Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:306
+msgid "probe dp_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:309
+msgid "A Data Provider request is submitted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:312
+#, no-wrap
+msgid ""
+"dp_req_domain:string\n"
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:320
+msgid "probe dp_req_done"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:323
+msgid "A Data Provider request is completed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:326
+#, no-wrap
+msgid ""
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"dp_ret:int\n"
+"dp_errorstr:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:339
+msgid "MISCELLANEOUS FUNCTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:346
+msgid "function acct_req_desc(entry_type)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:349
+msgid "Convert entry_type to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:354
+msgid ""
+"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
+"filter_value, extra_value)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:358
+msgid "Create probe string based on filter type"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:363
+msgid "function dp_target_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:366
+msgid "Convert target to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:371
+msgid "function dp_method_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:374
+msgid "Convert method to string and return string"
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
 msgid "SERVICE DISCOVERY"
@@ -13162,6 +13994,67 @@ msgid ""
 "offline mode, and then attempts to reconnect every 30 seconds."
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:53
+msgid "Failover time outs and tuning"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:55
+msgid ""
+"Resolving a server to connect to can be as simple as running a single DNS "
+"query or can involve several steps, such as finding the correct site or "
+"trying out multiple host names in case some of the configured servers are "
+"not reachable. The more complex scenarios can take some time and SSSD needs "
+"to balance between providing enough time to finish the resolution process "
+"but on the other hand, not trying for too long before falling back to "
+"offline mode. If the SSSD debug logs show that the server resolution is "
+"timing out before a live server is contacted, you can consider changing the "
+"time outs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:76
+msgid "dns_resolver_op_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:80
+msgid "How long would SSSD talk to a single DNS server."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:86
+msgid "dns_resolver_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:90
+msgid ""
+"How long would SSSD try to resolve a failover service. This service "
+"resolution internally might include several steps, such as resolving DNS SRV "
+"queries or locating the site."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:67
+msgid ""
+"This section lists the available tunables. Please refer to their description "
+"in the <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, manual page.  <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:100
+msgid ""
+"For LDAP-based providers, the resolve operation is performed as part of an "
+"LDAP connection operation. Thefore, also the "
+"<quote>ldap_opt_timeout></quote> timeout should be set to a larger value "
+"than <quote>dns_resolver_timeout</quote> which in turn should be set to a "
+"larger value than <quote>dns_resolver_op_timeout</quote>."
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/ldap_id_mapping.xml:2
 msgid "ID MAPPING"
@@ -13747,6 +14640,8 @@ msgid ""
 "</citerefentry>, </phrase> <phrase condition=\"with_secrets\"> "
 "<citerefentry> <refentrytitle>sssd-secrets</refentrytitle> "
 "<manvolnum>5</manvolnum> </citerefentry>, </phrase> <citerefentry> "
+"<refentrytitle>sssd-session-recording</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> "
 "</citerefentry>, <citerefentry> "
 "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> "
@@ -13781,7 +14676,9 @@ msgid ""
 "<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> "
 "</citerefentry>.  <citerefentry> "
 "<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> "
-"</citerefentry>"
+"</citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
+"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> </phrase>"
 msgstr ""
 
 #. type: Content of: <listitem><para>
@@ -14072,42 +14969,37 @@ msgstr ""
 msgid "ldap_user_auth_type = ipaUserAuthType"
 msgstr ""
 
-#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:88
-msgid "ldap_user_certificate = userCertificate;binary"
-msgstr ""
-
 #. type: Content of: <refsect1><refsect2><title>
-#: include/ipa_modified_defaults.xml:94
+#: include/ipa_modified_defaults.xml:89
 msgid "LDAP Provider - Group options"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:98
+#: include/ipa_modified_defaults.xml:93
 msgid "ldap_group_object_class = ipaUserGroup"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:103
+#: include/ipa_modified_defaults.xml:98
 msgid "ldap_group_object_class_alt = posixGroup"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:108
+#: include/ipa_modified_defaults.xml:103
 msgid "ldap_group_member = member"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:113
+#: include/ipa_modified_defaults.xml:108
 msgid "ldap_group_uuid = ipaUniqueID"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:118
+#: include/ipa_modified_defaults.xml:113
 msgid "ldap_group_objectsid = ipaNTSecurityIdentifier"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:123
+#: include/ipa_modified_defaults.xml:118
 msgid "ldap_group_external_member = ipaExternalMember"
 msgstr ""
diff --git a/src/man/po/tg.po b/src/man/po/tg.po
index 9bde8b06d..ac019052b 100644
--- a/src/man/po/tg.po
+++ b/src/man/po/tg.po
@@ -5,9 +5,9 @@
 # Translators:
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.12.90\n"
+"Project-Id-Version: sssd-docs 1.15.3\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2017-07-25 11:51+0200\n"
+"POT-Creation-Date: 2017-10-20 16:15+0200\n"
 "PO-Revision-Date: 2014-12-15 12:10-0500\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/"
@@ -29,7 +29,8 @@ msgstr ""
 #: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
 #: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
 #: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5
-#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-kcm.8.xml:5
+#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-session-recording.5.xml:5
+#: sssd-kcm.8.xml:5 sssd-systemtap.5.xml:5
 msgid "SSSD Manual pages"
 msgstr ""
 
@@ -71,7 +72,8 @@ msgstr ""
 #: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31
 #: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
 #: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30
-#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-kcm.8.xml:21
+#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-session-recording.5.xml:21
+#: sssd-kcm.8.xml:21 sssd-systemtap.5.xml:21
 msgid "DESCRIPTION"
 msgstr "ШАРҲ"
 
@@ -86,8 +88,8 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "ИМКОНОТҲО"
 
@@ -129,7 +131,8 @@ msgstr ""
 #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
 #: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11
 #: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
-#: sssd-files.5.xml:11 sssd-secrets.5.xml:11
+#: sssd-files.5.xml:11 sssd-secrets.5.xml:11 sssd-session-recording.5.xml:11
+#: sssd-systemtap.5.xml:11
 msgid "5"
 msgstr "5"
 
@@ -137,7 +140,8 @@ msgstr "5"
 #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
 #: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12
 #: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
-#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-kcm.8.xml:12
+#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-session-recording.5.xml:12
+#: sssd-kcm.8.xml:12 sssd-systemtap.5.xml:12
 msgid "File Formats and Conventions"
 msgstr ""
 
@@ -288,11 +292,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:813
-#: sssd.conf.5.xml:1422 sssd-ldap.5.xml:1695 sssd-ldap.5.xml:1792
-#: sssd-ldap.5.xml:1854 sssd-ldap.5.xml:2411 sssd-ldap.5.xml:2476
-#: sssd-ldap.5.xml:2494 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:284 sssd-secrets.5.xml:297
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
+#: sssd.conf.5.xml:1467 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1881 sssd-ldap.5.xml:2447 sssd-ldap.5.xml:2512
+#: sssd-ldap.5.xml:2530 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
+#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr "Пешфарз: true"
 
@@ -309,17 +313,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:697
-#: sssd.conf.5.xml:1376 sssd.conf.5.xml:2691 sssd-ldap.5.xml:708
-#: sssd-ldap.5.xml:1569 sssd-ldap.5.xml:1588 sssd-ldap.5.xml:1764
-#: sssd-ldap.5.xml:2181 sssd-ipa.5.xml:144 sssd-ipa.5.xml:231
-#: sssd-ipa.5.xml:496 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
+#: sssd.conf.5.xml:1400 sssd.conf.5.xml:2865 sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:1596 sssd-ldap.5.xml:1615 sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:2217 sssd-ipa.5.xml:145 sssd-ipa.5.xml:232
+#: sssd-ipa.5.xml:540 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
 #: sssd-krb5.5.xml:471
 msgid "Default: false"
 msgstr "Пешфарз: false"
 
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2219
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2255
+#: sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:210
+#: sssd-systemtap.5.xml:248 sssd-systemtap.5.xml:304
 msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
@@ -342,8 +348,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1328 sssd.conf.5.xml:2707
-#: sssd-ldap.5.xml:1440 include/ldap_id_mapping.xml:264
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1352 sssd.conf.5.xml:2881
+#: sssd-ldap.5.xml:1467 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr "Пешфарз: 10"
 
@@ -358,7 +364,7 @@ msgid "The [sssd] section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:2796
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:2970
 msgid "Section parameters"
 msgstr ""
 
@@ -406,19 +412,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:589
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
 msgid "reconnection_retries (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:592
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:597
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
 msgid "Default: 3"
 msgstr "Пешфарз: 3"
 
@@ -438,7 +444,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2508
 msgid "re_expression (string)"
 msgstr ""
 
@@ -458,12 +464,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2391
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2559
 msgid "full_name_format (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2394
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2562
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -471,39 +477,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2405
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2573
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2574
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2577
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2412
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2580
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2418
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2586
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2421
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2589
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2402
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2570
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -627,11 +633,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1132 sssd-ldap.5.xml:679
-#: sssd-ldap.5.xml:1528 sssd-ldap.5.xml:1540 sssd-ldap.5.xml:1622
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1156 sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:1555 sssd-ldap.5.xml:1567 sssd-ldap.5.xml:1649
 #: sssd-ad.5.xml:667 sssd-ad.5.xml:742 sssd-krb5.5.xml:410 sssd-krb5.5.xml:556
-#: sssd-secrets.5.xml:272 sssd-secrets.5.xml:310 sssd-secrets.5.xml:323
-#: sssd-secrets.5.xml:337 sssd-secrets.5.xml:348
+#: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
+#: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415
 #: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
 msgid "Default: not set"
 msgstr ""
@@ -802,8 +808,24 @@ msgid ""
 "be looked up in a random order for each parent domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:563
+msgid ""
+"Please, note that when this option is set the output format of all commands "
+"is always fully-qualified even when using short names for input.  In case "
+"the administrator wants the output not fully-qualified, the full_name_format "
+"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
+"However, keep in mind that during login, login applications often "
+"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
+"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
+"shortname is returned for a qualified input (while trying to reach a user "
+"which exists in multiple domains) might re-route the login attempt into the "
+"domain which users shortnames, making this workaround totally not "
+"recommended in cases where usernames may overlap between domains."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563 sssd.conf.5.xml:1340 sssd.conf.5.xml:2757
+#: sssd.conf.5.xml:587 sssd.conf.5.xml:1364 sssd.conf.5.xml:2931
 #: sssd-ad.5.xml:148 sssd-ad.5.xml:286 sssd-ad.5.xml:300
 msgid "Default: Not set"
 msgstr ""
@@ -820,12 +842,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:574
+#: sssd.conf.5.xml:598
 msgid "SERVICES SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:600
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -834,22 +856,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:607
 msgid "General service configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:609
 msgid "These options can be used to configure any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:626
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:605
+#: sssd.conf.5.xml:629
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -859,17 +881,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:614
+#: sssd.conf.5.xml:638
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:643
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:646
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -879,18 +901,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:631 sssd.conf.5.xml:663 sssd.conf.5.xml:944
-#: sssd.conf.5.xml:1198 sssd-ldap.5.xml:1267
+#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
+#: sssd.conf.5.xml:1222 sssd-ldap.5.xml:1294
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:660
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:663
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -898,24 +920,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:670
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:673
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:678
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:681
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -923,12 +945,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:692
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:695
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -940,58 +962,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685 sssd.conf.5.xml:956 sssd.conf.5.xml:1514
+#: sssd.conf.5.xml:709 sssd.conf.5.xml:980 sssd.conf.5.xml:1559
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:690
+#: sssd.conf.5.xml:714
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:717
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:729
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:731
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:712
+#: sssd.conf.5.xml:736
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715
+#: sssd.conf.5.xml:739
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:719
+#: sssd.conf.5.xml:743
 msgid "Default: 120"
 msgstr "Пешфарз: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:748
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
+#: sssd.conf.5.xml:751
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -999,7 +1021,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:733
+#: sssd.conf.5.xml:757
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1009,7 +1031,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:767
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1018,17 +1040,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:775 sssd.conf.5.xml:1421
 msgid "Default: 50"
 msgstr "Пешфарз: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:780
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:783
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1036,34 +1058,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:765 sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:789 sssd.conf.5.xml:1445
 msgid "Default: 15"
 msgstr "Пешфарз: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:770
+#: sssd.conf.5.xml:794
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:773
+#: sssd.conf.5.xml:797
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778 sssd.conf.5.xml:1186 sssd.conf.5.xml:2641 sssd.8.xml:79
+#: sssd.conf.5.xml:802 sssd.conf.5.xml:1210 sssd.conf.5.xml:2815 sssd.8.xml:79
 msgid "Default: 0"
 msgstr "Пешфарз: 0"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:807
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:786
+#: sssd.conf.5.xml:810
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1072,7 +1094,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:817
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1081,41 +1103,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:801
+#: sssd.conf.5.xml:825
 msgid "Default: root"
 msgstr "Пешфарз: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:830
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:833
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:820
+#: sssd.conf.5.xml:844
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:847
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:852
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:834
+#: sssd.conf.5.xml:858
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1123,23 +1145,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1265 sssd.conf.5.xml:1284
+#: sssd.conf.5.xml:856 sssd.conf.5.xml:1289 sssd.conf.5.xml:1308
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:862
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:868
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:871
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1147,47 +1169,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:877
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:883
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:886
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:889
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:869
+#: sssd.conf.5.xml:893
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:898
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:879
+#: sssd.conf.5.xml:903
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:906
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1195,105 +1217,105 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:913
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:892
+#: sssd.conf.5.xml:916
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:920
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:925
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:904
+#: sssd.conf.5.xml:928
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:909
+#: sssd.conf.5.xml:933
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:936
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:940
 msgid "Default: /bin/sh"
 msgstr "Пешфарз: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:945
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:948
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:954
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:937 sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:961 sssd.conf.5.xml:1215
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1218
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:973
 msgid "memcache_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:952
+#: sssd.conf.5.xml:976
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:983
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:967 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:991 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:994
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1304,96 +1326,96 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1007
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1012
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:993
+#: sssd.conf.5.xml:1017
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:996
+#: sssd.conf.5.xml:1020
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1025 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1004
+#: sssd.conf.5.xml:1028
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1012
+#: sssd.conf.5.xml:1036
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1038
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1043
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1022
+#: sssd.conf.5.xml:1046
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027 sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1051 sssd.conf.5.xml:1064
 msgid "Default: 0 (No limit)"
 msgstr "Пешфарз: 0 (Номаҳдуд)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1057
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1060
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1070
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1073
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1078
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1401,122 +1423,122 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1084 sssd.conf.5.xml:1182
 msgid "Default: 5"
 msgstr "Пешфарз: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1090
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1093
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1098
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1101
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1104
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1108
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1111
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.8.xml:63
+#: sssd.conf.5.xml:1115 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Пешфарз: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1121
 msgid "pam_response_filter (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1124
 msgid ""
-"A comma separated list of strings which allows to remove (filter) data send "
+"A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
-"responses send to pam_sss e.g. messages displayed to the user or environment "
+"responses sent to pam_sss e.g. messages displayed to the user or environment "
 "variables which should be set by pam_sss."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1132
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1139
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1116
-msgid "Do not sent any environment variables to any service."
+#: sssd.conf.5.xml:1140
+msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1143
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
-msgid "Do not sent environment variable var_name to any service."
+#: sssd.conf.5.xml:1144
+msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1148
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1125
-msgid "Do not sent environment variable var_name to service."
+#: sssd.conf.5.xml:1149
+msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1137
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1159
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1165
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1168
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1524,7 +1546,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1174
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1533,17 +1555,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1188
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1167 sssd.conf.5.xml:1866
+#: sssd.conf.5.xml:1191 sssd.conf.5.xml:2010
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1194
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1551,26 +1573,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1869
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2013
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1205
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1227
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1206
+#: sssd.conf.5.xml:1230
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1580,74 +1602,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1240
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1220
+#: sssd.conf.5.xml:1244
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1251
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1254
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1258
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1238
+#: sssd.conf.5.xml:1262
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1242
+#: sssd.conf.5.xml:1266
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1246 sssd.conf.5.xml:1271 sssd.conf.5.xml:1290
-#: sssd.conf.5.xml:1663 sssd.conf.5.xml:2577 sssd-ldap.5.xml:1823
+#: sssd.conf.5.xml:1270 sssd.conf.5.xml:1295 sssd.conf.5.xml:1314
+#: sssd.conf.5.xml:1807 sssd.conf.5.xml:2751 sssd-ldap.5.xml:1850
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1275
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1254
+#: sssd.conf.5.xml:1278
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1283
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:1291
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1655,19 +1677,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1276
+#: sssd.conf.5.xml:1300
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1303
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1310
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1675,12 +1697,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1319
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1322
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1688,58 +1710,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1304 sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1078
-#: sssd-ldap.5.xml:1369 sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1896
+#: sssd.conf.5.xml:1328 sssd-ldap.5.xml:1078 sssd-ldap.5.xml:1105
+#: sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1417 sssd-ldap.5.xml:1923
 #: include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1309
+#: sssd.conf.5.xml:1333
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1312
+#: sssd.conf.5.xml:1336
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1340
 msgid "Default: /etc/pki/nssdb (NSS version)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1345
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1348
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1357
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1360
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1349
+#: sssd.conf.5.xml:1373
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1351
+#: sssd.conf.5.xml:1375
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1750,34 +1772,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1392
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1371
+#: sssd.conf.5.xml:1395
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1407
+msgid "sudo_threshold (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1410
+msgid ""
+"Maximum number of expired rules that can be refreshed at once. If number of "
+"expired rules is below threshold, those rules are refreshed with "
+"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
+"<quote>full refresh</quote> of sudo rules is triggered instead. This "
+"threshold number also applies to IPA sudo command and command group searches."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1429
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1431
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1390
+#: sssd.conf.5.xml:1435
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1393
+#: sssd.conf.5.xml:1438
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1785,70 +1822,68 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1409
+#: sssd.conf.5.xml:1454
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1411
+#: sssd.conf.5.xml:1456
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1415
+#: sssd.conf.5.xml:1460
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1463
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1427
+#: sssd.conf.5.xml:1472
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430
+#: sssd.conf.5.xml:1475
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1434
+#: sssd.conf.5.xml:1479
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1484
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1487
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1447
-#, fuzzy
-#| msgid "Default: /bin/sh"
+#: sssd.conf.5.xml:1492
 msgid "Default: /etc/pki/nssdb"
-msgstr "Пешфарз: /bin/sh"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1455
+#: sssd.conf.5.xml:1500
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1457
+#: sssd.conf.5.xml:1502
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1859,7 +1894,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1466
+#: sssd.conf.5.xml:1511
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1870,24 +1905,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1519
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1525
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1484 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1529 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1487
+#: sssd.conf.5.xml:1532
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1895,12 +1930,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1538
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1497
+#: sssd.conf.5.xml:1542
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -1909,29 +1944,144 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
+#: sssd.conf.5.xml:1551
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1554
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1567
+msgid "Session recording configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1569
+msgid ""
+"Session recording works in conjunction with <citerefentry> "
+"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>, a part of tlog package, to log what users see and type when "
+"they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
+"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1582
+msgid "These options can be used to configure session recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1586 sssd-session-recording.5.xml:64
+msgid "scope (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:71
+msgid "\"none\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:74
+msgid "No users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1601 sssd-session-recording.5.xml:79
+msgid "\"some\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1604 sssd-session-recording.5.xml:82
+msgid ""
+"Users/groups specified by <replaceable>users</replaceable> and "
+"<replaceable>groups</replaceable> options are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1613 sssd-session-recording.5.xml:91
+msgid "\"all\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1616 sssd-session-recording.5.xml:94
+msgid "All users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1589 sssd-session-recording.5.xml:67
+msgid ""
+"One of the following strings specifying the scope of session recording: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:101
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: \"none\""
+msgstr "Пешфарз: 3"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1628 sssd-session-recording.5.xml:106
+msgid "users (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1631 sssd-session-recording.5.xml:109
+msgid ""
+"A comma-separated list of users which should have session recording enabled. "
+"Matches user names as returned by NSS. I.e. after the possible space "
+"replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1637 sssd-session-recording.5.xml:115
+msgid "Default: Empty. Matches no users."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1642 sssd-session-recording.5.xml:120
+msgid "groups (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1645 sssd-session-recording.5.xml:123
+msgid ""
+"A comma-separated list of groups, members of which should have session "
+"recording enabled. Matches group names as returned by NSS. I.e. after the "
+"possible space replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1651 sssd-session-recording.5.xml:129
+msgid ""
+"NOTE: using this option (having it set to anything) has a considerable "
+"performance cost, because each uncached request for a user requires "
+"retrieving and matching the groups the user is member of."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:136
+msgid "Default: Empty. Matches no groups."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1668
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1531
+#: sssd.conf.5.xml:1675
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1534
+#: sssd.conf.5.xml:1678
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -1940,14 +2090,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1542
+#: sssd.conf.5.xml:1686
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546
+#: sssd.conf.5.xml:1690
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -1956,40 +2106,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1698
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1702
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1562
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd.conf.5.xml:1706
 msgid "Default: posix"
-msgstr "Пешфарз: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1568
+#: sssd.conf.5.xml:1712
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1715
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1720
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1998,46 +2146,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1727
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1731
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1737
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596
+#: sssd.conf.5.xml:1740
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1744
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603
+#: sssd.conf.5.xml:1747
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1821 sssd.conf.5.xml:1988
+#: sssd.conf.5.xml:1750 sssd.conf.5.xml:1965 sssd.conf.5.xml:2132
 msgid "Default: FALSE"
 msgstr "Пешфарз: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1609
+#: sssd.conf.5.xml:1753
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2049,14 +2197,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1766
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1771
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2065,39 +2213,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:1779
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1643
+#: sssd.conf.5.xml:1787
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1650
+#: sssd.conf.5.xml:1794
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1651
+#: sssd.conf.5.xml:1795
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1798
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1799
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1790
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2106,19 +2254,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1813
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672
+#: sssd.conf.5.xml:1816
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1820
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2129,151 +2277,151 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1689
+#: sssd.conf.5.xml:1833
 msgid "Default: 5400"
 msgstr "Пешфарз: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1695
+#: sssd.conf.5.xml:1839
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1698
+#: sssd.conf.5.xml:1842
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1702 sssd.conf.5.xml:1715 sssd.conf.5.xml:1728
-#: sssd.conf.5.xml:1741 sssd.conf.5.xml:1754 sssd.conf.5.xml:1768
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1846 sssd.conf.5.xml:1859 sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1885 sssd.conf.5.xml:1898 sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1926
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1708
+#: sssd.conf.5.xml:1852
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1711
+#: sssd.conf.5.xml:1855
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1721
+#: sssd.conf.5.xml:1865
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1868
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1878
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1881
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1891
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1750
+#: sssd.conf.5.xml:1894
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1760
+#: sssd.conf.5.xml:1904
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1763
+#: sssd.conf.5.xml:1907
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1774
+#: sssd.conf.5.xml:1918
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1921
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1932
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1791
+#: sssd.conf.5.xml:1935
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1796
+#: sssd.conf.5.xml:1940
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1944
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1804 sssd-ldap.5.xml:746 sssd-ipa.5.xml:247
+#: sssd.conf.5.xml:1948 sssd-ldap.5.xml:746 sssd-ipa.5.xml:248
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1810
+#: sssd.conf.5.xml:1954
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1957
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1961
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1827
+#: sssd.conf.5.xml:1971
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1830
+#: sssd.conf.5.xml:1974
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2281,24 +2429,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1981
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1986
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1992
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1995
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2307,17 +2455,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1858
+#: sssd.conf.5.xml:2002
 msgid "Default: 0 (unlimited)"
 msgstr "Пешфарз: 0 (номаҳдуд)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:2007
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1874
+#: sssd.conf.5.xml:2018
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2326,33 +2474,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1881
+#: sssd.conf.5.xml:2025
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:2031
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2034
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1894
+#: sssd.conf.5.xml:2038
 msgid "<quote>proxy</quote>: Support a legacy NSS provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897 sssd.conf.5.xml:2034
+#: sssd.conf.5.xml:2041 sssd.conf.5.xml:2178
 msgid "<quote>local</quote>: SSSD internal provider for local users"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:2045
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2360,8 +2508,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1909 sssd.conf.5.xml:2014 sssd.conf.5.xml:2069
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2053 sssd.conf.5.xml:2158 sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2370,8 +2518,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1918 sssd.conf.5.xml:2023 sssd.conf.5.xml:2078
-#: sssd.conf.5.xml:2141
+#: sssd.conf.5.xml:2062 sssd.conf.5.xml:2167 sssd.conf.5.xml:2222
+#: sssd.conf.5.xml:2285
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2379,19 +2527,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2073
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:2076
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2081
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2400,7 +2548,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1945
+#: sssd.conf.5.xml:2089
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2408,22 +2556,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1952
+#: sssd.conf.5.xml:2096
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2102
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1961
+#: sssd.conf.5.xml:2105
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2108
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2435,7 +2583,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1982
+#: sssd.conf.5.xml:2126
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2443,19 +2591,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1993
+#: sssd.conf.5.xml:2137
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1996
+#: sssd.conf.5.xml:2140
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000 sssd.conf.5.xml:2062
+#: sssd.conf.5.xml:2144 sssd.conf.5.xml:2206
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2463,7 +2611,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2007
+#: sssd.conf.5.xml:2151
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2471,30 +2619,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2175
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2182
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2041
+#: sssd.conf.5.xml:2185
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2191
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2194
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2502,19 +2650,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
+#: sssd.conf.5.xml:2200
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059
+#: sssd.conf.5.xml:2203
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2086
+#: sssd.conf.5.xml:2230
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2523,7 +2671,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2093
+#: sssd.conf.5.xml:2237
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -2531,29 +2679,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2244
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2247
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2108
+#: sssd.conf.5.xml:2252
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2111
+#: sssd.conf.5.xml:2255
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2116
+#: sssd.conf.5.xml:2260
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2561,7 +2709,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2124
+#: sssd.conf.5.xml:2268
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2569,35 +2717,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2149
+#: sssd.conf.5.xml:2293
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2153
+#: sssd.conf.5.xml:2297
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2300
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2163
+#: sssd.conf.5.xml:2307
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2166
+#: sssd.conf.5.xml:2310
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2314
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2605,32 +2753,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2178
+#: sssd.conf.5.xml:2322
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2326
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2186
+#: sssd.conf.5.xml:2330
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189 sssd.conf.5.xml:2267 sssd.conf.5.xml:2308
-#: sssd.conf.5.xml:2333
+#: sssd.conf.5.xml:2333 sssd.conf.5.xml:2411 sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2501
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2337
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2641,12 +2789,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2210
+#: sssd.conf.5.xml:2354
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2357
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -2654,7 +2802,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2219
+#: sssd.conf.5.xml:2363
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2662,31 +2810,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2227
+#: sssd.conf.5.xml:2371
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2230
+#: sssd.conf.5.xml:2374
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2380
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2383
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2245
+#: sssd.conf.5.xml:2389
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2694,7 +2842,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2254
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2703,23 +2851,54 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2263
+#: sssd.conf.5.xml:2407
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2417
+msgid "session_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2420
+msgid ""
+"The provider which configures and manages user session related tasks. The "
+"only user session task currently provided is the integration with Fleet "
+"Commander, which works only with IPA.  Supported session providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2427
+msgid "<quote>ipa</quote> to allow performing user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2431
+msgid ""
+"<quote>none</quote> does not perform any kind of user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2435
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can perform "
+"session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2442
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2445
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2449
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2727,7 +2906,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2288
+#: sssd.conf.5.xml:2456
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2735,7 +2914,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2296
+#: sssd.conf.5.xml:2464
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2743,24 +2922,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2305
+#: sssd.conf.5.xml:2473
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2483
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2486
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2322
+#: sssd.conf.5.xml:2490
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2768,12 +2947,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2330
+#: sssd.conf.5.xml:2498
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2343
+#: sssd.conf.5.xml:2511
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -2783,7 +2962,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2520
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2792,29 +2971,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2525
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2528
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2363
+#: sssd.conf.5.xml:2531
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2366
+#: sssd.conf.5.xml:2534
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2371
+#: sssd.conf.5.xml:2539
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2822,7 +3001,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2377
+#: sssd.conf.5.xml:2545
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2830,137 +3009,145 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2384
+#: sssd.conf.5.xml:2552
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2431
+#: sssd.conf.5.xml:2599
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2437
+#: sssd.conf.5.xml:2605
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2440
+#: sssd.conf.5.xml:2608
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2444
+#: sssd.conf.5.xml:2612
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2447
+#: sssd.conf.5.xml:2615
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2450
+#: sssd.conf.5.xml:2618
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2621
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2456
+#: sssd.conf.5.xml:2624
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2459
+#: sssd.conf.5.xml:2627
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2633
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2468
+#: sssd.conf.5.xml:2636
+msgid ""
+"Defines the amount of time (in seconds) to wait for a reply from the "
+"internal fail over service before assuming that the service is unreachable. "
+"If this timeout is reached, the domain will continue to operate in offline "
+"mode."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2643
 msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
+"Please see the section <quote>FAILOVER</quote> for more information about "
+"the service resolution."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2474 sssd-ldap.5.xml:1251 sssd-ldap.5.xml:1293
-#: sssd-ldap.5.xml:1311 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2648 sssd-ldap.5.xml:1278 sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1338 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr "Пешфарз: 6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2654
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2483
+#: sssd.conf.5.xml:2657
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2661
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2493
+#: sssd.conf.5.xml:2667
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2496
+#: sssd.conf.5.xml:2670
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2502
+#: sssd.conf.5.xml:2676
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2510
+#: sssd.conf.5.xml:2684
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2513
+#: sssd.conf.5.xml:2687
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2519
+#: sssd.conf.5.xml:2693
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2695
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2525
+#: sssd.conf.5.xml:2699
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2528
+#: sssd.conf.5.xml:2702
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -2968,7 +3155,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2505
+#: sssd.conf.5.xml:2679
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -2976,17 +3163,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2540
+#: sssd.conf.5.xml:2714
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2546
+#: sssd.conf.5.xml:2720
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2549
+#: sssd.conf.5.xml:2723
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -2994,34 +3181,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2729
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2558
+#: sssd.conf.5.xml:2732
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2561 sssd-ldap.5.xml:1084
+#: sssd.conf.5.xml:2735 sssd-ldap.5.xml:1111
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2564
+#: sssd.conf.5.xml:2738
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2567
+#: sssd.conf.5.xml:2741
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2573
+#: sssd.conf.5.xml:2747
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3029,32 +3216,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2571 sssd-secrets.5.xml:381
+#: sssd.conf.5.xml:2745 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2580
+#: sssd.conf.5.xml:2754
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2587
+#: sssd.conf.5.xml:2761
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2772
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2599
+#: sssd.conf.5.xml:2773
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2764
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3064,34 +3251,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:2778
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:2782
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2613
+#: sssd.conf.5.xml:2787
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2616
+#: sssd.conf.5.xml:2790
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2622
+#: sssd.conf.5.xml:2796
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2625
+#: sssd.conf.5.xml:2799
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3099,12 +3286,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2805
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2635
+#: sssd.conf.5.xml:2809
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3112,7 +3299,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1670
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3120,29 +3307,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2653
+#: sssd.conf.5.xml:2827
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2656
+#: sssd.conf.5.xml:2830
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2659
+#: sssd.conf.5.xml:2833
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2841
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2670
+#: sssd.conf.5.xml:2844
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3150,12 +3337,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2680
+#: sssd.conf.5.xml:2854
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2683
+#: sssd.conf.5.xml:2857
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3164,12 +3351,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2697
+#: sssd.conf.5.xml:2871
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2700
+#: sssd.conf.5.xml:2874
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3177,19 +3364,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2823
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2890
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2892
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3206,7 +3393,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2738
+#: sssd.conf.5.xml:2912
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3214,17 +3401,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2744
+#: sssd.conf.5.xml:2918
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2746
+#: sssd.conf.5.xml:2920
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2749
+#: sssd.conf.5.xml:2923
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3233,18 +3420,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2937
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
-"through the NSS responder. In addition, the application domains also "
-"requests the telephoneNumber attribute, stores it as the phone attribute in "
-"the cache and makes the phone attribute reachable through the D-Bus "
-"interface."
+"through the NSS responder. In addition, the application domain also requests "
+"the telephoneNumber attribute, stores it as the phone attribute in the cache "
+"and makes the phone attribute reachable through the D-Bus interface."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:2771
+#: sssd.conf.5.xml:2945
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3264,12 +3450,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2963
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2791
+#: sssd.conf.5.xml:2965
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3277,73 +3463,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2798
+#: sssd.conf.5.xml:2972
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2975
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2805
+#: sssd.conf.5.xml:2979
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2810
+#: sssd.conf.5.xml:2984
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2987
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2992
 msgid "Default: <filename>/home</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2823
+#: sssd.conf.5.xml:2997
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:3000
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830 sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:3004 sssd.conf.5.xml:3016
 msgid "Default: TRUE"
 msgstr "Пешфарз: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2835
+#: sssd.conf.5.xml:3009
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2838
+#: sssd.conf.5.xml:3012
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2847
+#: sssd.conf.5.xml:3021
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2850
+#: sssd.conf.5.xml:3024
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3351,17 +3537,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2858
+#: sssd.conf.5.xml:3032
 msgid "Default: 077"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:3037
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2866
+#: sssd.conf.5.xml:3040
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3370,17 +3556,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2876
+#: sssd.conf.5.xml:3050
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2881
+#: sssd.conf.5.xml:3055
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2884
+#: sssd.conf.5.xml:3058
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3388,17 +3574,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2891
+#: sssd.conf.5.xml:3065
 msgid "Default: <filename>/var/mail</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:3070
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2899
+#: sssd.conf.5.xml:3073
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3406,86 +3592,85 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2905
+#: sssd.conf.5.xml:3079
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2915
+#: sssd.conf.5.xml:3089
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:3091
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
 "<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
-"replaceable>]</quote>.  Currently supported options in the trusted domain "
-"section are:"
+"replaceable>]</quote>.  Where DOMAIN_NAME is the actual joined-to base "
+"domain. Please refer to examples below for explanation.  Currently supported "
+"options in the trusted domain section are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2922
+#: sssd.conf.5.xml:3098
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:3099
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2924
+#: sssd.conf.5.xml:3100
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2925
+#: sssd.conf.5.xml:3101
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:3102
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2927
+#: sssd.conf.5.xml:3103
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2928
+#: sssd.conf.5.xml:3104
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2929
+#: sssd.conf.5.xml:3105
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2930
+#: sssd.conf.5.xml:3106
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2932
+#: sssd.conf.5.xml:3108
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2938 sssd-ldap.5.xml:2662 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:673 sssd-ad.5.xml:1018 sssd-krb5.5.xml:570
-#: sss_rpcidmapd.5.xml:98 sssd-files.5.xml:71
-msgid "EXAMPLE"
-msgstr "НАМУНА"
+#: sssd.conf.5.xml:3114 idmap_sss.8.xml:43
+msgid "EXAMPLES"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2944
+#: sssd.conf.5.xml:3120
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3515,14 +3700,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2940
+#: sssd.conf.5.xml:3116
 msgid ""
-"The following example shows a typical SSSD config. It does not describe "
+"1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 "id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:3153
+#, no-wrap
+msgid ""
+"[domain/ipa.com/child.ad.com]\n"
+"use_fully_qualified_names = false\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3147
+msgid ""
+"2. The following example shows configuration of IPA AD trust where the AD "
+"forest consists of two domains in a parent-child structure.  Suppose IPA "
+"domain (ipa.com) has trust with AD domain(ad.com).  ad.com has child domain "
+"(child.ad.com). To enable shortnames in the child domain the following "
+"configuration should be used.  <placeholder type=\"programlisting\" id=\"0\"/"
+">"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
 msgid "sssd-ldap"
@@ -3563,7 +3767,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:75 sssd-ad.5.xml:99
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
-#: sssd-secrets.5.xml:94 sssd-kcm.8.xml:141
+#: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
 msgstr ""
 
@@ -3583,7 +3787,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:197
+#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:264
 msgid "The format of the URI must match the format defined in RFC 2732:"
 msgstr ""
 
@@ -3863,7 +4067,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:893
+#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:920
 msgid "Default: gidNumber"
 msgstr ""
 
@@ -3941,7 +4145,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:919
+#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:946
 msgid ""
 "Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
 "IPA"
@@ -3960,7 +4164,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:961
 msgid "Default: objectSid for ActiveDirectory, not set for other servers."
 msgstr ""
 
@@ -3970,14 +4174,14 @@ msgid "ldap_user_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:944 sssd-ldap.5.xml:1167
+#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:971 sssd-ldap.5.xml:1194
 msgid ""
 "The LDAP attribute that contains timestamp of the last modification of the "
 "parent object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:948 sssd-ldap.5.xml:1174
+#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:975 sssd-ldap.5.xml:1201
 msgid "Default: modifyTimestamp"
 msgstr ""
 
@@ -4372,8 +4576,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1199
-#: sssd-ldap.5.xml:2240 sssd-ipa.5.xml:544
+#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1152 sssd-ldap.5.xml:1226
+#: sssd-ldap.5.xml:2276 sssd-ipa.5.xml:588
 msgid "Default: cn"
 msgstr ""
 
@@ -4460,132 +4664,165 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:833
-msgid "ldap_user_certificate (string)"
+msgid "ldap_user_authorized_rhost (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:836
+msgid ""
+"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
+"presence of the rhost attribute in the user's LDAP entry to determine access "
+"privilege. Similarly to host verification process."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:843
+msgid ""
+"An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
+"explicit allow (rhost) and finally for allow_all (*)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:848
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>rhost</quote> in order for the "
+"ldap_user_authorized_rhost option to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:855
+#, fuzzy
+#| msgid "Default: root"
+msgid "Default: rhost"
+msgstr "Пешфарз: root"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:861
+msgid "ldap_user_certificate (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
 msgid "Name of the LDAP attribute containing the X509 certificate of the user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:840
-msgid "Default: no set in the general case, userCertificate;binary for IPA"
+#: sssd-ldap.5.xml:868
+msgid "Default: userCertificate;binary"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:847
+#: sssd-ldap.5.xml:874
 msgid "ldap_user_email (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:850
+#: sssd-ldap.5.xml:877
 msgid "Name of the LDAP attribute containing the email address of the user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-#, fuzzy
-#| msgid "Default: false"
+#: sssd-ldap.5.xml:881
 msgid "Default: mail"
-msgstr "Пешфарз: false"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:860
+#: sssd-ldap.5.xml:887
 msgid "ldap_group_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:890
 msgid "The object class of a group entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:893
 msgid "Default: posixGroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:872
+#: sssd-ldap.5.xml:899
 msgid "ldap_group_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:875
+#: sssd-ldap.5.xml:902
 msgid "The LDAP attribute that corresponds to the group name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:879
+#: sssd-ldap.5.xml:906
 msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:886
+#: sssd-ldap.5.xml:913
 msgid "ldap_group_gid_number (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:916
 msgid "The LDAP attribute that corresponds to the group's id."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:926
 msgid "ldap_group_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:902
+#: sssd-ldap.5.xml:929
 msgid "The LDAP attribute that contains the names of the group's members."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:933
 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:939
 msgid "ldap_group_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:942
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:953
 msgid "ldap_group_objectsid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:929
+#: sssd-ldap.5.xml:956
 msgid ""
 "The LDAP attribute that contains the objectSID of an LDAP group object. This "
 "is usually only necessary for ActiveDirectory servers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:968
 msgid "ldap_group_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:981
 msgid "ldap_group_type (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:957
+#: sssd-ldap.5.xml:984
 msgid ""
 "The LDAP attribute that contains an integer value indicating the type of the "
 "group and maybe other flags."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:962
+#: sssd-ldap.5.xml:989
 msgid ""
 "This attribute is currently only used by the AD provider to determine if a "
 "group is a domain local groups and has to be filtered out for trusted "
@@ -4593,34 +4830,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:968
+#: sssd-ldap.5.xml:995
 msgid "Default: groupType in the AD provider, otherwise not set"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:975
+#: sssd-ldap.5.xml:1002
 msgid "ldap_group_external_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:978
+#: sssd-ldap.5.xml:1005
 msgid ""
 "The LDAP attribute that references group members that are defined in an "
 "external domain. At the moment, only IPA's external members are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:1011
 msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1018
 msgid "ldap_group_nesting_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1021
 msgid ""
 "If ldap_schema is set to a schema format that supports nested groups (e.g. "
 "RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -4628,7 +4865,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
+#: sssd-ldap.5.xml:1028
 msgid ""
 "Note: This option specifies the guaranteed level of nested groups to be "
 "processed for any lookup. However, nested groups beyond this limit "
@@ -4638,7 +4875,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1037
 msgid ""
 "If ldap_group_nesting_level is set to 0 then no nested groups are processed "
 "at all. However, when connected to Active-Directory Server 2008 and later "
@@ -4648,17 +4885,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1046
 msgid "Default: 2"
 msgstr "Пешфарз: 2"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1025
+#: sssd-ldap.5.xml:1052
 msgid "ldap_groups_use_matching_rule_in_chain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1028
+#: sssd-ldap.5.xml:1055
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which may speed up group lookup operations on deployments with "
@@ -4666,14 +4903,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1034
+#: sssd-ldap.5.xml:1061
 msgid ""
 "In most common cases, it is best to leave this option disabled. It generally "
 "only provides a performance increase on very complex nestings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039 sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1093
 msgid ""
 "If this option is enabled, SSSD will use it if it detects that the server "
 "supports it during initial connection. So \"True\" here essentially means "
@@ -4681,7 +4918,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1072
+#: sssd-ldap.5.xml:1072 sssd-ldap.5.xml:1099
 msgid ""
 "Note: This feature is currently known to work only with Active Directory "
 "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4690,12 +4927,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1057
+#: sssd-ldap.5.xml:1084
 msgid "ldap_initgroups_use_matching_rule_in_chain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1087
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which might speed up initgroups operations (most notably when "
@@ -4703,168 +4940,168 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1114
 msgid ""
 "This options enables or disables use of Token-Groups attribute when "
 "performing initgroup for users from Active Directory Server 2008 and later."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1092
+#: sssd-ldap.5.xml:1119
 msgid "Default: True for AD and IPA otherwise False."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1125
 msgid "ldap_netgroup_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1101
+#: sssd-ldap.5.xml:1128
 msgid "The object class of a netgroup entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1104
+#: sssd-ldap.5.xml:1131
 msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1108
+#: sssd-ldap.5.xml:1135
 msgid "Default: nisNetgroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1114
+#: sssd-ldap.5.xml:1141
 msgid "ldap_netgroup_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1117
+#: sssd-ldap.5.xml:1144
 msgid "The LDAP attribute that corresponds to the netgroup name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1121
+#: sssd-ldap.5.xml:1148
 msgid "In IPA provider, ipa_netgroup_name should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1131
+#: sssd-ldap.5.xml:1158
 msgid "ldap_netgroup_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1134
+#: sssd-ldap.5.xml:1161
 msgid "The LDAP attribute that contains the names of the netgroup's members."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1165
 msgid "In IPA provider, ipa_netgroup_member should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1142
+#: sssd-ldap.5.xml:1169
 msgid "Default: memberNisNetgroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1175
 msgid "ldap_netgroup_triple (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1178
 msgid ""
 "The LDAP attribute that contains the (host, user, domain) netgroup triples."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1155 sssd-ldap.5.xml:1171
+#: sssd-ldap.5.xml:1182 sssd-ldap.5.xml:1198
 msgid "This option is not available in IPA provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1158
+#: sssd-ldap.5.xml:1185
 msgid "Default: nisNetgroupTriple"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1191
 msgid "ldap_netgroup_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1207
 msgid "ldap_service_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1210
 msgid "The object class of a service entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1186
+#: sssd-ldap.5.xml:1213
 msgid "Default: ipService"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1192
+#: sssd-ldap.5.xml:1219
 msgid "ldap_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1195
+#: sssd-ldap.5.xml:1222
 msgid ""
 "The LDAP attribute that contains the name of service attributes and their "
 "aliases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1205
+#: sssd-ldap.5.xml:1232
 msgid "ldap_service_port (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1235
 msgid "The LDAP attribute that contains the port managed by this service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1239
 msgid "Default: ipServicePort"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1245
 msgid "ldap_service_proto (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1248
 msgid ""
 "The LDAP attribute that contains the protocols understood by this service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1252
 msgid "Default: ipServiceProtocol"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1231
+#: sssd-ldap.5.xml:1258
 msgid "ldap_service_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1236
+#: sssd-ldap.5.xml:1263
 msgid "ldap_search_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1266
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches are allowed to run "
 "before they are cancelled and cached results are returned (and offline mode "
@@ -4872,7 +5109,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1245
+#: sssd-ldap.5.xml:1272
 msgid ""
 "Note: this option is subject to change in future versions of the SSSD. It "
 "will likely be replaced at some point by a series of timeouts for specific "
@@ -4880,12 +5117,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1257
+#: sssd-ldap.5.xml:1284
 msgid "ldap_enumeration_search_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1260
+#: sssd-ldap.5.xml:1287
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches for user and group "
 "enumerations are allowed to run before they are cancelled and cached results "
@@ -4893,12 +5130,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1273
+#: sssd-ldap.5.xml:1300
 msgid "ldap_network_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1303
 msgid ""
 "Specifies the timeout (in seconds) after which the <citerefentry> "
 "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4909,12 +5146,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1326
 msgid "ldap_opt_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1329
 msgid ""
 "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
 "will abort if no response is received. Also controls the timeout when "
@@ -4923,12 +5160,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1344
 msgid "ldap_connection_expire_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1347
 msgid ""
 "Specifies a timeout (in seconds) that a connection to an LDAP server will be "
 "maintained. After this time, the connection will be re-established. If used "
@@ -4937,34 +5174,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1328 sssd-ldap.5.xml:2397
+#: sssd-ldap.5.xml:1355 sssd-ldap.5.xml:2433
 msgid "Default: 900 (15 minutes)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1361
 msgid "ldap_page_size (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1364
 msgid ""
 "Specify the number of records to retrieve from LDAP in a single request. "
 "Some LDAP servers enforce a maximum limit per-request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1342
+#: sssd-ldap.5.xml:1369
 msgid "Default: 1000"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1375
 msgid "ldap_disable_paging (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1378
 msgid ""
 "Disable the LDAP paging control. This option should be used if the LDAP "
 "server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4972,14 +5209,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1384
 msgid ""
 "Example: OpenLDAP servers with the paging control module installed on the "
 "server but not enabled will report it in the RootDSE but be unable to use it."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1363
+#: sssd-ldap.5.xml:1390
 msgid ""
 "Example: 389 DS has a bug where it can only support a one paging control at "
 "a time on a single connection. On busy clients, this can result in some "
@@ -4987,17 +5224,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1375
+#: sssd-ldap.5.xml:1402
 msgid "ldap_disable_range_retrieval (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1378
+#: sssd-ldap.5.xml:1405
 msgid "Disable Active Directory range retrieval."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1381
+#: sssd-ldap.5.xml:1408
 msgid ""
 "Active Directory limits the number of members to be retrieved in a single "
 "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -5007,12 +5244,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1396
+#: sssd-ldap.5.xml:1423
 msgid "ldap_sasl_minssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1426
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -5020,17 +5257,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1432
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1439
 msgid "ldap_deref_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1415
+#: sssd-ldap.5.xml:1442
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -5038,13 +5275,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1448
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1452
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -5053,7 +5290,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1433
+#: sssd-ldap.5.xml:1460
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -5061,26 +5298,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1473
 msgid "ldap_tls_reqcert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1449
+#: sssd-ldap.5.xml:1476
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1482
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1486
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5088,7 +5325,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466
+#: sssd-ldap.5.xml:1493
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5096,7 +5333,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1472
+#: sssd-ldap.5.xml:1499
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -5104,41 +5341,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1478
+#: sssd-ldap.5.xml:1505
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1509
 msgid "Default: hard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1515
 msgid "ldap_tls_cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1518
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1496 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1523 sssd-ldap.5.xml:1541 sssd-ldap.5.xml:1582
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1530
 msgid "ldap_tls_cacertdir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1533
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -5147,32 +5384,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1548
 msgid "ldap_tls_cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1524
+#: sssd-ldap.5.xml:1551
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1534
+#: sssd-ldap.5.xml:1561
 msgid "ldap_tls_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1564
 msgid "Specifies the file that contains the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1573
 msgid "ldap_tls_cipher_suite (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1576
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -5180,24 +5417,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1589
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1565
+#: sssd-ldap.5.xml:1592
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem class="
 "\"protocol\">tls</systemitem> to protect the channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1602
 msgid "ldap_id_mapping (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1605
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -5205,17 +5442,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1584
+#: sssd-ldap.5.xml:1611
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1621
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1624
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -5226,29 +5463,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1636
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1642
 msgid "ldap_sasl_mech (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1645
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
 "supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1655
 msgid "ldap_sasl_authid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1658
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI is used, this "
 "represents the Kerberos principal used for authentication to the directory.  "
@@ -5257,17 +5494,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1666
 msgid "Default: host/hostname@REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1672
 msgid "ldap_sasl_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1648
+#: sssd-ldap.5.xml:1675
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -5275,49 +5512,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1681
 msgid "Default: the value of krb5_realm."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1687
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1663
+#: sssd-ldap.5.xml:1690
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1668
+#: sssd-ldap.5.xml:1695
 msgid "Default: false;"
 msgstr "Пешфарз: false;"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1701
 msgid "ldap_krb5_keytab (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1677
+#: sssd-ldap.5.xml:1704
 msgid "Specify the keytab to use when using SASL/GSSAPI."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1680
+#: sssd-ldap.5.xml:1707
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1686
+#: sssd-ldap.5.xml:1713
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1689
+#: sssd-ldap.5.xml:1716
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -5325,27 +5562,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1728
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1704
+#: sssd-ldap.5.xml:1731
 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1708 sssd-ad.5.xml:914
+#: sssd-ldap.5.xml:1735 sssd-ad.5.xml:914
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1714 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1741 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1717
+#: sssd-ldap.5.xml:1744
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -5357,7 +5594,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1756 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -5365,7 +5602,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1761 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -5373,39 +5610,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1743 sssd-ipa.5.xml:418 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1770 sssd-ipa.5.xml:432 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1746
+#: sssd-ldap.5.xml:1773
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1749
+#: sssd-ldap.5.xml:1776
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1755 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1782 sssd-krb5.5.xml:462
 msgid "krb5_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1785
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1770 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1797 sssd-krb5.5.xml:477
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1773 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1800 sssd-krb5.5.xml:480
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -5415,7 +5652,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1811 sssd-krb5.5.xml:491
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -5423,26 +5660,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1825
 msgid "ldap_pwd_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1828
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1806
+#: sssd-ldap.5.xml:1833
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1811
+#: sssd-ldap.5.xml:1838
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -5450,7 +5687,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1817
+#: sssd-ldap.5.xml:1844
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5458,31 +5695,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1826
+#: sssd-ldap.5.xml:1853
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1861
 msgid "ldap_referrals (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1864
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1868
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1873
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5491,56 +5728,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1887
 msgid "ldap_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1890
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1894
 msgid "Default: ldap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1900
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1876
+#: sssd-ldap.5.xml:1903
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1881
+#: sssd-ldap.5.xml:1908
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1887
+#: sssd-ldap.5.xml:1914
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1890
+#: sssd-ldap.5.xml:1917
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1902
+#: sssd-ldap.5.xml:1929
 msgid "ldap_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1932
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -5556,12 +5793,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1952
 msgid "Example:"
 msgstr "Намуна:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1928
+#: sssd-ldap.5.xml:1955
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -5570,14 +5807,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1959
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1964
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -5586,24 +5823,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1945 sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:1972 sssd-ldap.5.xml:2029
 msgid "Default: Empty"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1951
+#: sssd-ldap.5.xml:1978
 msgid "ldap_account_expire_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1981
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1958
+#: sssd-ldap.5.xml:1985
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5611,19 +5848,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1965
+#: sssd-ldap.5.xml:1992
 msgid "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1995
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1973
+#: sssd-ldap.5.xml:2000
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5632,7 +5869,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:2007
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5640,7 +5877,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1986
+#: sssd-ldap.5.xml:2013
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5649,7 +5886,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2022
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -5657,22 +5894,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2035
 msgid "ldap_access_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2011
+#: sssd-ldap.5.xml:2038
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2042
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2045
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5682,14 +5919,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2028
+#: sssd-ldap.5.xml:2055
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2062
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5702,12 +5939,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2052
+#: sssd-ldap.5.xml:2079
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2056
+#: sssd-ldap.5.xml:2083
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5717,7 +5954,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2093
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5727,49 +5964,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2101
 msgid ""
 "Note If user password is expired no explicit message is prompted by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2105
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2083
+#: sssd-ldap.5.xml:2110
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2115
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2092
+#: sssd-ldap.5.xml:2119
+msgid ""
+"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
+"remote host can access"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2123
+msgid ""
+"Please note, rhost field in pam is set by application, it is better to check "
+"what the application sends to pam, before enabling this access control option"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2128
 msgid "Default: filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2095
+#: sssd-ldap.5.xml:2131
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2102
+#: sssd-ldap.5.xml:2138
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2105
+#: sssd-ldap.5.xml:2141
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -5778,74 +6029,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2113
+#: sssd-ldap.5.xml:2149
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2152
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2122
+#: sssd-ldap.5.xml:2158
 msgid "ldap_deref (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2125
+#: sssd-ldap.5.xml:2161
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2130
+#: sssd-ldap.5.xml:2166
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2134
+#: sssd-ldap.5.xml:2170
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2139
+#: sssd-ldap.5.xml:2175
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2144
+#: sssd-ldap.5.xml:2180
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2149
+#: sssd-ldap.5.xml:2185
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2157
+#: sssd-ldap.5.xml:2193
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2196
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2200
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -5856,7 +6107,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2175
+#: sssd-ldap.5.xml:2211
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -5864,24 +6115,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187 sssd-ifp.5.xml:136
-msgid "wildcart_limit (integer)"
+#: sssd-ldap.5.xml:2223 sssd-ifp.5.xml:136
+msgid "wildcard_limit (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2226
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2194
+#: sssd-ldap.5.xml:2230
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2234
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
@@ -5896,12 +6147,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2244
 msgid "SUDO OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2210
+#: sssd-ldap.5.xml:2246
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5909,208 +6160,208 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2221
+#: sssd-ldap.5.xml:2257
 msgid "ldap_sudorule_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2260
 msgid "The object class of a sudo rule entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2227
+#: sssd-ldap.5.xml:2263
 msgid "Default: sudoRole"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2233
+#: sssd-ldap.5.xml:2269
 msgid "ldap_sudorule_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2272
 msgid "The LDAP attribute that corresponds to the sudo rule name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2246
+#: sssd-ldap.5.xml:2282
 msgid "ldap_sudorule_command (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2249
+#: sssd-ldap.5.xml:2285
 msgid "The LDAP attribute that corresponds to the command name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2253
+#: sssd-ldap.5.xml:2289
 msgid "Default: sudoCommand"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2259
+#: sssd-ldap.5.xml:2295
 msgid "ldap_sudorule_host (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2262
+#: sssd-ldap.5.xml:2298
 msgid ""
 "The LDAP attribute that corresponds to the host name (or host IP address, "
 "host IP network, or host netgroup)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2303
 msgid "Default: sudoHost"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2273
+#: sssd-ldap.5.xml:2309
 msgid "ldap_sudorule_user (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2276
+#: sssd-ldap.5.xml:2312
 msgid ""
 "The LDAP attribute that corresponds to the user name (or UID, group name or "
 "user's netgroup)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2316
 msgid "Default: sudoUser"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2286
+#: sssd-ldap.5.xml:2322
 msgid "ldap_sudorule_option (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2289
+#: sssd-ldap.5.xml:2325
 msgid "The LDAP attribute that corresponds to the sudo options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2329
 msgid "Default: sudoOption"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2335
 msgid "ldap_sudorule_runasuser (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2302
+#: sssd-ldap.5.xml:2338
 msgid ""
 "The LDAP attribute that corresponds to the user name that commands may be "
 "run as."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2306
+#: sssd-ldap.5.xml:2342
 msgid "Default: sudoRunAsUser"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2312
+#: sssd-ldap.5.xml:2348
 msgid "ldap_sudorule_runasgroup (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2351
 msgid ""
 "The LDAP attribute that corresponds to the group name or group GID that "
 "commands may be run as."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2319
+#: sssd-ldap.5.xml:2355
 msgid "Default: sudoRunAsGroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2361
 msgid "ldap_sudorule_notbefore (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2328
+#: sssd-ldap.5.xml:2364
 msgid ""
 "The LDAP attribute that corresponds to the start date/time for when the sudo "
 "rule is valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2332
+#: sssd-ldap.5.xml:2368
 msgid "Default: sudoNotBefore"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2338
+#: sssd-ldap.5.xml:2374
 msgid "ldap_sudorule_notafter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2341
+#: sssd-ldap.5.xml:2377
 msgid ""
 "The LDAP attribute that corresponds to the expiration date/time, after which "
 "the sudo rule will no longer be valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2346
+#: sssd-ldap.5.xml:2382
 msgid "Default: sudoNotAfter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2352
+#: sssd-ldap.5.xml:2388
 msgid "ldap_sudorule_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2391
 msgid "The LDAP attribute that corresponds to the ordering index of the rule."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2359
+#: sssd-ldap.5.xml:2395
 msgid "Default: sudoOrder"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2365
+#: sssd-ldap.5.xml:2401
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2368
+#: sssd-ldap.5.xml:2404
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2373
+#: sssd-ldap.5.xml:2409
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2378
+#: sssd-ldap.5.xml:2414
 msgid "Default: 21600 (6 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2420
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387
+#: sssd-ldap.5.xml:2423
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest USN "
@@ -6118,101 +6369,101 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2429
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2403
+#: sssd-ldap.5.xml:2439
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2406
+#: sssd-ldap.5.xml:2442
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2417
+#: sssd-ldap.5.xml:2453
 msgid "ldap_sudo_hostnames (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2420
+#: sssd-ldap.5.xml:2456
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2425
+#: sssd-ldap.5.xml:2461
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2430 sssd-ldap.5.xml:2453 sssd-ldap.5.xml:2471
-#: sssd-ldap.5.xml:2489
+#: sssd-ldap.5.xml:2466 sssd-ldap.5.xml:2489 sssd-ldap.5.xml:2507
+#: sssd-ldap.5.xml:2525
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2435 sssd-ldap.5.xml:2458
+#: sssd-ldap.5.xml:2471 sssd-ldap.5.xml:2494
 msgid "Default: not specified"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2477
 msgid "ldap_sudo_ip (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2444
+#: sssd-ldap.5.xml:2480
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2449
+#: sssd-ldap.5.xml:2485
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2464
+#: sssd-ldap.5.xml:2500
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2467
+#: sssd-ldap.5.xml:2503
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2482
+#: sssd-ldap.5.xml:2518
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2485
+#: sssd-ldap.5.xml:2521
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2501
+#: sssd-ldap.5.xml:2537
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -6221,111 +6472,111 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2547
 msgid "AUTOFS OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2513
+#: sssd-ldap.5.xml:2549
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2555
 msgid "ldap_autofs_map_master_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2522
+#: sssd-ldap.5.xml:2558
 msgid "The name of the automount master map in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2525
+#: sssd-ldap.5.xml:2561
 msgid "Default: auto.master"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2532
+#: sssd-ldap.5.xml:2568
 msgid "ldap_autofs_map_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2535
+#: sssd-ldap.5.xml:2571
 msgid "The object class of an automount map entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2538
+#: sssd-ldap.5.xml:2574
 msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2546
+#: sssd-ldap.5.xml:2582
 msgid "ldap_autofs_map_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2549
+#: sssd-ldap.5.xml:2585
 msgid "The name of an automount map entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2552
+#: sssd-ldap.5.xml:2588
 msgid ""
 "Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2596
 msgid "ldap_autofs_entry_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2563
+#: sssd-ldap.5.xml:2599
 msgid ""
 "The object class of an automount entry in LDAP. The entry usually "
 "corresponds to a mount point."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2568
+#: sssd-ldap.5.xml:2604
 msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2576
+#: sssd-ldap.5.xml:2612
 msgid "ldap_autofs_entry_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2579 sssd-ldap.5.xml:2594
+#: sssd-ldap.5.xml:2615 sssd-ldap.5.xml:2630
 msgid ""
 "The key of an automount entry in LDAP. The entry usually corresponds to a "
 "mount point."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2583
+#: sssd-ldap.5.xml:2619
 msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2627
 msgid "ldap_autofs_entry_value (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2598
+#: sssd-ldap.5.xml:2634
 msgid ""
 "Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
 "automountInformation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2517
+#: sssd-ldap.5.xml:2553
 msgid ""
 "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
 "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -6334,56 +6585,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2609
+#: sssd-ldap.5.xml:2645
 msgid "ADVANCED OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2616
+#: sssd-ldap.5.xml:2652
 msgid "ldap_netgroup_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2621
+#: sssd-ldap.5.xml:2657
 msgid "ldap_user_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2626
+#: sssd-ldap.5.xml:2662
 msgid "ldap_group_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2631
+#: sssd-ldap.5.xml:2667
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2633
+#: sssd-ldap.5.xml:2669
 msgid ""
-"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
+"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
 "memberships, even with no GID mapping. It is recommended to disable this "
 "feature, if group names are not being displayed correctly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2640
+#: sssd-ldap.5.xml:2676
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2642
+#: sssd-ldap.5.xml:2678
 msgid "ldap_sudo_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2647
+#: sssd-ldap.5.xml:2683
 msgid "ldap_autofs_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2611
+#: sssd-ldap.5.xml:2647
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -6391,8 +6642,15 @@ msgid ""
 "\"variablelist\" id=\"1\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2698 sssd-simple.5.xml:131 sssd-ipa.5.xml:717
+#: sssd-ad.5.xml:1018 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+msgid "EXAMPLE"
+msgstr "НАМУНА"
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2664
+#: sssd-ldap.5.xml:2700
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -6400,7 +6658,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2670
+#: sssd-ldap.5.xml:2706
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -6413,26 +6671,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2669 sssd-ldap.5.xml:2687 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:681 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 include/ldap_id_mapping.xml:105
+#: sssd-ldap.5.xml:2705 sssd-ldap.5.xml:2723 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2681
+#: sssd-ldap.5.xml:2717
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2683
+#: sssd-ldap.5.xml:2719
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2688
+#: sssd-ldap.5.xml:2724
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -6448,13 +6707,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2703 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2739 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1041 sssd.8.xml:195 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "ЭЗОҲҲО"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2705
+#: sssd-ldap.5.xml:2741
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -6955,9 +7214,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:45
 msgid ""
-"The rules are process by priority while the number '0' (zero)  indicates the "
-"highest priority. The higher the number the lower is the priority. A missing "
-"value indicates the lowest priority."
+"The rules are processed by priority while the number '0' (zero)  indicates "
+"the highest priority. The higher the number the lower is the priority. A "
+"missing value indicates the lowest priority."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
@@ -7041,7 +7300,7 @@ msgstr ""
 #: sss-certmap.5.xml:112
 msgid ""
 "This option can be used to specify which key usage values the certificate "
-"should have. The following value can be used in a comma separate list:"
+"should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
@@ -7418,7 +7677,7 @@ msgid ""
 "exception is the proxy provider which is not of relevance here). Because of "
 "this the mapping rule is based on LDAP search filter syntax with templates "
 "to add certificate content to the filter. It is expected that the filter "
-"will only contain the specific data needed for the mapping an that the "
+"will only contain the specific data needed for the mapping and that the "
 "caller will embed it in another filter to do the actual search. Because of "
 "this the filter string should start and stop with '(' and ')' respectively."
 msgstr ""
@@ -7438,8 +7697,8 @@ msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
 "is that the user specific data in LDAP might change for various reasons "
-"would would break the mapping. On the other hand it would be hard to break "
-"the mapping on purpose for a specific user."
+"would break the mapping. On the other hand it would be hard to break the "
+"mapping on purpose for a specific user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -7533,7 +7792,7 @@ msgstr ""
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
-"represent the first part of the principal before the '@' sign."
+"represents the first part of the principal before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7551,8 +7810,8 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:459
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by pkinit. The 'short_name' component represent the first part of the "
+"This template will add the Kerberos principal which is given by the SAN used "
+"by pkinit. The 'short_name' component represents the first part of the "
 "principal before the '@' sign."
 msgstr ""
 
@@ -7571,9 +7830,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:473
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by AD. The 'short_name' component represent the first part of the "
-"principal before the '@' sign."
+"This template will add the Kerberos principal which is given by the SAN used "
+"by AD. The 'short_name' component represent the first part of the principal "
+"before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -7586,7 +7845,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
-"represent the first part of the address before the '@' sign."
+"represents the first part of the address before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7606,7 +7865,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
-"component represent the first part of the name before the first '.' sign."
+"component represents the first part of the name before the first '.' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7722,7 +7981,7 @@ msgstr ""
 #: sss-certmap.5.xml:367
 msgid ""
 "The templates to add certificate data to the search filter are based on "
-"Python-style formatting strings. They consists of a keyword in curly braces "
+"Python-style formatting strings. They consist of a keyword in curly braces "
 "with an optional sub-component specifier separated by a '.' or an optional "
 "conversion/formatting option separated by a '!'.  Allowed values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -7842,16 +8101,17 @@ msgstr ""
 #: sssd-ipa.5.xml:113
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
+"fully qualified name used in the IPA domain to identify this host.  The "
+"hostname must be fully qualified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121 sssd-ad.5.xml:843
+#: sssd-ipa.5.xml:122 sssd-ad.5.xml:843
 msgid "dyndns_update (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:125
 msgid ""
 "Optional. This option tells SSSD to automatically update the DNS server "
 "built into FreeIPA with the IP address of this client. The update is secured "
@@ -7861,14 +8121,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:133 sssd-ad.5.xml:857
+#: sssd-ipa.5.xml:134 sssd-ad.5.xml:857
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:139
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_update</"
@@ -7876,12 +8136,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:150 sssd-ad.5.xml:868
+#: sssd-ipa.5.xml:151 sssd-ad.5.xml:868
 msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:153 sssd-ad.5.xml:871
+#: sssd-ipa.5.xml:154 sssd-ad.5.xml:871
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -7889,7 +8149,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:159
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
@@ -7897,17 +8157,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:164
+#: sssd-ipa.5.xml:165
 msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:170 sssd-ad.5.xml:882
+#: sssd-ipa.5.xml:171 sssd-ad.5.xml:882
 msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173 sssd-ad.5.xml:885
+#: sssd-ipa.5.xml:174 sssd-ad.5.xml:885
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -7916,7 +8176,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180
+#: sssd-ipa.5.xml:181
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -7924,24 +8184,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:186
+#: sssd-ipa.5.xml:187
 msgid ""
 "Default: Use the IP addresses of the interface which is used for IPA LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:190 sssd-ad.5.xml:896
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:896
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196 sssd-ad.5.xml:947
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:947
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199 sssd-ad.5.xml:950
+#: sssd-ipa.5.xml:200 sssd-ad.5.xml:950
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -7949,24 +8209,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:205 sssd-ad.5.xml:956
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:956
 msgid "Default: GSS-TSIG"
-msgstr "Пешфарз: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:212
 msgid "ipa_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:197
+#: sssd-ipa.5.xml:215 sssd-ad.5.xml:197
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:218
+#: sssd-ipa.5.xml:219
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, then the SSSD will first attempt location "
@@ -7978,12 +8236,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:237 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:238 sssd-ad.5.xml:902
 msgid "dyndns_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:240
+#: sssd-ipa.5.xml:241
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -7991,234 +8249,278 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:920
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:920
 msgid "dyndns_update_ptr (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:923
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:923
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:261
+#: sssd-ipa.5.xml:262
 msgid ""
 "This option should be False in most IPA deployments as the IPA server "
 "generates the PTR records automatically when forward records are changed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:268
 msgid "Default: False (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273 sssd-ad.5.xml:934
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:934
 msgid "dyndns_force_tcp (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276 sssd-ad.5.xml:937
+#: sssd-ipa.5.xml:277 sssd-ad.5.xml:937
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:941
+#: sssd-ipa.5.xml:281 sssd-ad.5.xml:941
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:286 sssd-ad.5.xml:962
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:962
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:289 sssd-ad.5.xml:965
+#: sssd-ipa.5.xml:290 sssd-ad.5.xml:965
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:294 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:295 sssd-ad.5.xml:970
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:299 sssd-ad.5.xml:975
+#: sssd-ipa.5.xml:300 sssd-ad.5.xml:975
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:304 sssd-ad.5.xml:980
+#: sssd-ipa.5.xml:305 sssd-ad.5.xml:980
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:310
-msgid "ipa_hbac_search_base (string)"
+#: sssd-ipa.5.xml:311
+msgid "ipa_deskprofile_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Optional. Use the given string as search base for HBAC related objects."
+#: sssd-ipa.5.xml:314
+msgid ""
+"Optional. Use the given string as search base for Desktop Profile related "
+"objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:317
+#: sssd-ipa.5.xml:318 sssd-ipa.5.xml:331
 msgid "Default: Use base DN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:324
+msgid "ipa_hbac_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:327
+msgid "Optional. Use the given string as search base for HBAC related objects."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:337
 msgid "ipa_host_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:326
+#: sssd-ipa.5.xml:340
 msgid "Optional. Use the given string as search base for host objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:330 sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 sssd-ipa.5.xml:387
-#: sssd-ipa.5.xml:406
+#: sssd-ipa.5.xml:344 sssd-ipa.5.xml:363 sssd-ipa.5.xml:382 sssd-ipa.5.xml:401
+#: sssd-ipa.5.xml:420
 msgid ""
 "See <quote>ldap_search_base</quote> for information about configuring "
 "multiple search bases."
 msgstr ""
 
 #. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:335 sssd-ipa.5.xml:354 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 include/ldap_search_bases.xml:27
 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:356
 msgid "ipa_selinux_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:345
+#: sssd-ipa.5.xml:359
 msgid "Optional. Use the given string as search base for SELinux user maps."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:375
 msgid "ipa_subdomains_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364
+#: sssd-ipa.5.xml:378
 msgid "Optional. Use the given string as search base for trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:373
+#: sssd-ipa.5.xml:387
 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:380
+#: sssd-ipa.5.xml:394
 msgid "ipa_master_domain_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:383
+#: sssd-ipa.5.xml:397
 msgid "Optional. Use the given string as search base for master domain object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:406
 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:399
+#: sssd-ipa.5.xml:413
 msgid "ipa_views_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:402
+#: sssd-ipa.5.xml:416
 msgid "Optional. Use the given string as search base for views containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:411
+#: sssd-ipa.5.xml:425
 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:435
 msgid ""
 "The name of the Kerberos realm. This is optional and defaults to the value "
 "of <quote>ipa_domain</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:425
+#: sssd-ipa.5.xml:439
 msgid ""
 "The name of the Kerberos realm has a special meaning in IPA - it is "
 "converted into the base DN to use for performing LDAP operations."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:433 sssd-ad.5.xml:989
+#: sssd-ipa.5.xml:447 sssd-ad.5.xml:989
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:436 sssd-ad.5.xml:992
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:992
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:440 sssd-ad.5.xml:996
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:996
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:444 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1000
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:465
+msgid "ipa_deskprofile_refresh (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:468
 msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server. This will reduce the latency and load on the IPA server if there "
+"are many desktop profiles requests made in a short period."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ipa.5.xml:477 sssd-ad.5.xml:408
+#: sssd-ipa.5.xml:475 sssd-ipa.5.xml:505 sssd-ipa.5.xml:521 sssd-ad.5.xml:408
 msgid "Default: 5 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:481
+msgid "ipa_deskprofile_request_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:484
+msgid ""
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server in case the last request did not return any rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:489
+#, fuzzy
+#| msgid "Default: 0 (unlimited)"
+msgid "Default: 60 (minutes)"
+msgstr "Пешфарз: 0 (номаҳдуд)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:495
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:498
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:511
 msgid "ipa_hbac_selinux (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:470
+#: sssd-ipa.5.xml:514
 msgid ""
 "The amount of time between lookups of the SELinux maps against the IPA "
 "server. This will reduce the latency and load on the IPA server if there are "
@@ -8226,192 +8528,192 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:527
 msgid "ipa_server_mode (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:486
+#: sssd-ipa.5.xml:530
 msgid ""
 "This option will be set by the IPA installer (ipa-server-install) "
 "automatically and denotes if SSSD is running on an IPA server or not."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:535
 msgid ""
 "On an IPA server SSSD will lookup users and groups from trusted domains "
 "directly while on a client it will ask an IPA server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:502
+#: sssd-ipa.5.xml:546
 msgid "ipa_automount_location (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:505
+#: sssd-ipa.5.xml:549
 msgid "The automounter location this IPA client will be using"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508
+#: sssd-ipa.5.xml:552
 msgid "Default: The location named \"default\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:516
+#: sssd-ipa.5.xml:560
 msgid "VIEWS AND OVERRIDES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:525
+#: sssd-ipa.5.xml:569
 msgid "ipa_view_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:572
 msgid "Objectclass of the view container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:575
 msgid "Default: nsContainer"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:537
+#: sssd-ipa.5.xml:581
 msgid "ipa_view_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:540
+#: sssd-ipa.5.xml:584
 msgid "Name of the attribute holding the name of the view."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:550
+#: sssd-ipa.5.xml:594
 msgid "ipa_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:597
 msgid "Objectclass of the override objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:556
+#: sssd-ipa.5.xml:600
 msgid "Default: ipaOverrideAnchor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:606
 msgid "ipa_anchor_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:565
+#: sssd-ipa.5.xml:609
 msgid ""
 "Name of the attribute containing the reference to the original object in a "
 "remote domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:613
 msgid "Default: ipaAnchorUUID"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:619
 msgid "ipa_user_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:578
+#: sssd-ipa.5.xml:622
 msgid ""
 "Name of the objectclass for user overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:583
+#: sssd-ipa.5.xml:627
 msgid "User overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:586
+#: sssd-ipa.5.xml:630
 msgid "ldap_user_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:589
+#: sssd-ipa.5.xml:633
 msgid "ldap_user_uid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:592
+#: sssd-ipa.5.xml:636
 msgid "ldap_user_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:595
+#: sssd-ipa.5.xml:639
 msgid "ldap_user_gecos"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:598
+#: sssd-ipa.5.xml:642
 msgid "ldap_user_home_directory"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:601
+#: sssd-ipa.5.xml:645
 msgid "ldap_user_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:604
+#: sssd-ipa.5.xml:648
 msgid "ldap_user_ssh_public_key"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:653
 msgid "Default: ipaUserOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:615
+#: sssd-ipa.5.xml:659
 msgid "ipa_group_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:618
+#: sssd-ipa.5.xml:662
 msgid ""
 "Name of the objectclass for group overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:623
+#: sssd-ipa.5.xml:667
 msgid "Group overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:626
+#: sssd-ipa.5.xml:670
 msgid "ldap_group_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:629
+#: sssd-ipa.5.xml:673
 msgid "ldap_group_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
+#: sssd-ipa.5.xml:678
 msgid "Default: ipaGroupOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:518
+#: sssd-ipa.5.xml:562
 msgid ""
 "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
 "later version. Since all paths and objectclasses are fixed on the server "
@@ -8421,19 +8723,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:646
+#: sssd-ipa.5.xml:690
 msgid "SUBDOMAINS PROVIDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:692
 msgid ""
 "The IPA subdomains provider behaves slightly differently if it is configured "
 "explicitly or implicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:652
+#: sssd-ipa.5.xml:696
 msgid ""
 "If the option 'subdomains_provider = ipa' is found in the domain section of "
 "sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -8441,7 +8743,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:658
+#: sssd-ipa.5.xml:702
 msgid ""
 "If the option 'subdomains_provider' is not set in the domain section of sssd."
 "conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -8453,7 +8755,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:675
+#: sssd-ipa.5.xml:719
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -8461,7 +8763,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:682
+#: sssd-ipa.5.xml:726
 #, no-wrap
 msgid ""
 "[domain/example.com]\n"
@@ -9337,10 +9639,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:819
-#, fuzzy
-#| msgid "Default: 3"
 msgid "Default: 30 days"
-msgstr "Пешфарз: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:825
@@ -9351,10 +9651,10 @@ msgstr ""
 #: sssd-ad.5.xml:828
 msgid ""
 "This option should only be used to test the machine account renewal task. "
-"The option expect 2 integers seperated by a colon (':'). The first integer "
+"The option expects 2 integers separated by a colon (':'). The first integer "
 "defines the interval in seconds how often the task is run. The second "
-"specifies the inital timeout in seconds before the task is run for the first "
-"time after startup."
+"specifies the initial timeout in seconds before the task is run for the "
+"first time after startup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -9458,8 +9758,8 @@ msgid ""
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
+#. type: Content of: <reference><refentry><refmeta><refentrytitle>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
 msgid "sssd-sudo"
 msgstr ""
 
@@ -9782,12 +10082,12 @@ msgid "Run in the foreground, don't become a daemon."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117 sss_debuglevel.8.xml:42
+#: sssd.8.xml:117
 msgid "<option>-c</option>,<option>--config</option>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121 sss_debuglevel.8.xml:46
+#: sssd.8.xml:121
 msgid ""
 "Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
 "conf</filename>. For reference on the config file syntax and options, "
@@ -10213,10 +10513,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sss_override.8.xml:261 sssctl.8.xml:50
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "COMMON OPTIONS"
-msgstr "ИМКОНОТҲО"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:263 sssctl.8.xml:52
@@ -11459,7 +11757,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_debuglevel.8.xml:16
-msgid "change debug level while SSSD is running"
+msgid "[DEPRECATED] change debug level while SSSD is running"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
@@ -11473,14 +11771,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_debuglevel.8.xml:32
 msgid ""
-"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
-"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
-"running."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_debuglevel.8.xml:59
-msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl "
+"debug-level command. Please refer to the <command>sssctl</command> man page "
+"for more information on sssctl usage."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
@@ -11877,7 +12170,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><title>
-#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:182 include/seealso.xml:2
+#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:180 include/seealso.xml:2
 msgid "SEE ALSO"
 msgstr ""
 
@@ -12050,7 +12343,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: idmap_sss.8.xml:16
-msgid "SSSSD's idmap_sss Backend for Winbind"
+msgid "SSSD's idmap_sss Backend for Winbind"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
@@ -12062,10 +12355,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: idmap_sss.8.xml:29
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "IDMAP OPTIONS"
-msgstr "ИМКОНОТҲО"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: idmap_sss.8.xml:33
@@ -12079,13 +12370,6 @@ msgid ""
 "authoritative."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><title>
-#: idmap_sss.8.xml:43
-#, fuzzy
-#| msgid "EXAMPLE"
-msgid "EXAMPLES"
-msgstr "НАМУНА"
-
 #. type: Content of: <reference><refentry><refsect1><para>
 #: idmap_sss.8.xml:45
 msgid ""
@@ -12251,20 +12535,53 @@ msgid ""
 "nested."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:69
+msgid "secrets"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:70
+msgid "secrets for general usage"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:73
+msgid "kcm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:75
+msgid ""
+"used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:61
+msgid ""
+"Since the secrets responder can be used both externally to store general "
+"secrets, as described in the rest of this man page, but also internally by "
+"other SSSD components to store their secret material, some configuration "
+"options, like quotas can be configured per <quote>hive</quote> in a "
+"configuration subsection named after the hive. The currently supported hives "
+"are: <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:63
+#: sssd-secrets.5.xml:89
 msgid "USING THE SECRETS RESPONDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:65
+#: sssd-secrets.5.xml:91
 msgid ""
 "The UNIX socket the SSSD responder listens on is located at <filename>/var/"
 "run/secrets.socket</filename>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:84 sssd-kcm.8.xml:132
+#: sssd-secrets.5.xml:110
 #, no-wrap
 msgid ""
 "systemctl start sssd-secrets.socket\n"
@@ -12274,7 +12591,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:69
+#: sssd-secrets.5.xml:95
 msgid ""
 "The secrets responder is socket-activated by <citerefentry> "
 "<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </"
@@ -12289,7 +12606,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:96
+#: sssd-secrets.5.xml:122
 msgid ""
 "The generic SSSD responder options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the secrets responder.  Please refer "
@@ -12298,18 +12615,27 @@ msgid ""
 "there are some secrets-specific options as well."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:132
+msgid ""
+"The secrets responder is configured with a global <quote>[secrets]</quote> "
+"section and an optional per-user <quote>[secrets/users/$uid]</quote> section "
+"in <filename>sssd.conf</filename>. Please note that some options, notably as "
+"the provider type, can only be specified in the per-user subsections."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:107
+#: sssd-secrets.5.xml:141
 msgid "provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:120
+#: sssd-secrets.5.xml:157
 msgid "local"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:123
+#: sssd-secrets.5.xml:160
 msgid ""
 "The secrets are stored in a local database, encrypted at rest with a master "
 "key. The local provider does not have any additional config options at the "
@@ -12317,149 +12643,190 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:131
+#: sssd-secrets.5.xml:168
 msgid "proxy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:134
+#: sssd-secrets.5.xml:171
 msgid ""
 "The secrets responder forwards the requests to a Custodia server. The proxy "
 "provider supports several additional options (see below)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:110
+#: sssd-secrets.5.xml:144
 msgid ""
 "This option specifies where should the secrets be stored. The secrets "
-"responder can configure a per-user subsections that define which provider "
-"store the secrets for this particular user. The per-user subsections should "
-"contain all options for that user's provider. If a per-user section does not "
-"exist, the global settings from the secret responder's section are used.  "
-"The following providers are supported: <placeholder type=\"variablelist\" id="
-"\"0\"/>"
+"responder can configure a per-user subsections (e.g. <quote>[secrets/"
+"users/123]</quote> - see bottom of this manual page for a full example using "
+"Custodia for a particular user) that define which provider store the secrets "
+"for this particular user. The per-user subsections should contain all "
+"options for that user's provider. Please note that currently the global "
+"provider is always local, the proxy provider can only be specified in a per-"
+"user section. The following providers are supported: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:143
-#, fuzzy
-#| msgid "Default: false"
+#: sssd-secrets.5.xml:180
 msgid "Default: local"
-msgstr "Пешфарз: false"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:186
+msgid ""
+"The following options affect only the secrets <quote>hive</quote> and "
+"therefore should be set in a per-hive subsection. Setting the option to 0 "
+"means \"unlimited\"."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:148
+#: sssd-secrets.5.xml:192
 msgid "containers_nest_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:151
+#: sssd-secrets.5.xml:195
 msgid "This option specifies the maximum allowed number of nested containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:155
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-secrets.5.xml:199
 msgid "Default: 4"
-msgstr "Пешфарз: 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:160
+#: sssd-secrets.5.xml:204
 msgid "max_secrets (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:163
-msgid "This option specifies the maximum number of secrets that can be stored."
+#: sssd-secrets.5.xml:207
+msgid ""
+"This option specifies the maximum number of secrets that can be stored in "
+"the hive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:167
-#, fuzzy
-#| msgid "Default: 10"
-msgid "Default: 1024"
-msgstr "Пешфарз: 10"
+#: sssd-secrets.5.xml:211
+msgid "Default: 1024 (secrets hive), 256 (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:216
+msgid "max_uid_secrets (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:219
+msgid ""
+"This option specifies the maximum number of secrets that can be stored per-"
+"UID in the hive."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:223
+msgid "Default: 256 (secrets hive), 64 (kcm hive)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:172
+#: sssd-secrets.5.xml:228
 msgid "max_payload_size (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:175
+#: sssd-secrets.5.xml:231
 msgid ""
 "This option specifies the maximum payload size allowed for a secret payload "
 "in kilobytes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:179
-#, fuzzy
-#| msgid "Default: 1"
-msgid "Default: 16"
-msgstr "Пешфарз: 1"
+#: sssd-secrets.5.xml:235
+msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-secrets.5.xml:244
+#, no-wrap
+msgid ""
+"[secrets/secrets]\n"
+"max_payload_size = 128\n"
+"\n"
+"[secrets/kcm]\n"
+"max_payload_size = 256\n"
+"            "
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:185
+#: sssd-secrets.5.xml:241
+msgid ""
+"For example, to adjust quotas differently for both the <quote>secrets</"
+"quote> and the <quote>kcm</quote> hives, configure the following: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:252
 msgid ""
 "The following options are only applicable for configurations that use the "
 "<quote>proxy</quote> provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:190
+#: sssd-secrets.5.xml:257
 msgid "proxy_url (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:193
+#: sssd-secrets.5.xml:260
 msgid ""
 "The URL the Custodia server is listening on. At the moment, http and https "
 "protocols are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:200
+#: sssd-secrets.5.xml:267
 msgid "http[s]://&lt;host&gt;[:port]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:203
+#: sssd-secrets.5.xml:270
 msgid "Example: http://localhost:8080"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:208
+#: sssd-secrets.5.xml:275
 msgid "auth_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:211
+#: sssd-secrets.5.xml:278
 msgid ""
 "The method to use when authenticating to a Custodia server. The following "
 "authentication methods are supported:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:216
+#: sssd-secrets.5.xml:283
 msgid "basic_auth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:219
+#: sssd-secrets.5.xml:286
 msgid ""
 "Authenticate with a username and a password as set in the <quote>username</"
 "quote> and <quote>password</quote> options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:226
+#: sssd-secrets.5.xml:293
 msgid "header"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:229
+#: sssd-secrets.5.xml:296
 msgid ""
 "Authenticate with HTTP header value as defined in the "
 "<quote>auth_header_name</quote> and <quote>auth_header_value</quote> "
@@ -12467,12 +12834,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:240
+#: sssd-secrets.5.xml:307
 msgid "auth_header_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:243
+#: sssd-secrets.5.xml:310
 msgid ""
 "If set, the secrets responder would put a header with this name into the "
 "HTTP request with the value defined in the <quote>auth_header_value</quote> "
@@ -12480,83 +12847,81 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:248
+#: sssd-secrets.5.xml:315
 msgid "Example: MYSECRETNAME"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:253
+#: sssd-secrets.5.xml:320
 msgid "auth_header_value (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:256
+#: sssd-secrets.5.xml:323
 msgid ""
 "The value sssd-secrets would use for the <quote>auth_header_name</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:260
-#, fuzzy
-#| msgid "Example:"
+#: sssd-secrets.5.xml:327
 msgid "Example: mysecret"
-msgstr "Намуна:"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:265
+#: sssd-secrets.5.xml:332
 msgid "forward_headers (list of strings)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:268
+#: sssd-secrets.5.xml:335
 msgid ""
 "The list of HTTP headers to forward to the Custodia server together with the "
 "request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:277
+#: sssd-secrets.5.xml:344
 msgid "verify_peer (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:280
+#: sssd-secrets.5.xml:347
 msgid ""
 "Whether peer's certificate should be verified and valid if HTTPS protocol is "
 "used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:289
+#: sssd-secrets.5.xml:356
 msgid "verify_host (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:292
+#: sssd-secrets.5.xml:359
 msgid ""
 "Whether peer's hostname must match with hostname in its certificate if HTTPS "
 "protocol is used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:302
+#: sssd-secrets.5.xml:369
 msgid "capath (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:305
+#: sssd-secrets.5.xml:372
 msgid ""
 "Path to directory containing stored certificate authority certificates. "
 "System default path is used if this option is not set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:315
+#: sssd-secrets.5.xml:382
 msgid "cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:318
+#: sssd-secrets.5.xml:385
 msgid ""
 "Path to file containing server's certificate authority certificate. If this "
 "option is not set then the CA's certificate is looked up in <quote>capath</"
@@ -12564,12 +12929,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:328
+#: sssd-secrets.5.xml:395
 msgid "cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:331
+#: sssd-secrets.5.xml:398
 msgid ""
 "Path to file containing client's certificate if required by the server. This "
 "file may also contain private key or the private key may be in separate file "
@@ -12577,22 +12942,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:342
+#: sssd-secrets.5.xml:409
 msgid "key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:345
+#: sssd-secrets.5.xml:412
 msgid "Path to file containing client's private key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:355
+#: sssd-secrets.5.xml:422
 msgid "USING THE REST API"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:357
+#: sssd-secrets.5.xml:424
 msgid ""
 "This section lists the available commands and includes examples using the "
 "<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> "
@@ -12607,19 +12972,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:374
+#: sssd-secrets.5.xml:441
 msgid "Listing secrets"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:377
+#: sssd-secrets.5.xml:444
 msgid ""
 "To list the available secrets, send a HTTP GET request with a trailing slash "
 "appended to the container path."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:383
+#: sssd-secrets.5.xml:450
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12629,19 +12994,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:391
+#: sssd-secrets.5.xml:458
 msgid "Retrieving a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:394
+#: sssd-secrets.5.xml:461
 msgid ""
 "To read a value of a single secret, send a HTTP GET request without a "
 "trailing slash. The last portion of the URI is the name of the secret."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:401
+#: sssd-secrets.5.xml:468
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12651,7 +13016,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:406
+#: sssd-secrets.5.xml:473
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -12661,19 +13026,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:399
+#: sssd-secrets.5.xml:466
 msgid ""
 "Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
 "\"programlisting\" id=\"1\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:414
+#: sssd-secrets.5.xml:481
 msgid "Setting a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:417
+#: sssd-secrets.5.xml:484
 msgid ""
 "To set a secret using the <quote>application/json</quote> type, send a HTTP "
 "PUT request with a JSON payload that includes type and value. The type "
@@ -12682,14 +13047,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:425
+#: sssd-secrets.5.xml:492
 msgid ""
 "The <quote>application/json</quote> type just sends the secret as the "
 "message payload."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:434
+#: sssd-secrets.5.xml:501
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12700,7 +13065,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:440
+#: sssd-secrets.5.xml:507
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -12711,7 +13076,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:429
+#: sssd-secrets.5.xml:496
 msgid ""
 "The following example sets a secret named 'foo' to a value of 'foosecret' "
 "and a secret named 'bar' to a value of 'barsecret' using a different Content "
@@ -12720,12 +13085,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:449
+#: sssd-secrets.5.xml:516
 msgid "Creating a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:452
+#: sssd-secrets.5.xml:519
 msgid ""
 "Containers provide an additional namespace for this user's secrets. To "
 "create a container, send a HTTP POST request, whose URI ends with the "
@@ -12733,7 +13098,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:462
+#: sssd-secrets.5.xml:529
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12743,14 +13108,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:459
+#: sssd-secrets.5.xml:526
 msgid ""
 "The following example creates a container named 'mycontainer': <placeholder "
 "type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:471
+#: sssd-secrets.5.xml:538
 #, no-wrap
 msgid ""
 "http://localhost/secrets/mycontainer/mysecret\n"
@@ -12758,26 +13123,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:468
+#: sssd-secrets.5.xml:535
 msgid ""
 "To manipulate secrets under this container, just nest the secrets underneath "
 "the container path: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:477
+#: sssd-secrets.5.xml:544
 msgid "Deleting a secret or a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:480
+#: sssd-secrets.5.xml:547
 msgid ""
 "To delete a secret or a container, send a HTTP DELETE request with a path to "
 "the secret or the container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:486
+#: sssd-secrets.5.xml:553
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12787,19 +13152,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:484
+#: sssd-secrets.5.xml:551
 msgid ""
 "The following example deletes a secret named 'foo'.  <placeholder type="
 "\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:496
+#: sssd-secrets.5.xml:563
 msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:498
+#: sssd-secrets.5.xml:565
 msgid ""
 "For testing the proxy provider, you need to set up a Custodia server to "
 "proxy requests to. Please always consult the Custodia documentation, the "
@@ -12807,7 +13172,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:509
+#: sssd-secrets.5.xml:576
 #, no-wrap
 msgid ""
 "[global]\n"
@@ -12837,7 +13202,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:503
+#: sssd-secrets.5.xml:570
 msgid ""
 "This configuration will set up a Custodia server listening on http://"
 "localhost:8080, allowing anyone with header named MYSECRETNAME set to "
@@ -12847,14 +13212,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:535
+#: sssd-secrets.5.xml:602
 msgid ""
 "Then run the <replaceable>custodia</replaceable> command, pointing it at the "
 "config file as a command line argument."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:539
+#: sssd-secrets.5.xml:606
 msgid ""
 "Please note that currently it's not possible to proxy all requests globally "
 "to a Custodia instance. Instead, per-user subsections for user IDs that "
@@ -12865,7 +13230,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><programlisting>
-#: sssd-secrets.5.xml:547
+#: sssd-secrets.5.xml:614
 #, no-wrap
 msgid ""
 "[secrets]\n"
@@ -12880,6 +13245,71 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-session-recording.5.xml:16
+msgid "sssd-session-recording"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-session-recording.5.xml:17
+msgid "Configuring session recording with SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:23
+msgid ""
+"This manual page describes how to configure <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to "
+"implement user session recording on text terminals.  For a detailed "
+"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> "
+"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:41
+msgid ""
+"SSSD can be set up to enable recording of everything specific users see or "
+"type during their sessions on text terminals. E.g.  when users log in on the "
+"console, or via SSH. SSSD itself doesn't record anything, but makes sure "
+"tlog-rec-session is started upon user login, so it can record according to "
+"its configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:48
+msgid ""
+"For users with session recording enabled, SSSD replaces the user shell with "
+"tlog-rec-session in NSS responses, and adds a variable specifying the "
+"original shell to the user environment, upon PAM session setup. This way "
+"tlog-rec-session can be started in place of the user shell, and know which "
+"actual shell to start, once it set up the recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:60
+msgid "These options can be used to configure the session recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:146
+msgid ""
+"The following snippet of sssd.conf enables session recording for users "
+"\"contractor1\" and \"contractor2\", and group \"students\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-session-recording.5.xml:151
+#, no-wrap
+msgid ""
+"[session_recording]\n"
+"scope = some\n"
+"users = contractor1, contractor2\n"
+"groups = students\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
 msgid "sssd-kcm"
 msgstr ""
@@ -12996,7 +13426,6 @@ msgstr ""
 msgid ""
 "systemctl start sssd-kcm.socket\n"
 "systemctl enable sssd-kcm.socket\n"
-"systemctl enable sssd-kcm.service\n"
 "            "
 msgstr ""
 
@@ -13013,12 +13442,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-kcm.8.xml:123
+#: sssd-kcm.8.xml:122
 msgid "THE CREDENTIAL CACHE STORAGE"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:131
+#, no-wrap
+msgid ""
+"systemctl start sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.socket\n"
+"            "
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:125
+#: sssd-kcm.8.xml:124
 msgid ""
 "The credential caches are stored in the SSSD secrets service (see "
 "<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
@@ -13029,7 +13467,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:143
+#: sssd-kcm.8.xml:141
 msgid ""
 "The KCM service is configured in the <quote>kcm</quote> section of the sssd."
 "conf file. Please note that currently, is it not sufficient to restart the "
@@ -13042,7 +13480,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:157
+#: sssd-kcm.8.xml:155
 msgid ""
 "The generic SSSD service options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the kcm service.  Please refer to "
@@ -13052,28 +13490,408 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-kcm.8.xml:168
+#: sssd-kcm.8.xml:166
 msgid "socket_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:171
+#: sssd-kcm.8.xml:169
 msgid "The socket the KCM service will listen on."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:174
+#: sssd-kcm.8.xml:172
 msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:184
+#: sssd-kcm.8.xml:182
 msgid ""
 "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>,"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
+msgid "sssd-systemtap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-systemtap.5.xml:17
+msgid "SSSD systemtap information"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:23
+msgid ""
+"This manual page provides information about the systemtap functionality in "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:32
+msgid ""
+"SystemTap Probe points have been added into various locations in SSSD code "
+"to assist in troubleshooting and analyzing performance related issues."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:40
+msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:46
+msgid ""
+"Probes and miscellaneous functions are defined in /usr/share/systemtap/"
+"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp "
+"respectively."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-systemtap.5.xml:57
+msgid "PROBE POINTS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:341
+msgid ""
+"The information below lists the probe points and arguments available in the "
+"following format:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:64
+msgid "probe $name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:67
+msgid "Description of probe point"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:70
+#, no-wrap
+msgid ""
+"variable1:datatype\n"
+"variable2:datatype\n"
+"variable3:datatype\n"
+"...\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:80
+msgid "Database Transaction Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:84
+msgid "probe sssd_transaction_start"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:87
+msgid ""
+"Start of a sysdb transaction, probes the sysdb_transaction_start() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118
+#: sssd-systemtap.5.xml:131
+#, no-wrap
+msgid ""
+"nesting:integer\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:97
+msgid "probe sssd_transaction_cancel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:100
+msgid ""
+"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel()  "
+"function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:111
+msgid "probe sssd_transaction_commit_before"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:114
+msgid "Probes the sysdb_transaction_commit_before()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:124
+msgid "probe sssd_transaction_commit_after"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:127
+msgid "Probes the sysdb_transaction_commit_after()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:141
+msgid "LDAP Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:145
+msgid "probe sdap_search_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:148
+msgid "Probes the sdap_get_generic_ext_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:152 sssd-systemtap.5.xml:167 sssd-systemtap.5.xml:196
+#, no-wrap
+msgid ""
+"base:string\n"
+"scope:integer\n"
+"filter:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:160
+msgid "probe sdap_search_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:163
+msgid "Probes the sdap_get_generic_ext_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:175
+msgid "probe sdap_deref_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:178
+msgid "Probes the sdap_deref_search_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:182
+#, no-wrap
+msgid ""
+"base_dn:string\n"
+"deref_attr:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:189
+msgid "probe sdap_deref_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:192
+msgid "Probes the sdap_deref_search_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:208
+msgid "LDAP Account Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:212
+msgid "probe sdap_acct_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:215
+msgid "Probes the sdap_acct_req_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:219 sssd-systemtap.5.xml:234
+#, no-wrap
+msgid ""
+"entry_type:int\n"
+"filter_type:int\n"
+"filter_value:string\n"
+"extra_value:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:227
+msgid "probe sdap_acct_req_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:230
+msgid "Probes the sdap_acct_req_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:246
+msgid "LDAP User Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:250
+msgid "probe sdap_search_user_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:253
+msgid "Probes the sdap_search_user_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
+#: sssd-systemtap.5.xml:293
+#, no-wrap
+msgid ""
+"filter:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:262
+msgid "probe sdap_search_user_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:265
+msgid "Probes the sdap_search_user_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:274
+msgid "probe sdap_search_user_save_begin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:277
+msgid "Probes the sdap_search_user_save_begin()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:286
+msgid "probe sdap_search_user_save_end"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:289
+msgid "Probes the sdap_search_user_save_end()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:302
+msgid "Data Provider Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:306
+msgid "probe dp_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:309
+msgid "A Data Provider request is submitted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:312
+#, no-wrap
+msgid ""
+"dp_req_domain:string\n"
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:320
+msgid "probe dp_req_done"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:323
+msgid "A Data Provider request is completed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:326
+#, no-wrap
+msgid ""
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"dp_ret:int\n"
+"dp_errorstr:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:339
+msgid "MISCELLANEOUS FUNCTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:346
+msgid "function acct_req_desc(entry_type)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:349
+msgid "Convert entry_type to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:354
+msgid ""
+"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
+"filter_value, extra_value)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:358
+msgid "Create probe string based on filter type"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:363
+msgid "function dp_target_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:366
+msgid "Convert target to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:371
+msgid "function dp_method_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:374
+msgid "Convert method to string and return string"
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
 msgid "SERVICE DISCOVERY"
@@ -13223,6 +14041,67 @@ msgid ""
 "offline mode, and then attempts to reconnect every 30 seconds."
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:53
+msgid "Failover time outs and tuning"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:55
+msgid ""
+"Resolving a server to connect to can be as simple as running a single DNS "
+"query or can involve several steps, such as finding the correct site or "
+"trying out multiple host names in case some of the configured servers are "
+"not reachable. The more complex scenarios can take some time and SSSD needs "
+"to balance between providing enough time to finish the resolution process "
+"but on the other hand, not trying for too long before falling back to "
+"offline mode. If the SSSD debug logs show that the server resolution is "
+"timing out before a live server is contacted, you can consider changing the "
+"time outs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:76
+msgid "dns_resolver_op_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:80
+msgid "How long would SSSD talk to a single DNS server."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:86
+msgid "dns_resolver_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:90
+msgid ""
+"How long would SSSD try to resolve a failover service. This service "
+"resolution internally might include several steps, such as resolving DNS SRV "
+"queries or locating the site."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:67
+msgid ""
+"This section lists the available tunables. Please refer to their description "
+"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, manual page.  <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:100
+msgid ""
+"For LDAP-based providers, the resolve operation is performed as part of an "
+"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"quote> timeout should be set to a larger value than "
+"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
+"value than <quote>dns_resolver_op_timeout</quote>."
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/ldap_id_mapping.xml:2
 msgid "ID MAPPING"
@@ -13802,34 +14681,37 @@ msgid ""
 "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> "
 "<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
+"citerefentry>, </phrase> <citerefentry> <refentrytitle>sssd-session-"
+"recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, "
+"<citerefentry> <refentrytitle>sss_cache</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
-"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
+"\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
 "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>.  <citerefentry> "
 "<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
+"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
+"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> </phrase>"
 msgstr ""
 
 #. type: Content of: <listitem><para>
@@ -14120,42 +15002,37 @@ msgstr ""
 msgid "ldap_user_auth_type = ipaUserAuthType"
 msgstr ""
 
-#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:88
-msgid "ldap_user_certificate = userCertificate;binary"
-msgstr ""
-
 #. type: Content of: <refsect1><refsect2><title>
-#: include/ipa_modified_defaults.xml:94
+#: include/ipa_modified_defaults.xml:89
 msgid "LDAP Provider - Group options"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:98
+#: include/ipa_modified_defaults.xml:93
 msgid "ldap_group_object_class = ipaUserGroup"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:103
+#: include/ipa_modified_defaults.xml:98
 msgid "ldap_group_object_class_alt = posixGroup"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:108
+#: include/ipa_modified_defaults.xml:103
 msgid "ldap_group_member = member"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:113
+#: include/ipa_modified_defaults.xml:108
 msgid "ldap_group_uuid = ipaUniqueID"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:118
+#: include/ipa_modified_defaults.xml:113
 msgid "ldap_group_objectsid = ipaNTSecurityIdentifier"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:123
+#: include/ipa_modified_defaults.xml:118
 msgid "ldap_group_external_member = ipaExternalMember"
 msgstr ""
diff --git a/src/man/po/uk.po b/src/man/po/uk.po
index 9395b23da..97ed53c64 100644
--- a/src/man/po/uk.po
+++ b/src/man/po/uk.po
@@ -7,13 +7,14 @@
 # Yuri Chornoivan <yurchor@ukr.net>, 2011-2014
 # Yuri Chornoivan <yurchor@ukr.net>, 2013
 # Yuri Chornoivan <yurchor@ukr.net>, 2015. #zanata
+# Yuri Chornoivan <yurchor@ukr.net>, 2017. #zanata
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.12.90\n"
+"Project-Id-Version: sssd-docs 1.15.3\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2017-07-25 11:51+0200\n"
-"PO-Revision-Date: 2015-06-26 04:33-0400\n"
-"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
+"POT-Creation-Date: 2017-10-20 16:15+0200\n"
+"PO-Revision-Date: 2017-07-31 03:21-0400\n"
+"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Ukrainian (http://www.transifex.com/projects/p/sssd/language/"
 "uk/)\n"
 "Language: uk\n"
@@ -34,7 +35,8 @@ msgstr ""
 #: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
 #: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
 #: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5
-#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-kcm.8.xml:5
+#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-session-recording.5.xml:5
+#: sssd-kcm.8.xml:5 sssd-systemtap.5.xml:5
 msgid "SSSD Manual pages"
 msgstr "Сторінки підручника SSSD"
 
@@ -79,7 +81,8 @@ msgstr ""
 #: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31
 #: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
 #: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30
-#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-kcm.8.xml:21
+#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-session-recording.5.xml:21
+#: sssd-kcm.8.xml:21 sssd-systemtap.5.xml:21
 msgid "DESCRIPTION"
 msgstr "ОПИС"
 
@@ -96,8 +99,8 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "ПАРАМЕТРИ"
 
@@ -148,7 +151,8 @@ msgstr "sssd.conf"
 #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
 #: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11
 #: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
-#: sssd-files.5.xml:11 sssd-secrets.5.xml:11
+#: sssd-files.5.xml:11 sssd-secrets.5.xml:11 sssd-session-recording.5.xml:11
+#: sssd-systemtap.5.xml:11
 msgid "5"
 msgstr "5"
 
@@ -156,7 +160,8 @@ msgstr "5"
 #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
 #: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12
 #: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
-#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-kcm.8.xml:12
+#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-session-recording.5.xml:12
+#: sssd-kcm.8.xml:12 sssd-systemtap.5.xml:12
 msgid "File Formats and Conventions"
 msgstr "Формати файлів та правила"
 
@@ -238,7 +243,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd.conf.5.xml:59
 msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY"
-msgstr ""
+msgstr "ФРАГМЕНТИ НАЛАШТУВАНЬ З КАТАЛОГУ ВКЛЮЧЕННЯ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:62
@@ -248,6 +253,10 @@ msgid ""
 "filename>. This feature is available if SSSD was compiled with libini "
 "version 1.3.0 or later."
 msgstr ""
+"До файла налаштувань <filename>sssd.conf</filename> буде включено фрагменти "
+"налаштувань з каталогу <filename>conf.d</filename>. Цією можливістю можна "
+"буде скористатися, якщо SSSD було зібрано із бібліотекою libini версії 1.3.0 "
+"або новішою."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:69
@@ -257,6 +266,10 @@ msgid ""
 "(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> "
 "to configure SSSD."
 msgstr ""
+"Будь-який файл, розташований у <filename>conf.d</filename>, назва якого "
+"завершується на <quote><filename>.conf</filename></quote> і не починається з "
+"крапки (<quote>.</quote>), буде використано разом із <filename>sssd.conf</"
+"filename> для налаштовування SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:77
@@ -270,6 +283,14 @@ msgid ""
 "<filename>02_snippet.conf</filename> etc.) can help visualize the priority "
 "(higher number means higher priority)."
 msgstr ""
+"Фрагменти налаштувань з <filename>conf.d</filename> мають вищий пріоритет за "
+"<filename>sssd.conf</filename>, вони мають вищий пріоритет за <filename>sssd."
+"conf</filename>, якщо виникне конфлікт. Якщо у <filename>conf.d</filename> "
+"буде виявлено декілька фрагментів, їх буде включено за абеткою (на основі "
+"параметрів локалі). Файли, які включаються пізніше, мають вищий пріоритет. "
+"Числові префікси (<filename>01_фрагмент.conf</filename>, "
+"<filename>02_фрагмент.conf</filename> тощо) можуть допомогти у візуалізації "
+"пріоритетності (більше число означає вищу пріоритетність)."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd.conf.5.xml:91
@@ -277,6 +298,9 @@ msgid ""
 "The snippet files require the same owner and permissions as <filename>sssd."
 "conf</filename>. Which are by default root:root and 0600."
 msgstr ""
+"Файли фрагментів мають належати одному користувачеві і мати однакові права "
+"доступу із файлом <filename>sssd.conf</filename>. Типовим власником є root:"
+"root, а типовими правами доступу — 0600."
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd.conf.5.xml:98
@@ -302,10 +326,8 @@ msgstr "debug_level (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:112
-#, fuzzy
-#| msgid "debug_level (integer)"
 msgid "debug (integer)"
-msgstr "debug_level (ціле число)"
+msgstr "debug (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:115
@@ -315,6 +337,10 @@ msgid ""
 "are specified, the value of <replaceable>debug_level</replaceable> will be "
 "used."
 msgstr ""
+"У SSSD 1.14 і новіших версіях з міркувань зручності також передбачено "
+"альтернативний варіант <replaceable>debug</replaceable> для "
+"<replaceable>debug_level</replaceable>. Якщо вказано одразу обидва варіанти, "
+"буде використано варіант <replaceable>debug_level</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:125
@@ -332,11 +358,11 @@ msgstr ""
 "проігноровано."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:813
-#: sssd.conf.5.xml:1422 sssd-ldap.5.xml:1695 sssd-ldap.5.xml:1792
-#: sssd-ldap.5.xml:1854 sssd-ldap.5.xml:2411 sssd-ldap.5.xml:2476
-#: sssd-ldap.5.xml:2494 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:284 sssd-secrets.5.xml:297
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
+#: sssd.conf.5.xml:1467 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1881 sssd-ldap.5.xml:2447 sssd-ldap.5.xml:2512
+#: sssd-ldap.5.xml:2530 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
+#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr "Типове значення: true"
 
@@ -356,17 +382,19 @@ msgstr ""
 "journald, цей параметр буде проігноровано."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:697
-#: sssd.conf.5.xml:1376 sssd.conf.5.xml:2691 sssd-ldap.5.xml:708
-#: sssd-ldap.5.xml:1569 sssd-ldap.5.xml:1588 sssd-ldap.5.xml:1764
-#: sssd-ldap.5.xml:2181 sssd-ipa.5.xml:144 sssd-ipa.5.xml:231
-#: sssd-ipa.5.xml:496 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
+#: sssd.conf.5.xml:1400 sssd.conf.5.xml:2865 sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:1596 sssd-ldap.5.xml:1615 sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:2217 sssd-ipa.5.xml:145 sssd-ipa.5.xml:232
+#: sssd-ipa.5.xml:540 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
 #: sssd-krb5.5.xml:471
 msgid "Default: false"
 msgstr "Типове значення: false"
 
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2219
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2255
+#: sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:210
+#: sssd-systemtap.5.xml:248 sssd-systemtap.5.xml:304
 msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
 
@@ -382,21 +410,19 @@ msgstr "timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:162
-#, fuzzy
-#| msgid ""
-#| "Timeout in seconds between heartbeats for this service. This is used to "
-#| "ensure that the process is alive and capable of answering requests."
 msgid ""
 "Timeout in seconds between heartbeats for this service. This is used to "
 "ensure that the process is alive and capable of answering requests. Note "
 "that after three missed heartbeats the process will terminate itself."
 msgstr ""
 "Проміжок у секундах між циклами роботи цієї служби. Використовується для "
-"перевірки працездатності процесу та його змоги відповідати на запити."
+"перевірки працездатності процесу та його змоги відповідати на запити. "
+"Зауважте, що після трьох пропущених циклів процес перерве своє виконання "
+"самостійно."
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1328 sssd.conf.5.xml:2707
-#: sssd-ldap.5.xml:1440 include/ldap_id_mapping.xml:264
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1352 sssd.conf.5.xml:2881
+#: sssd-ldap.5.xml:1467 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr "Типове значення: 10"
 
@@ -411,7 +437,7 @@ msgid "The [sssd] section"
 msgstr "Розділ [sssd]"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:2796
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:2970
 msgid "Section parameters"
 msgstr "Параметри розділу"
 
@@ -442,6 +468,10 @@ msgid ""
 "platforms where systemd is supported, as they will either be socket or dbus "
 "activated when needed.  </phrase>"
 msgstr ""
+"Список служб, відокремлених комами, які запускаються разом із sssd. <phrase "
+"condition=\"have_systemd\">Список служб є необов'язковим на платформах, де "
+"передбачено підтримку systemd, оскільки там такі служби вмикаються за "
+"допомогою сокетів або D-Bus.</phrase>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:214
@@ -463,14 +493,17 @@ msgid ""
 "and the administrator must enable the ones allowed to be used by executing: "
 "\"systemctl enable sssd-@service@.socket\".  </phrase>"
 msgstr ""
+"<phrase condition=\"have_systemd\">Типово усі служби вимкнено. Адміністратор "
+"має увімкнути дозволені до використання служби за допомогою такої команди: "
+"\"systemctl enable sssd-@service@.socket\".  </phrase>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:589
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
 msgid "reconnection_retries (integer)"
 msgstr "reconnection_retries (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:592
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
@@ -480,7 +513,7 @@ msgstr ""
 "визнання подальших спроб безнадійними."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:597
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
 msgid "Default: 3"
 msgstr "Типове значення: 3"
 
@@ -491,13 +524,6 @@ msgstr "domains"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:247
-#, fuzzy
-#| msgid ""
-#| "A domain is a database containing user information. SSSD can use more "
-#| "domains at the same time, but at least one must be configured or SSSD "
-#| "won't start.  This parameter described the list of domains in the order "
-#| "you want them to be queried.  A domain name should only consist of "
-#| "alphanumeric ASCII characters, dashes, dots and underscores."
 msgid ""
 "A domain is a database containing user information. SSSD can use more "
 "domains at the same time, but at least one must be configured or SSSD won't "
@@ -513,7 +539,7 @@ msgstr ""
 "ASCII, дефісів, крапок та знаків підкреслювання."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2508
 msgid "re_expression (string)"
 msgstr "re_expression (рядок)"
 
@@ -528,11 +554,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:267
-#, fuzzy
-#| msgid ""
-#| "Each domain can have an individual regular expression configured. For "
-#| "some ID providers there are also default regular expressions.  See DOMAIN "
-#| "SECTIONS for more info on these regular expressions."
 msgid ""
 "Each domain can have an individual regular expression configured. For some "
 "ID providers there are also default regular expressions. See DOMAIN SECTIONS "
@@ -544,12 +565,12 @@ msgstr ""
 "ДОМЕНІВ."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2391
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2559
 msgid "full_name_format (string)"
 msgstr "full_name_format (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2394
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2562
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -561,32 +582,32 @@ msgstr ""
 "домену."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2405
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2573
 msgid "%1$s"
 msgstr "%1$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2574
 msgid "user name"
 msgstr "ім’я користувача"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2577
 msgid "%2$s"
 msgstr "%2$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2412
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2580
 msgid "domain name as specified in the SSSD config file."
 msgstr "назва домену у форматі, вказаному у файлі налаштувань SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2418
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2586
 msgid "%3$s"
 msgstr "%3$s"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2421
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2589
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
@@ -595,7 +616,7 @@ msgstr ""
 "Directory, налаштованих та автоматично виявлених за зв’язками довіри IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2402
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2570
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -709,6 +730,15 @@ msgid ""
 "permissions may result in a non-usable SSSD. The same may occur in case of "
 "changes of the user running the NSS responder.  </phrase>"
 msgstr ""
+"Користувач, до якого слід скинути права доступу, якщо це потрібно для "
+"уникнення запуску від імені користувача root. <phrase condition="
+"\"have_systemd\"> Цей параметр не спрацює, якщо запущено служби, які "
+"активуються сокетами, оскільки ім'я користувача для запуску налаштовується "
+"під час збирання. Параметри файлів модулів systemd можна перевизначити "
+"створенням відповідних файлів у /etc/systemd/system/. Слід пам'ятати, щоб "
+"будь-які зміни у параметрах користувача, групи чи прав доступу можуть "
+"призвести до непрацездатності SSSD. Те саме може статися, якщо змінити "
+"користувача, від імені якого запущено відповідач NSS.  </phrase>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:391
@@ -753,11 +783,11 @@ msgstr ""
 "use_fully_qualified_names рівним False."
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1132 sssd-ldap.5.xml:679
-#: sssd-ldap.5.xml:1528 sssd-ldap.5.xml:1540 sssd-ldap.5.xml:1622
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1156 sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:1555 sssd-ldap.5.xml:1567 sssd-ldap.5.xml:1649
 #: sssd-ad.5.xml:667 sssd-ad.5.xml:742 sssd-krb5.5.xml:410 sssd-krb5.5.xml:556
-#: sssd-secrets.5.xml:272 sssd-secrets.5.xml:310 sssd-secrets.5.xml:323
-#: sssd-secrets.5.xml:337 sssd-secrets.5.xml:348
+#: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
+#: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415
 #: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
 msgid "Default: not set"
 msgstr "Типове значення: not set"
@@ -802,15 +832,13 @@ msgstr "Типове значення: не встановлено (пробіл
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:448
-#, fuzzy
-#| msgid "ldap_user_certificate (string)"
 msgid "certificate_verification (string)"
-msgstr "ldap_user_certificate (рядок)"
+msgstr "certificate_verification (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:456
 msgid "no_ocsp"
-msgstr ""
+msgstr "no_ocsp"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:458
@@ -819,11 +847,14 @@ msgid ""
 "needed if the OCSP servers defined in the certificate are not reachable from "
 "the client."
 msgstr ""
+"Вимикає перевірки протоколу стану мережевої сертифікації (Online Certificate "
+"Status Protocol або OCSP). Це може знадобитися, якщо сервери OCSP, визначені "
+"у сертифікаті, є недоступними з клієнта."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:466
 msgid "no_verification"
-msgstr ""
+msgstr "no_verification"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:468
@@ -831,11 +862,13 @@ msgid ""
 "Disables verification completely.  This option should only be used for "
 "testing."
 msgstr ""
+"Повністю вимикає перевірку. Цим варіантом слід користуватися лише для "
+"тестування."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:474
 msgid "ocsp_default_responder=URL"
-msgstr ""
+msgstr "ocsp_default_responder=URL"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:476
@@ -844,17 +877,22 @@ msgid ""
 "mentioned in the certificate. URL must be replaced with the URL of the OCSP "
 "default responder e.g.  http://example.com:80/ocsp."
 msgstr ""
+"Встановлює типовий відповідач OCSP, який слід використовувати замість "
+"визначеного у сертифікаті. Адресу слід замінити адресою типового "
+"відповідача, наприклад http://example.com:80/ocsp."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:482
 msgid ""
 "This option must be used together with ocsp_default_responder_signing_cert."
 msgstr ""
+"Цей параметр слід використовувати разом із параметром "
+"ocsp_default_responder_signing_cert."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:490
 msgid "ocsp_default_responder_signing_cert=NAME"
-msgstr ""
+msgstr "ocsp_default_responder_signing_cert=НАЗВА"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:492
@@ -863,49 +901,45 @@ msgid ""
 "The certificate with the given nickname must be available in the systems NSS "
 "database."
 msgstr ""
+"Альтернативна назва сертифіката, якому слід довіряти (очікувано) для "
+"підписування відповідей OCSP. Сертифікат із вказаною альтернативною назвою "
+"має зберігатися у базі даних NSS системи."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:497
-#, fuzzy
-#| msgid "These options can be used to configure the InfoPipe responder."
 msgid "This option must be used together with ocsp_default_responder."
 msgstr ""
-"Цими параметрами можна скористатися для налаштовування відповідача InfoPipe."
+"Цим параметром слід користуватися разом із параметром ocsp_default_responder."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:451
-#, fuzzy
-#| msgid ""
-#| "Treat user and group names as case sensitive. At the moment, this option "
-#| "is not supported in the local provider. Possible option values are: "
-#| "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
 "With this parameter the certificate verification can be tuned with a comma "
 "separated list of options. Supported options are: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
-"Враховувати регістр записів імен користувачів та назв груп. У поточній "
-"версії підтримку передбачено лише для локальних надавачів даних. Можливі "
-"значення параметра: <placeholder type=\"variablelist\" id=\"0\"/>"
+"За допомогою цього параметра можна виконати тонке налаштовування перевірки "
+"сертифікатів на основі списку параметрів, відокремлених комами. Підтримувані "
+"параметри: <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:504
 msgid "Unknown options are reported but ignored."
 msgstr ""
+"Обробник параметрів повідомлятиме про невідомі параметри і просто "
+"ігноруватиме їх."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:507
-#, fuzzy
-#| msgid "Default: not set, i.e. service discovery is disabled"
 msgid "Default: not set, i.e. do not restrict certificate verification"
-msgstr "Типове значення: не встановлено, тобто пошук служб вимкнено"
+msgstr ""
+"Типове значення: не встановлено, тобто перевірка сертифікатів нічим не "
+"обмежуватиметься"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:513
-#, fuzzy
-#| msgid "ldap_disable_paging (boolean)"
 msgid "disable_netlink (boolean)"
-msgstr "ldap_disable_paging (булеве значення)"
+msgstr "disable_netlink (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:516
@@ -913,6 +947,8 @@ msgid ""
 "SSSD hooks into the netlink interface to monitor changes to routes, "
 "addresses, links and trigger certain actions."
 msgstr ""
+"Перехоплювачі SSSD у інтерфейсі netlink для стеження за змінами у маршрутах, "
+"адресах, посилання та виконання певних дій."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:521
@@ -920,20 +956,18 @@ msgid ""
 "The SSSD state changes caused by netlink events may be undesirable and can "
 "be disabled by setting this option to 'true'"
 msgstr ""
+"Зміни стану SSSD, спричинені подіями netlink, можуть бути небажаними, їх "
+"можна вимкнути встановленням для цього параметра значення «true»"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:526
-#, fuzzy
-#| msgid "Default: False (disabled)"
 msgid "Default: false (netlink changes are detected)"
-msgstr "Типове значення: False (вимкнено)"
+msgstr "Типове значення: false (виявлення змін у netlink)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:531
-#, fuzzy
-#| msgid "ad_enable_dns_sites (boolean)"
 msgid "enable_files_domain (boolean)"
-msgstr "ad_enable_dns_sites (булеве значення)"
+msgstr "enable_files_domain (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:534
@@ -941,11 +975,13 @@ msgid ""
 "When this option is enabled, SSSD prepends an implicit domain with "
 "<quote>id_provider=files</quote> before any explicitly configured domains."
 msgstr ""
+"Якщо цю можливість увімкнено, SSSD дописуватиме неявний домен із "
+"<quote>id_provider=files</quote> до усіх явним чином налаштованих доменів."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sssd.conf.5.xml:548
 msgid "domain_resolution_order"
-msgstr ""
+msgstr "domain_resolution_order"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sssd.conf.5.xml:551
@@ -957,9 +993,31 @@ msgid ""
 "subdomains which are not listed as part of <quote>lookup_order</quote> will "
 "be looked up in a random order for each parent domain."
 msgstr ""
+"Список доменів і піддоменів, відокремлених комами, який визначає порядок "
+"пошуку, який використовуватиметься. Список не обов'язково включатиме усі "
+"можливі домени, оскільки пошук у пропущених доменах відбуватиметься у "
+"порядку, у якому їх вказано у параметрі налаштування <quote>domains</quote>. "
+"Пошук у піддоменах, яких немає у списку <quote>lookup_order</quote>, "
+"відбуватиметься у випадковому порядку для кожного батьківського домену."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:563
+msgid ""
+"Please, note that when this option is set the output format of all commands "
+"is always fully-qualified even when using short names for input.  In case "
+"the administrator wants the output not fully-qualified, the full_name_format "
+"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
+"However, keep in mind that during login, login applications often "
+"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
+"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
+"shortname is returned for a qualified input (while trying to reach a user "
+"which exists in multiple domains) might re-route the login attempt into the "
+"domain which users shortnames, making this workaround totally not "
+"recommended in cases where usernames may overlap between domains."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563 sssd.conf.5.xml:1340 sssd.conf.5.xml:2757
+#: sssd.conf.5.xml:587 sssd.conf.5.xml:1364 sssd.conf.5.xml:2931
 #: sssd-ad.5.xml:148 sssd-ad.5.xml:286 sssd-ad.5.xml:300
 msgid "Default: Not set"
 msgstr "Типове значення: не встановлено"
@@ -981,12 +1039,12 @@ msgstr ""
 "профілів.  <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:574
+#: sssd.conf.5.xml:598
 msgid "SERVICES SECTIONS"
 msgstr "РОЗДІЛИ СЛУЖБ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:600
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -999,22 +1057,22 @@ msgstr ""
 "у розділі <quote>[nss]</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:607
 msgid "General service configuration options"
 msgstr "Загальні параметри налаштування служб"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:609
 msgid "These options can be used to configure any service."
 msgstr "Цими параметрами можна скористатися для налаштування будь-яких служб."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:626
 msgid "fd_limit"
 msgstr "fd_limit"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:605
+#: sssd.conf.5.xml:629
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -1030,22 +1088,17 @@ msgstr ""
 "цього параметра і обмеженням \"hard\" у  limits.conf."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:614
+#: sssd.conf.5.xml:638
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr "Типове значення: 8192 (або обмеження у limits.conf \"hard\")"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:643
 msgid "client_idle_timeout"
 msgstr "client_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
-#, fuzzy
-#| msgid ""
-#| "This option specifies the number of seconds that a client of an SSSD "
-#| "process can hold onto a file descriptor without communicating on it. This "
-#| "value is limited in order to avoid resource exhaustion on the system."
+#: sssd.conf.5.xml:646
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -1056,21 +1109,23 @@ msgstr ""
 "За допомогою цього параметра можна визначити кількість секунд, протягом яких "
 "клієнтська частина SSSD може утримувати дескриптор файла без здійснення за "
 "його допомогою обміну даними. Таке обмеження потрібне для того, щоб уникнути "
-"вичерпання ресурсів системи."
+"вичерпання ресурсів системи. Час очікування не може бути меншим за 10 "
+"секунд. Якщо у налаштуваннях вказано менше значення, його буде скориговано "
+"до 10 секунд."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:631 sssd.conf.5.xml:663 sssd.conf.5.xml:944
-#: sssd.conf.5.xml:1198 sssd-ldap.5.xml:1267
+#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
+#: sssd.conf.5.xml:1222 sssd-ldap.5.xml:1294
 msgid "Default: 60"
 msgstr "Типове значення: 60"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:660
 msgid "offline_timeout (integer)"
 msgstr "offline_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:663
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -1082,12 +1137,12 @@ msgstr ""
 "значення вказується у секундах і обчислюється за такою формулою:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:670
 msgid "offline_timeout + random_offset"
 msgstr "час_очікування_для_переходу_у_автономний_режим + випадковий_зсув"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:673
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
@@ -1097,12 +1152,12 @@ msgstr ""
 "таким чином:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:678
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr "новий_інтервал = старий_інтервал*2 + випадковий_зсув"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:681
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -1113,14 +1168,12 @@ msgstr ""
 "перевищує годину, буде встановлено інтервал у одну годину."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:668
-#, fuzzy
-#| msgid "client_idle_timeout"
+#: sssd.conf.5.xml:692
 msgid "responder_idle_timeout"
-msgstr "client_idle_timeout"
+msgstr "responder_idle_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:695
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -1130,32 +1183,41 @@ msgid ""
 "built with systemd support and when services are either socket or dbus "
 "activated."
 msgstr ""
+"Цей параметр визначає кількість секунд, протягом яких процес відповідача "
+"SSSD може працювати без використання. Це значення обмежено з метою уникнення "
+"вичерпання ресурсів системи. Мінімальним прийнятним значенням для цього "
+"параметра є 60 секунд. Встановлення для цього параметра значення 0 (нуль) "
+"означає, що для відповідача не встановлюватиметься ніякого часу очікування. "
+"Цей параметр враховуватиметься, лише якщо SSSD зібрано з підтримкою systemd "
+"і якщо служби активуються за допомогою або сокетів або D-Bus."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685 sssd.conf.5.xml:956 sssd.conf.5.xml:1514
+#: sssd.conf.5.xml:709 sssd.conf.5.xml:980 sssd.conf.5.xml:1559
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr "Типове значення: 300"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:690
+#: sssd.conf.5.xml:714
 msgid "cache_first"
-msgstr ""
+msgstr "cache_first"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:717
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
+"Цей параметр визначає, чи слід відповідачеві опитати усі кеші до надсилання "
+"запису до модулів засобів надання даних."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:729
 msgid "NSS configuration options"
 msgstr "Параметри налаштування NSS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:731
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
@@ -1163,12 +1225,12 @@ msgstr ""
 "Switch (NSS або перемикання служби визначення назв)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:712
+#: sssd.conf.5.xml:736
 msgid "enum_cache_timeout (integer)"
 msgstr "enum_cache_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715
+#: sssd.conf.5.xml:739
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
@@ -1177,17 +1239,17 @@ msgstr ""
 "кеші nss_sss у секундах"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:719
+#: sssd.conf.5.xml:743
 msgid "Default: 120"
 msgstr "Типове значення: 120"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:748
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr "entry_cache_nowait_percentage (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
+#: sssd.conf.5.xml:751
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1198,7 +1260,7 @@ msgstr ""
 "entry_cache_timeout для домену період часу."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:733
+#: sssd.conf.5.xml:757
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1213,7 +1275,7 @@ msgstr ""
 "розблокування після оновлення кешу."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:767
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1227,17 +1289,17 @@ msgstr ""
 "можливість."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:775 sssd.conf.5.xml:1421
 msgid "Default: 50"
 msgstr "Типове значення: 50"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:780
 msgid "entry_negative_timeout (integer)"
 msgstr "entry_negative_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:783
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1248,83 +1310,75 @@ msgstr ""
 "даних, зокрема неіснуючих) перед повторним запитом до сервера обробки."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:765 sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:789 sssd.conf.5.xml:1445
 msgid "Default: 15"
 msgstr "Типове значення: 15"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:770
-#, fuzzy
-#| msgid "autofs_negative_timeout (integer)"
+#: sssd.conf.5.xml:794
 msgid "local_negative_timeout (integer)"
-msgstr "autofs_negative_timeout (ціле число)"
+msgstr "local_negative_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:773
-#, fuzzy
-#| msgid ""
-#| "Specifies for how many seconds nss_sss should cache negative cache hits "
-#| "(that is, queries for invalid database entries, like nonexistent ones)  "
-#| "before asking the back end again."
+#: sssd.conf.5.xml:797
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again."
 msgstr ""
-"Визначає кількість секунд, протягом яких nss_sss має кешувати негативні "
-"результати пошуку у кеші (тобто запити щодо некоректних записів у базі "
-"даних, зокрема неіснуючих) перед повторним запитом до сервера обробки."
+"Визначає кількість секунд, протягом яких nss_sss має зберігати негативні "
+"результати пошуку у кеші користувачів і груп, перші ніж намагатися знову "
+"шукати їх за допомогою модуля надання даних."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778 sssd.conf.5.xml:1186 sssd.conf.5.xml:2641 sssd.8.xml:79
+#: sssd.conf.5.xml:802 sssd.conf.5.xml:1210 sssd.conf.5.xml:2815 sssd.8.xml:79
 msgid "Default: 0"
 msgstr "Типове значення: 0"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:807
 msgid "filter_users, filter_groups (string)"
 msgstr "filter_users, filter_groups (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:786
-#, fuzzy
-#| msgid ""
-#| "Exclude certain users from being fetched from the sss NSS database. This "
-#| "is particularly useful for system accounts. This option can also be set "
-#| "per-domain or include fully-qualified names to filter only users from the "
-#| "particular domain."
+#: sssd.conf.5.xml:810
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
 "also be set per-domain or include fully-qualified names to filter only users "
 "from the particular domain."
 msgstr ""
-"Виключити певних користувачів зі списку отримання даних з бази даних NSS "
-"sss. Таке виключення може бути корисним для облікових записів керування "
-"системою. Цей параметр також можна встановлювати для кожного з доменів "
-"окремо або включити до нього імена користувачів повністю для обмеження "
-"списку користувачами лише з певного домену."
+"Виключити певних користувачів або групи зі списку отримання даних з бази "
+"даних NSS sss. Таке виключення може бути корисним для облікових записів "
+"керування системою. Цей параметр також можна встановлювати для кожного з "
+"доменів окремо або включити до нього імена користувачів повністю для "
+"обмеження списку користувачами лише з певного домену."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:817
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
 "NSS. E.g. a group having a member group filtered out will still have the "
 "member users of the latter listed."
 msgstr ""
+"ЗАУВАЖЕННЯ: параметр filter_groups не впливає на успадкованість вкладених "
+"записів групи, оскільки фільтрування відбувається після їх передавання для "
+"повернення за допомогою NSS. Наприклад, у списку групи, що містить вкладену "
+"групу, яку відфільтровано, залишатимуться записи користувачів "
+"відфільтрованої групи."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:801
+#: sssd.conf.5.xml:825
 msgid "Default: root"
 msgstr "Типове значення: root"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:830
 msgid "filter_users_in_groups (bool)"
 msgstr "filter_users_in_groups (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:833
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
@@ -1332,12 +1386,12 @@ msgstr ""
 "встановіть для цього параметра значення «false»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:820
+#: sssd.conf.5.xml:844
 msgid "fallback_homedir (string)"
 msgstr "fallback_homedir (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:847
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
@@ -1346,7 +1400,7 @@ msgstr ""
 "каталог не вказано явним чином засобом надання даних домену."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:852
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
@@ -1354,7 +1408,7 @@ msgstr ""
 "для параметра override_homedir."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:834
+#: sssd.conf.5.xml:858
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1364,25 +1418,25 @@ msgstr ""
 "                            "
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1265 sssd.conf.5.xml:1284
+#: sssd.conf.5.xml:856 sssd.conf.5.xml:1289 sssd.conf.5.xml:1308
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "приклад: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:862
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 "Типове значення: не встановлено (без замін для невстановлених домашніх "
 "каталогів)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:868
 msgid "override_shell (string)"
 msgstr "override_shell (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:871
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1394,19 +1448,19 @@ msgstr ""
 "або для кожного з доменів окремо."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:877
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 "Типове значення: не встановлено (SSSD використовуватиме значення, отримане "
 "від LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:883
 msgid "allowed_shells (string)"
 msgstr "allowed_shells (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:886
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
@@ -1414,13 +1468,13 @@ msgstr ""
 "визначення оболонки є таким:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:889
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 "1. Якщо оболонку вказано у <quote>/etc/shells</quote>, її буде використано."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:869
+#: sssd.conf.5.xml:893
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
@@ -1430,7 +1484,7 @@ msgstr ""
 "shell_fallback."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:898
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
@@ -1439,14 +1493,14 @@ msgstr ""
 "<quote>/etc/shells</quote>, буде використано оболонку nologin."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:879
+#: sssd.conf.5.xml:903
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 "Для визначення будь-якої командної оболонки можна скористатися шаблоном "
 "заміни (*)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:906
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1458,12 +1512,12 @@ msgstr ""
 "справою."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:913
 msgid "An empty string for shell is passed as-is to libc."
 msgstr "Порожній рядок оболонки буде передано без обробки до libc."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:892
+#: sssd.conf.5.xml:916
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
@@ -1472,29 +1526,29 @@ msgstr ""
 "тобто у разі встановлення нової оболонки слід перезапустити SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:920
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 "Типове значення: не встановлено. Автоматично використовується оболонка "
 "користувача."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:925
 msgid "vetoed_shells (string)"
 msgstr "vetoed_shells (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:904
+#: sssd.conf.5.xml:928
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr "Замінити всі записи цих оболонок на shell_fallback"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:909
+#: sssd.conf.5.xml:933
 msgid "shell_fallback (string)"
 msgstr "shell_fallback (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:936
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
@@ -1502,17 +1556,17 @@ msgstr ""
 "системі не встановлено."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:940
 msgid "Default: /bin/sh"
 msgstr "Типове значення: /bin/sh"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:945
 msgid "default_shell"
 msgstr "default_shell"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:948
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
@@ -1522,7 +1576,7 @@ msgstr ""
 "або на загальному рівні у розділі [nss], або окремо для кожного з доменів."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:954
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
@@ -1532,12 +1586,12 @@ msgstr ""
 "зазвичай /bin/sh)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:937 sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:961 sssd.conf.5.xml:1215
 msgid "get_domains_timeout (int)"
 msgstr "get_domains_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1218
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
@@ -1546,16 +1600,12 @@ msgstr ""
 "чинним."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:973
 msgid "memcache_timeout (int)"
 msgstr "memcache_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:952
-#, fuzzy
-#| msgid ""
-#| "Specifies time in seconds for which records in the in-memory cache will "
-#| "be valid"
+#: sssd.conf.5.xml:976
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid."
@@ -1564,33 +1614,22 @@ msgstr ""
 "чинним."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
-#, fuzzy
-#| msgid ""
-#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
-#| "applications will not use the fast in memory cache."
+#: sssd.conf.5.xml:983
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
-"Якщо для змінної середовища SSS_NSS_USE_MEMCACHE встановлено значення «NO», "
-"клієнтські програми не використовуватимуть fast у кеші у пам’яті."
+"ЗАУВАЖЕННЯ: якщо для змінної середовища SSS_NSS_USE_MEMCACHE встановлено "
+"значення «NO», клієнтські програми не використовуватимуть fast у кеші у "
+"пам’яті."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:967 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:991 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr "user_attributes (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
-#, fuzzy
-#| msgid ""
-#| "Some of the additional NSS responder requests can return more attributes "
-#| "than just the POSIX ones defined by the NSS interface. The list of "
-#| "attributes is controlled by this option. It is handle the same way as the "
-#| "<quote>user_attributes</quote> option of the InfoPipe responder (see "
-#| "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> for details) but with no default values."
+#: sssd.conf.5.xml:994
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1607,7 +1646,7 @@ msgstr ""
 "manvolnum> </citerefentry>, щоб дізнатися більше), але без типових значень."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1007
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
@@ -1616,46 +1655,48 @@ msgstr ""
 "на те, чи не встановлено його для відповідача NSS."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1012
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 "Типове значення: не встановлено, резервне значення визначається за "
 "параметром InfoPipe"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:993
-#, fuzzy
-#| msgid "skel_dir (string)"
+#: sssd.conf.5.xml:1017
 msgid "pwfield (string)"
-msgstr "skel_dir (рядок)"
+msgstr "pwfield (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:996
+#: sssd.conf.5.xml:1020
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
+"Значення, яке повертають операції NSS, які повертають записи користувачів чи "
+"груп, для поля <quote>password</quote>."
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1025 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 "Значення цього параметра можна встановлювати для кожного з доменів окремо."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1004
+#: sssd.conf.5.xml:1028
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
+"Типове значення: <quote>*</quote> (віддалені домени) або <quote>x</quote> "
+"(файловий домен)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1012
+#: sssd.conf.5.xml:1036
 msgid "PAM configuration options"
 msgstr "Параметри налаштування PAM"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1038
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
@@ -1664,12 +1705,12 @@ msgstr ""
 "Authentication Module (PAM або блокового модуля розпізнавання)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1043
 msgid "offline_credentials_expiration (integer)"
 msgstr "offline_credentials_expiration (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1022
+#: sssd.conf.5.xml:1046
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
@@ -1679,17 +1720,17 @@ msgstr ""
 "входу до системи)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027 sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1051 sssd.conf.5.xml:1064
 msgid "Default: 0 (No limit)"
 msgstr "Типове значення: 0 (без обмежень)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1057
 msgid "offline_failed_login_attempts (integer)"
 msgstr "offline_failed_login_attempts (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1060
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
@@ -1698,12 +1739,12 @@ msgstr ""
 "дозволену кількість спроб входу з визначенням помилкового пароля."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1070
 msgid "offline_failed_login_delay (integer)"
 msgstr "offline_failed_login_delay (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1073
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
@@ -1713,7 +1754,7 @@ msgstr ""
 "системи."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1078
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1725,17 +1766,17 @@ msgstr ""
 "увімкнути можливість автономного розпізнавання."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1084 sssd.conf.5.xml:1182
 msgid "Default: 5"
 msgstr "Типове значення: 5"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1090
 msgid "pam_verbosity (integer)"
 msgstr "pam_verbosity (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1093
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
@@ -1744,114 +1785,128 @@ msgstr ""
 "розпізнавання. Чим більшим є значення, тим більше повідомлень буде показано."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1098
 msgid "Currently sssd supports the following values:"
 msgstr "У поточній версії sssd передбачено підтримку таких значень:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1101
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr "<emphasis>0</emphasis>: не показувати жодних повідомлень"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1104
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr "<emphasis>1</emphasis>: показувати лише важливі повідомлення"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1108
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr "<emphasis>2</emphasis>: показувати всі інформаційні повідомлення"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1111
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 "<emphasis>3</emphasis>: показувати всі повідомлення та діагностичні дані"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.8.xml:63
+#: sssd.conf.5.xml:1115 sssd.8.xml:63
 msgid "Default: 1"
 msgstr "Типове значення: 1"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
-#, fuzzy
-#| msgid "pam_verbosity (integer)"
+#: sssd.conf.5.xml:1121
 msgid "pam_response_filter (integer)"
-msgstr "pam_verbosity (ціле число)"
+msgstr "pam_response_filter (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1124
+#, fuzzy
+#| msgid ""
+#| "A comma separated list of strings which allows to remove (filter) data "
+#| "send by the PAM responder to pam_sss PAM module. There are different kind "
+#| "of responses send to pam_sss e.g. messages displayed to the user or "
+#| "environment variables which should be set by pam_sss."
 msgid ""
-"A comma separated list of strings which allows to remove (filter) data send "
+"A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
-"responses send to pam_sss e.g. messages displayed to the user or environment "
+"responses sent to pam_sss e.g. messages displayed to the user or environment "
 "variables which should be set by pam_sss."
 msgstr ""
+"Список рядків, відокремлених комами, за допомогою якого можна вилучати "
+"(фільтрувати) дані, які надсилаються відповідачем PAM до модуля PAM pam_sss. "
+"Існують різні тип відповідей, які надсилаються до pam_sss, наприклад "
+"повідомлення, які показуються користувачеві, або змінні середовища, які слід "
+"встановлювати за допомогою pam_sss."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1132
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
+"Хоча повідомленнями вже можна керувати за допомогою параметра pam_verbosity, "
+"за допомогою цього параметра можна відфільтрувати також інші типи "
+"повідомлень."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1139
 msgid "ENV"
-msgstr ""
+msgstr "ENV"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1116
-msgid "Do not sent any environment variables to any service."
-msgstr ""
+#: sssd.conf.5.xml:1140
+#, fuzzy
+#| msgid "Do not sent any environment variables to any service."
+msgid "Do not send any environment variables to any service."
+msgstr "Не надсилати жодних змінних середовища до жодної служби."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1143
 msgid "ENV:var_name"
-msgstr ""
+msgstr "ENV:назва_змінної"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
-msgid "Do not sent environment variable var_name to any service."
-msgstr ""
+#: sssd.conf.5.xml:1144
+#, fuzzy
+#| msgid "Do not sent environment variable var_name to any service."
+msgid "Do not send environment variable var_name to any service."
+msgstr "Не надсилати змінної середовища назва_змінної до жодної служби."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1148
 msgid "ENV:var_name:service"
-msgstr ""
+msgstr "ENV:назва_змінної:служба"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1125
-msgid "Do not sent environment variable var_name to service."
-msgstr ""
+#: sssd.conf.5.xml:1149
+#, fuzzy
+#| msgid "Do not sent environment variable var_name to service."
+msgid "Do not send environment variable var_name to service."
+msgstr "Не надсилати змінної середовища назва_змінної до вказаної служби."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
-#, fuzzy
-#| msgid ""
-#| "The following expansions are supported: <placeholder type=\"variablelist"
-#| "\" id=\"0\"/>"
+#: sssd.conf.5.xml:1137
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
-"Передбачено використання таких замінників: <placeholder type=\"variablelist"
-"\" id=\"0\"/>"
+"У поточній версії передбачено підтримку таких фільтрів: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1159
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
-msgstr ""
+msgstr "Приклад: ENV:KRB5CCNAME:sudo-i"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1165
 msgid "pam_id_timeout (integer)"
 msgstr "pam_id_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1168
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1862,7 +1917,7 @@ msgstr ""
 "що розпізнавання виконується на основі найсвіжіших даних."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1174
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1876,18 +1931,18 @@ msgstr ""
 "надання даних профілів."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1188
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr "pam_pwd_expiration_warning (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1167 sssd.conf.5.xml:1866
+#: sssd.conf.5.xml:1191 sssd.conf.5.xml:2010
 msgid "Display a warning N days before the password expires."
 msgstr ""
 "Показати попередження за вказану кількість днів перед завершенням дії пароля."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1194
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1898,7 +1953,7 @@ msgstr ""
 "попередження."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1869
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2013
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
@@ -1908,7 +1963,7 @@ msgstr ""
 "буде автоматично показано."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1205
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
@@ -1917,17 +1972,12 @@ msgstr ""
 "<emphasis>pwd_expiration_warning</emphasis> для окремого домену."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1227
 msgid "pam_trusted_users (string)"
 msgstr "pam_trusted_users (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1206
-#, fuzzy
-#| msgid ""
-#| "Specifies the comma-separated list of UID values or user names that are "
-#| "allowed to access the InfoPipe responder. User names are resolved to UIDs "
-#| "at startup."
+#: sssd.conf.5.xml:1230
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1935,20 +1985,21 @@ msgid ""
 "<quote>pam_public_domains</quote>.  User names are resolved to UIDs at "
 "startup."
 msgstr ""
-"Визначає список значень UID або імен користувачів, відокремлених комами. "
-"Користувачам з цього списку буде дозволено доступ до відповідача InfoPipe. "
-"UID за іменами користувачів визначатимуться під час запуску."
+"Визначає список відокремлених комами значень UID або імен користувачів, яким "
+"дозволено виконувати обмін даними PAM із довіреними доменами. Користувачі, "
+"яких не включено до цього списку, можуть отримувати доступ лише до доменів, "
+"які позначено як загальнодоступні (public) за допомогою "
+"<quote>pam_public_domains</quote>. Імена користувачів перетворюються на UID "
+"під час запуску системи."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
-#, fuzzy
-#| msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1240
 msgid "Default: All users are considered trusted by default"
 msgstr ""
-"Типове значення: all (Доступ до відповідача PAM отримують усі користувачі)"
+"Типове значення: типово усі користувачі вважаються надійними (довіреними)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1220
+#: sssd.conf.5.xml:1244
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
@@ -1957,12 +2008,12 @@ msgstr ""
 "відповідача PAM, навіть якщо користувача немає у списку pam_trusted_users."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1251
 msgid "pam_public_domains (string)"
 msgstr "pam_public_domains (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1254
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
@@ -1971,12 +2022,12 @@ msgstr ""
 "отримувати навіть ненадійні користувачі."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1258
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr "Визначено два спеціальних значення параметра pam_public_domains:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1238
+#: sssd.conf.5.xml:1262
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
@@ -1984,7 +2035,7 @@ msgstr ""
 "PAM.)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1242
+#: sssd.conf.5.xml:1266
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
@@ -1993,144 +2044,144 @@ msgstr ""
 "відповідачі.)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1246 sssd.conf.5.xml:1271 sssd.conf.5.xml:1290
-#: sssd.conf.5.xml:1663 sssd.conf.5.xml:2577 sssd-ldap.5.xml:1823
+#: sssd.conf.5.xml:1270 sssd.conf.5.xml:1295 sssd.conf.5.xml:1314
+#: sssd.conf.5.xml:1807 sssd.conf.5.xml:2751 sssd-ldap.5.xml:1850
 msgid "Default: none"
 msgstr "Типове значення: none"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1275
 msgid "pam_account_expired_message (string)"
 msgstr "pam_account_expired_message (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1254
+#: sssd.conf.5.xml:1278
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
+"Надає змогу встановити нетипове повідомлення щодо завершення строку дії, яке "
+"замінити типове повідомлення «Доступ заборонено» («Permission denied»)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1283
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
+"Зауваження: будь ласка, зверніть увагу на те, що повідомлення буде виведено "
+"для служби SSH, лише якщо pam_verbosity не встановлено у значення 3 "
+"(показувати усі повідомлення і діагностичні дані)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1267
-#, fuzzy, no-wrap
-#| msgid ""
-#| "pam_account_expired_message = Account expired, please call help desk.\n"
-#| "                            "
+#: sssd.conf.5.xml:1291
+#, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
 "                            "
 msgstr ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_expired_message = Account expired, please contact help desk.\n"
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1276
-#, fuzzy
-#| msgid "pam_account_expired_message (string)"
+#: sssd.conf.5.xml:1300
 msgid "pam_account_locked_message (string)"
-msgstr "pam_account_expired_message (рядок)"
+msgstr "pam_account_locked_message (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1303
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
+"Надає змогу встановити нетипове повідомлення щодо блокування, яке замінити "
+"типове повідомлення «Доступ заборонено» («Permission denied»)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1286
-#, fuzzy, no-wrap
-#| msgid ""
-#| "pam_account_expired_message = Account expired, please call help desk.\n"
-#| "                            "
+#: sssd.conf.5.xml:1310
+#, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
 "                            "
 msgstr ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_locked_message = Account locked, please contact help desk.\n"
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
-#, fuzzy
-#| msgid "enumerate (bool)"
+#: sssd.conf.5.xml:1319
 msgid "pam_cert_auth (bool)"
-msgstr "enumerate (булеве значення)"
+msgstr "pam_cert_auth (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1322
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
 "authentication process this option is disabled by default."
 msgstr ""
+"Увімкнути сертифікацію на основі розпізнавання за смарткартками. Оскільки це "
+"потребує додаткового обміну даним із смарткарткою, що затримує процес "
+"розпізнавання, типово таку сертифікацію вимкнено."
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1304 sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1078
-#: sssd-ldap.5.xml:1369 sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1896
+#: sssd.conf.5.xml:1328 sssd-ldap.5.xml:1078 sssd-ldap.5.xml:1105
+#: sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1417 sssd-ldap.5.xml:1923
 #: include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr "Типове значення: False"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1309
-#, fuzzy
-#| msgid "krb5_confd_path (string)"
+#: sssd.conf.5.xml:1333
 msgid "pam_cert_db_path (string)"
-msgstr "krb5_confd_path (рядок)"
+msgstr "pam_cert_db_path (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1312
+#: sssd.conf.5.xml:1336
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
+"Шлях до бази даних сертифікатів, яка містить модулі PKCS#11 для доступу до "
+"смарткартки."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1340
 msgid "Default: /etc/pki/nssdb (NSS version)"
-msgstr ""
+msgstr "Типове значення: /etc/pki/nssdb (версія NSS)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
-#, fuzzy
-#| msgid "pam_id_timeout (integer)"
+#: sssd.conf.5.xml:1345
 msgid "p11_child_timeout (integer)"
-msgstr "pam_id_timeout (ціле число)"
+msgstr "p11_child_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1348
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
+"Час у секундах, протягом якого pam_sss очікуватиме на завершення роботи "
+"p11_child."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
-#, fuzzy
-#| msgid "ad_gpo_map_service (string)"
+#: sssd.conf.5.xml:1357
 msgid "pam_app_services (string)"
-msgstr "ad_gpo_map_service (рядок)"
+msgstr "pam_app_services (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1360
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
+"Визначає, яким службам PAM дозволено встановлювати з'єднання із доменами "
+"типу <quote>application</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1349
+#: sssd.conf.5.xml:1373
 msgid "SUDO configuration options"
 msgstr "Параметри налаштування SUDO"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1351
+#: sssd.conf.5.xml:1375
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -2148,12 +2199,12 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1392
 msgid "sudo_timed (bool)"
 msgstr "sudo_timed (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1371
+#: sssd.conf.5.xml:1395
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
@@ -2161,23 +2212,40 @@ msgstr ""
 "Визначає, чи слід обробляти атрибути sudoNotBefore і sudoNotAfter, "
 "призначені для визначення часових обмежень для записів sudoers."
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1407
+#, fuzzy
+#| msgid "ldap_deref_threshold (integer)"
+msgid "sudo_threshold (integer)"
+msgstr "ldap_deref_threshold (ціле число)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1410
+msgid ""
+"Maximum number of expired rules that can be refreshed at once. If number of "
+"expired rules is below threshold, those rules are refreshed with "
+"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
+"<quote>full refresh</quote> of sudo rules is triggered instead. This "
+"threshold number also applies to IPA sudo command and command group searches."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1429
 msgid "AUTOFS configuration options"
 msgstr "Параметри налаштування AUTOFS"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1431
 msgid "These options can be used to configure the autofs service."
 msgstr "Цими параметрами можна скористатися для налаштування служби autofs."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1390
+#: sssd.conf.5.xml:1435
 msgid "autofs_negative_timeout (integer)"
 msgstr "autofs_negative_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1393
+#: sssd.conf.5.xml:1438
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -2188,22 +2256,22 @@ msgstr ""
 "базі даних, зокрема неіснуючих) перед повторним запитом до сервера обробки."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1409
+#: sssd.conf.5.xml:1454
 msgid "SSH configuration options"
 msgstr "Параметри налаштувань SSH"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1411
+#: sssd.conf.5.xml:1456
 msgid "These options can be used to configure the SSH service."
 msgstr "Цими параметрами можна скористатися для налаштування служби SSH."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1415
+#: sssd.conf.5.xml:1460
 msgid "ssh_hash_known_hosts (bool)"
 msgstr "ssh_hash_known_hosts (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1463
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
@@ -2211,12 +2279,12 @@ msgstr ""
 "Чи слід хешувати назви та адреси вузлів у керованому файлі known_hosts."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1427
+#: sssd.conf.5.xml:1472
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr "ssh_known_hosts_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430
+#: sssd.conf.5.xml:1475
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
@@ -2225,47 +2293,36 @@ msgstr ""
 "файлі known_hosts після надсилання запиту щодо ключів вузла."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1434
+#: sssd.conf.5.xml:1479
 msgid "Default: 180"
 msgstr "Типове значення: 180"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1439
-#, fuzzy
-#| msgid "mail_dir (string)"
+#: sssd.conf.5.xml:1484
 msgid "ca_db (string)"
-msgstr "mail_dir (рядок)"
+msgstr "ca_db (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1487
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
+"Шлях до сховища довірених сертифікатів CA. Параметр використовується для "
+"перевірки сертифікатів користувачів до отримання з них відкритих ключів ssh."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1447
-#, fuzzy
-#| msgid "Default: /etc/krb5.keytab"
+#: sssd.conf.5.xml:1492
 msgid "Default: /etc/pki/nssdb"
-msgstr "Типове значення: /etc/krb5.keytab"
+msgstr "Типове значення: /etc/pki/nssdb"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1455
+#: sssd.conf.5.xml:1500
 msgid "PAC responder configuration options"
 msgstr "Параметри налаштування відповідача PAC"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1457
-#, fuzzy
-#| msgid ""
-#| "The PAC responder works together with the authorization data plugin for "
-#| "MIT Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin "
-#| "sends the PAC data during a GSSAPI authentication to the PAC responder. "
-#| "The sub-domain provider collects domain SID and ID ranges of the domain "
-#| "the client is joined to and of remote trusted domains from the local "
-#| "domain controller.  If the PAC is decoded and evaluated some of the "
-#| "following operations are done:"
+#: sssd.conf.5.xml:1502
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -2283,15 +2340,7 @@ msgstr ""
 "декодовано і визначено, виконуються деякі з таких дій:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1466
-#, fuzzy
-#| msgid ""
-#| "If the remote user does not exist in the cache, it is created. The uid is "
-#| "determined with the help of the SID, trusted domains will have UPGs and "
-#| "the gid will have the same value as the uid. The home directory is set "
-#| "based on the subdomain_homedir parameter. The shell will be empty by "
-#| "default, i.e. the system defaults are used, but can be overwritten with "
-#| "the default_shell parameter."
+#: sssd.conf.5.xml:1511
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -2309,7 +2358,7 @@ msgstr ""
 "параметра default_shell."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1519
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
@@ -2318,18 +2367,18 @@ msgstr ""
 "додано до цих груп."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1525
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 "Цими параметрами можна скористатися для налаштовування відповідача PAC."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1484 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1529 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr "allowed_uids (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1487
+#: sssd.conf.5.xml:1532
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -2340,14 +2389,14 @@ msgstr ""
 "іменами користувачів визначатимуться під час запуску."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1538
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 "Типове значення: 0 (доступ до відповідача PAC має лише адміністративний "
 "користувач (root))"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1497
+#: sssd.conf.5.xml:1542
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -2361,93 +2410,252 @@ msgstr ""
 "запис 0."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
-#, fuzzy
-#| msgid "pam_id_timeout (integer)"
+#: sssd.conf.5.xml:1551
 msgid "pac_lifetime (integer)"
-msgstr "pam_id_timeout (ціле число)"
+msgstr "pac_lifetime (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1554
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
+"Строк дії запису PAC у секундах. Якщо PAC є чинним, дані PAC можна "
+"використовувати для визначення членства користувача у групі."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1567
+#, fuzzy
+#| msgid "PAC responder configuration options"
+msgid "Session recording configuration options"
+msgstr "Параметри налаштування відповідача PAC"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1569
+#, fuzzy
+#| msgid ""
+#| "This manual page describes the configuration of the AD provider for "
+#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
+#| "manvolnum> </citerefentry>.  For a detailed syntax reference, refer to "
+#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
+#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> manual page."
+msgid ""
+"Session recording works in conjunction with <citerefentry> "
+"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>, a part of tlog package, to log what users see and type when "
+"they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
+"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+"На цій сторінці довідника описано налаштування засобу керування доступом AD "
+"для <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>. Щоб дізнатися більше про синтаксис налаштування, "
+"зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1582
+#, fuzzy
+#| msgid "These options can be used to configure any service."
+msgid "These options can be used to configure session recording."
+msgstr "Цими параметрами можна скористатися для налаштування будь-яких служб."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1586 sssd-session-recording.5.xml:64
+#, fuzzy
+#| msgid "user (string)"
+msgid "scope (string)"
+msgstr "user (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:71
+#, fuzzy
+#| msgid "none"
+msgid "\"none\""
+msgstr "none"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:74
+#, fuzzy
+#| msgid "Show user overrides."
+msgid "No users are recorded."
+msgstr "Показати перевизначення користувача."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1601 sssd-session-recording.5.xml:79
+msgid "\"some\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1604 sssd-session-recording.5.xml:82
+#, fuzzy
+#| msgid ""
+#| "Append this user to groups specified by the <replaceable>GROUPS</"
+#| "replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter "
+#| "is a comma separated list of group names."
+msgid ""
+"Users/groups specified by <replaceable>users</replaceable> and "
+"<replaceable>groups</replaceable> options are recorded."
+msgstr ""
+"Додати запис користувача до груп, вказаних за допомогою параметра "
+"<replaceable>ГРУПИ</replaceable>. Параметр <replaceable>ГРУПИ</replaceable> "
+"є списком груп, відокремлених комами."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1613 sssd-session-recording.5.xml:91
+msgid "\"all\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1616 sssd-session-recording.5.xml:94
+msgid "All users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1589 sssd-session-recording.5.xml:67
+#, fuzzy
+#| msgid ""
+#| "The following expansions are supported: <placeholder type=\"variablelist"
+#| "\" id=\"0\"/>"
+msgid ""
+"One of the following strings specifying the scope of session recording: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+"Передбачено використання таких замінників: <placeholder type=\"variablelist"
+"\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:101
+#, fuzzy
+#| msgid "Default: none"
+msgid "Default: \"none\""
+msgstr "Типове значення: none"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1628 sssd-session-recording.5.xml:106
+#, fuzzy
+#| msgid "user (string)"
+msgid "users (string)"
+msgstr "user (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1631 sssd-session-recording.5.xml:109
+msgid ""
+"A comma-separated list of users which should have session recording enabled. "
+"Matches user names as returned by NSS. I.e. after the possible space "
+"replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1637 sssd-session-recording.5.xml:115
+#, fuzzy
+#| msgid "Default: empty, i.e. ldap_uri is used."
+msgid "Default: Empty. Matches no users."
+msgstr "Типове значення: порожнє, тобто використовується ldap_uri."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1642 sssd-session-recording.5.xml:120
+#, fuzzy
+#| msgid "user (string)"
+msgid "groups (string)"
+msgstr "user (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1645 sssd-session-recording.5.xml:123
+msgid ""
+"A comma-separated list of groups, members of which should have session "
+"recording enabled. Matches group names as returned by NSS. I.e. after the "
+"possible space replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1651 sssd-session-recording.5.xml:129
+msgid ""
+"NOTE: using this option (having it set to anything) has a considerable "
+"performance cost, because each uncached request for a user requires "
+"retrieving and matching the groups the user is member of."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:136
+msgid "Default: Empty. Matches no groups."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1668
 msgid "DOMAIN SECTIONS"
 msgstr "РОЗДІЛИ ДОМЕНІВ"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1531
-#, fuzzy
-#| msgid "ad_domain (string)"
+#: sssd.conf.5.xml:1675
 msgid "domain_type (string)"
-msgstr "ad_domain (рядок)"
+msgstr "domain_type (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1534
+#: sssd.conf.5.xml:1678
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
 "be present or generated. Only objects from POSIX domains are available to "
 "the operating system interfaces and utilities."
 msgstr ""
+"Визначає, чи призначено домен для використання клієнтами у стандарті POSIX, "
+"зокрема NSS, або програмами, які не потребують наявності або створення даних "
+"POSIX. Інтерфейсам та інструментам операційних систем доступні лише об'єкти "
+"з доменів POSIX."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1542
+#: sssd.conf.5.xml:1686
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
+"Дозволеними значеннями цього параметра є <quote>posix</quote> і "
+"<quote>application</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546
-#, fuzzy
-#| msgid ""
-#| "Specifies acceptable cipher suites.  Typically this is a colon separated "
-#| "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-#| "<manvolnum>5</manvolnum></citerefentry> for format."
+#: sssd.conf.5.xml:1690
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
 "<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>) and the PAM responder."
 msgstr ""
-"Визначає прийнятні комплекти програм для шифрування. Записи у типовому "
-"списку слід відокремлювати комами. З форматом можна ознайомитися на сторінці "
-"довідника до <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry>."
+"Домени POSIX доступні для усіх служб. Домени програм доступні лише з "
+"відповідача InfoPipe (див. <citerefentry> <refentrytitle>sssd-ifp</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) і відповідача PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1698
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
+"ЗАУВАЖЕННЯ: належне тестування у поточній версії виконано лише для доменів "
+"application з <quote>id_provider=ldap</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1702
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
+"Щоб ознайомитися із простим способом налаштовування не-POSIX доменів, будь "
+"ласка, ознайомтеся із розділом <quote>Домени програм</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1562
-#, fuzzy
-#| msgid "Default: posixGroup"
+#: sssd.conf.5.xml:1706
 msgid "Default: posix"
-msgstr "Типове значення: posixGroup"
+msgstr "Типове значення: posix"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1568
+#: sssd.conf.5.xml:1712
 msgid "min_id,max_id (integer)"
 msgstr "min_id,max_id (ціле значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1715
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
@@ -2456,7 +2664,7 @@ msgstr ""
 "відповідає цим обмеженням, його буде проігноровано."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1720
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2469,7 +2677,7 @@ msgstr ""
 "основної групи і належать діапазону, буде виведено у звичайному режимі."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1727
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
@@ -2478,17 +2686,17 @@ msgstr ""
 "лише повернення записів за назвою або ідентифікатором."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1731
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr "Типові значення: 1 для min_id, 0 (без обмежень) для max_id"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1737
 msgid "enumerate (bool)"
 msgstr "enumerate (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596
+#: sssd.conf.5.xml:1740
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
@@ -2497,22 +2705,22 @@ msgstr ""
 "значень:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1744
 msgid "TRUE = Users and groups are enumerated"
 msgstr "TRUE = користувачі і групи нумеруються"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603
+#: sssd.conf.5.xml:1747
 msgid "FALSE = No enumerations for this domain"
 msgstr "FALSE = не використовувати нумерацію для цього домену"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1821 sssd.conf.5.xml:1988
+#: sssd.conf.5.xml:1750 sssd.conf.5.xml:1965 sssd.conf.5.xml:2132
 msgid "Default: FALSE"
 msgstr "Типове значення: FALSE"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1609
+#: sssd.conf.5.xml:1753
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2531,7 +2739,7 @@ msgstr ""
 "повторне визначення параметрів участі також іноді є складним завданням."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1766
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
@@ -2541,7 +2749,7 @@ msgstr ""
 "завершено."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1771
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2555,7 +2763,7 @@ msgstr ""
 "відповідного використаного засобу обробки ідентифікаторів (id_provider)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:1779
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
@@ -2564,32 +2772,32 @@ msgstr ""
 "об’ємних середовищах."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1643
+#: sssd.conf.5.xml:1787
 msgid "subdomain_enumerate (string)"
 msgstr "subdomain_enumerate (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1650
+#: sssd.conf.5.xml:1794
 msgid "all"
 msgstr "all"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1651
+#: sssd.conf.5.xml:1795
 msgid "All discovered trusted domains will be enumerated"
 msgstr "Усі виявлені надійні домени буде пронумеровано"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1798
 msgid "none"
 msgstr "none"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1799
 msgid "No discovered trusted domains will be enumerated"
 msgstr "Нумерація виявлених надійних доменів не виконуватиметься"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1790
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2602,12 +2810,12 @@ msgstr ""
 "доменів, для яких буде увімкнено нумерацію."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1813
 msgid "entry_cache_timeout (integer)"
 msgstr "entry_cache_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672
+#: sssd.conf.5.xml:1816
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
@@ -2616,7 +2824,7 @@ msgstr ""
 "надсилати повторний запит до сервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1820
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2633,17 +2841,17 @@ msgstr ""
 "<manvolnum>8</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1689
+#: sssd.conf.5.xml:1833
 msgid "Default: 5400"
 msgstr "Типове значення: 5400"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1695
+#: sssd.conf.5.xml:1839
 msgid "entry_cache_user_timeout (integer)"
 msgstr "entry_cache_user_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1698
+#: sssd.conf.5.xml:1842
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
@@ -2652,19 +2860,19 @@ msgstr ""
 "чинними, перш ніж надсилати повторний запит до сервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1702 sssd.conf.5.xml:1715 sssd.conf.5.xml:1728
-#: sssd.conf.5.xml:1741 sssd.conf.5.xml:1754 sssd.conf.5.xml:1768
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1846 sssd.conf.5.xml:1859 sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1885 sssd.conf.5.xml:1898 sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1926
 msgid "Default: entry_cache_timeout"
 msgstr "Типове значення: entry_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1708
+#: sssd.conf.5.xml:1852
 msgid "entry_cache_group_timeout (integer)"
 msgstr "entry_cache_group_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1711
+#: sssd.conf.5.xml:1855
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
@@ -2673,12 +2881,12 @@ msgstr ""
 "ніж надсилати повторний запит до сервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1721
+#: sssd.conf.5.xml:1865
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr "entry_cache_netgroup_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1868
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
@@ -2687,12 +2895,12 @@ msgstr ""
 "чинними, перш ніж надсилати повторний запит до сервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1878
 msgid "entry_cache_service_timeout (integer)"
 msgstr "entry_cache_service_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1881
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
@@ -2701,12 +2909,12 @@ msgstr ""
 "ніж надсилати повторний запит до сервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1891
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr "entry_cache_sudo_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1750
+#: sssd.conf.5.xml:1894
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
@@ -2715,12 +2923,12 @@ msgstr ""
 "надсилати повторний запит до сервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1760
+#: sssd.conf.5.xml:1904
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr "entry_cache_autofs_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1763
+#: sssd.conf.5.xml:1907
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
@@ -2729,12 +2937,12 @@ msgstr ""
 "чинними, перш ніж надсилати повторний запит до сервера"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1774
+#: sssd.conf.5.xml:1918
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr "entry_cache_ssh_host_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1921
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
@@ -2744,12 +2952,12 @@ msgstr ""
 "вузла у кеші."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1932
 msgid "refresh_expired_interval (integer)"
 msgstr "refresh_expired_interval (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1791
+#: sssd.conf.5.xml:1935
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
@@ -2759,7 +2967,7 @@ msgstr ""
 "вичерпано або майже вичерпано."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1796
+#: sssd.conf.5.xml:1940
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
@@ -2767,47 +2975,42 @@ msgstr ""
 "груп та мережевих груп у кеші."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1944
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 "Варто визначити для цього параметра значення 3/4 * entry_cache_timeout."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1804 sssd-ldap.5.xml:746 sssd-ipa.5.xml:247
+#: sssd.conf.5.xml:1948 sssd-ldap.5.xml:746 sssd-ipa.5.xml:248
 msgid "Default: 0 (disabled)"
 msgstr "Типове значення: 0 (вимкнено)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1810
+#: sssd.conf.5.xml:1954
 msgid "cache_credentials (bool)"
 msgstr "cache_credentials (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1957
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 "Визначає, чи слід також кешувати реєстраційні дані користувача у локальному "
 "кеші LDB"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1961
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 "Реєстраційні дані користувача зберігаються у форматі хешу SHA512, а не у "
 "форматі звичайного тексту"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1827
+#: sssd.conf.5.xml:1971
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr "cache_credentials_minimal_first_factor_length (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1830
-#, fuzzy
-#| msgid ""
-#| "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
-#| "this value determines the minimal lenght the first authentication factor "
-#| "(long term password) must have to be saved as SHA512 hash into the cache."
+#: sssd.conf.5.xml:1974
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2819,7 +3022,7 @@ msgstr ""
 "контрольної суми SHA512 у кеші."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1981
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
@@ -2829,17 +3032,17 @@ msgstr ""
 "мішенню атак із перебиранням паролів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1986
 msgid "Default: 8"
 msgstr "Типове значення: 8"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1992
 msgid "account_cache_expiration (integer)"
 msgstr "account_cache_expiration (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1995
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2852,17 +3055,17 @@ msgstr ""
 "offline_credentials_expiration."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1858
+#: sssd.conf.5.xml:2002
 msgid "Default: 0 (unlimited)"
 msgstr "Типове значення: 0 (без обмежень)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:2007
 msgid "pwd_expiration_warning (integer)"
 msgstr "pwd_expiration_warning (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1874
+#: sssd.conf.5.xml:2018
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2875,17 +3078,17 @@ msgstr ""
 "даних розпізнавання."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1881
+#: sssd.conf.5.xml:2025
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr "Типове значення: 7 (Kerberos), 0 (LDAP)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:2031
 msgid "id_provider (string)"
 msgstr "id_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2034
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
@@ -2893,17 +3096,17 @@ msgstr ""
 "Серед підтримуваних засобів такі:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1894
+#: sssd.conf.5.xml:2038
 msgid "<quote>proxy</quote>: Support a legacy NSS provider"
 msgstr "«proxy»: підтримка застарілого модуля надання даних NSS"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897 sssd.conf.5.xml:2034
+#: sssd.conf.5.xml:2041 sssd.conf.5.xml:2178
 msgid "<quote>local</quote>: SSSD internal provider for local users"
 msgstr "<quote>local</quote>: вбудований засіб SSSD для локальних користувачів"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:2045
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2914,8 +3117,8 @@ msgstr ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1909 sssd.conf.5.xml:2014 sssd.conf.5.xml:2069
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2053 sssd.conf.5.xml:2158 sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2928,8 +3131,8 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1918 sssd.conf.5.xml:2023 sssd.conf.5.xml:2078
-#: sssd.conf.5.xml:2141
+#: sssd.conf.5.xml:2062 sssd.conf.5.xml:2167 sssd.conf.5.xml:2222
+#: sssd.conf.5.xml:2285
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2941,12 +3144,12 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2073
 msgid "use_fully_qualified_names (bool)"
 msgstr "use_fully_qualified_names (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:2076
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
@@ -2956,7 +3159,7 @@ msgstr ""
 "NSS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2081
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2969,7 +3172,7 @@ msgstr ""
 "не покаже користувача, а <command>getent passwd test@LOCAL</command> покаже."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1945
+#: sssd.conf.5.xml:2089
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2980,22 +3183,22 @@ msgstr ""
 "груп, якщо задано неповну назву, буде виконано пошук у всіх доменах."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1952
+#: sssd.conf.5.xml:2096
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr "Типове значення: FALSE (TRUE, якщо використано default_domain_suffix)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2102
 msgid "ignore_group_members (bool)"
 msgstr "ignore_group_members (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1961
+#: sssd.conf.5.xml:2105
 msgid "Do not return group members for group lookups."
 msgstr "Не повертати записи учасників груп для пошуків груп."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2108
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -3014,7 +3217,7 @@ msgstr ""
 "$groupname</quote> поверне запитану групу так, наче вона була порожня."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1982
+#: sssd.conf.5.xml:2126
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -3025,12 +3228,12 @@ msgstr ""
 "учасників."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1993
+#: sssd.conf.5.xml:2137
 msgid "auth_provider (string)"
 msgstr "auth_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1996
+#: sssd.conf.5.xml:2140
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
@@ -3039,7 +3242,7 @@ msgstr ""
 "служб розпізнавання:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000 sssd.conf.5.xml:2062
+#: sssd.conf.5.xml:2144 sssd.conf.5.xml:2206
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3051,7 +3254,7 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2007
+#: sssd.conf.5.xml:2151
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3063,18 +3266,18 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2175
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr "<quote>proxy</quote> — трансльоване розпізнавання у іншій системі PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2182
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr "<quote>none</quote> — вимкнути розпізнавання повністю."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2041
+#: sssd.conf.5.xml:2185
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
@@ -3083,12 +3286,12 @@ msgstr ""
 "спосіб встановлено і можлива обробка запитів щодо розпізнавання."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2191
 msgid "access_provider (string)"
 msgstr "access_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2194
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -3099,7 +3302,7 @@ msgstr ""
 "Вбудованими програмами є:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
+#: sssd.conf.5.xml:2200
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
@@ -3108,12 +3311,12 @@ msgstr ""
 "доступу для локального домену."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059
+#: sssd.conf.5.xml:2203
 msgid "<quote>deny</quote> always deny access."
 msgstr "<quote>deny</quote> — завжди забороняти доступ."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2086
+#: sssd.conf.5.xml:2230
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -3126,43 +3329,36 @@ msgstr ""
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2093
-#, fuzzy
-#| msgid ""
-#| "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> for more information on configuring Kerberos."
+#: sssd.conf.5.xml:2237
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
 "citerefentry> for more information on configuring Kerberos."
 msgstr ""
-"<quote>krb5</quote> — вбудоване розпізнавання Kerberos. Докладніші відомості "
-"щодо налаштовування Kerberos викладено у довіднику з <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum></manvolnum> </"
-"citerefentry>."
+"<quote>krb5</quote> — керування доступом на основі .k5login. Докладніші "
+"відомості щодо налаштовування Kerberos викладено у довіднику з "
+"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum></"
+"manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2100
-#, fuzzy
-#| msgid ""
-#| "<quote>proxy</quote> for relaying password changes to some other PAM "
-#| "target."
+#: sssd.conf.5.xml:2244
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
-msgstr "<quote>proxy</quote> — трансльована зміна пароля у іншій системі PAM."
+msgstr ""
+"<quote>proxy</quote> — для трансляції керування доступом до іншого модуля "
+"PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2247
 msgid "Default: <quote>permit</quote>"
 msgstr "Типове значення: <quote>permit</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2108
+#: sssd.conf.5.xml:2252
 msgid "chpass_provider (string)"
 msgstr "chpass_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2111
+#: sssd.conf.5.xml:2255
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
@@ -3171,12 +3367,7 @@ msgstr ""
 "підтримку таких систем зміни паролів:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2116
-#, fuzzy
-#| msgid ""
-#| "<quote>ldap</quote> to change a password stored in a LDAP server.  See "
-#| "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> for more information on configuring LDAP."
+#: sssd.conf.5.xml:2260
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -3188,7 +3379,7 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2124
+#: sssd.conf.5.xml:2268
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3200,18 +3391,18 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2149
+#: sssd.conf.5.xml:2293
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr "<quote>proxy</quote> — трансльована зміна пароля у іншій системі PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2153
+#: sssd.conf.5.xml:2297
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr "<quote>none</quote> — явно вимкнути можливість зміни пароля."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2300
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
@@ -3220,19 +3411,19 @@ msgstr ""
 "цього параметра і якщо система здатна обробляти запити щодо паролів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2163
+#: sssd.conf.5.xml:2307
 msgid "sudo_provider (string)"
 msgstr "sudo_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2166
+#: sssd.conf.5.xml:2310
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 "Служба SUDO, яку використано для цього домену. Серед підтримуваних служб "
 "SUDO:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2314
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3244,7 +3435,7 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2178
+#: sssd.conf.5.xml:2322
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
@@ -3253,7 +3444,7 @@ msgstr ""
 "параметрами IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2326
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
@@ -3262,20 +3453,20 @@ msgstr ""
 "параметрами AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2186
+#: sssd.conf.5.xml:2330
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr "<quote>none</quote> явним чином вимикає SUDO."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189 sssd.conf.5.xml:2267 sssd.conf.5.xml:2308
-#: sssd.conf.5.xml:2333
+#: sssd.conf.5.xml:2333 sssd.conf.5.xml:2411 sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2501
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 "Типове значення: використовується значення <quote>id_provider</quote>, якщо "
 "його встановлено."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2337
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -3294,12 +3485,12 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2210
+#: sssd.conf.5.xml:2354
 msgid "selinux_provider (string)"
 msgstr "selinux_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2357
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -3310,7 +3501,7 @@ msgstr ""
 "доступу. Передбачено підтримку таких засобів надання даних SELinux:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2219
+#: sssd.conf.5.xml:2363
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3322,14 +3513,14 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2227
+#: sssd.conf.5.xml:2371
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 "<quote>none</quote> явним чином забороняє отримання даних щодо параметрів "
 "SELinux."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2230
+#: sssd.conf.5.xml:2374
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
@@ -3338,12 +3529,12 @@ msgstr ""
 "спосіб встановлено і можлива обробка запитів щодо завантаження SELinux."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2380
 msgid "subdomains_provider (string)"
 msgstr "subdomains_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2383
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
@@ -3353,7 +3544,7 @@ msgstr ""
 "підтримку таких засобів надання даних піддоменів:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2245
+#: sssd.conf.5.xml:2389
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3365,7 +3556,7 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2254
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -3378,17 +3569,56 @@ msgstr ""
 "налаштовування засобу надання даних AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2263
+#: sssd.conf.5.xml:2407
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr "<quote>none</quote> забороняє ячним чином отримання даних піддоменів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2417
+#, fuzzy
+#| msgid "selinux_provider (string)"
+msgid "session_provider (string)"
+msgstr "selinux_provider (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2420
+msgid ""
+"The provider which configures and manages user session related tasks. The "
+"only user session task currently provided is the integration with Fleet "
+"Commander, which works only with IPA.  Supported session providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2427
+msgid "<quote>ipa</quote> to allow performing user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2431
+msgid ""
+"<quote>none</quote> does not perform any kind of user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2435
+#, fuzzy
+#| msgid ""
+#| "Default: <quote>id_provider</quote> is used if it is set and can handle "
+#| "selinux loading requests."
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can perform "
+"session related tasks."
+msgstr ""
+"Типове значення: буде використано <quote>id_provider</quote>, якщо цей "
+"спосіб встановлено і можлива обробка запитів щодо завантаження SELinux."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2442
 msgid "autofs_provider (string)"
 msgstr "autofs_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2445
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
@@ -3396,7 +3626,7 @@ msgstr ""
 "autofs:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2449
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3408,7 +3638,7 @@ msgstr ""
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2288
+#: sssd.conf.5.xml:2456
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3420,34 +3650,29 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2296
-#, fuzzy
-#| msgid ""
-#| "<quote>ipa</quote> to load maps stored in an IPA server. See "
-#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> for more information on configuring IPA."
+#: sssd.conf.5.xml:2464
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry> for more information on configuring the AD provider."
 msgstr ""
-"<quote>ipa</quote> — завантажити карти, що зберігається на сервері IPA. "
-"Докладніші відомості щодо налаштовування IPA викладено у довіднику з "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum></"
-"manvolnum> </citerefentry>."
+"<quote>ad</quote> — завантажити карти, що зберігаються на сервері AD. Див. "
+"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>, щоб дізнатися більше про налаштовування засобу "
+"надання даних AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2305
+#: sssd.conf.5.xml:2473
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr "<quote>none</quote> вимикає autofs повністю."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2483
 msgid "hostid_provider (string)"
 msgstr "hostid_provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2486
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
@@ -3456,7 +3681,7 @@ msgstr ""
 "вузла. Серед підтримуваних засобів надання hostid:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2322
+#: sssd.conf.5.xml:2490
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -3468,12 +3693,12 @@ msgstr ""
 "manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2330
+#: sssd.conf.5.xml:2498
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr "<quote>none</quote> вимикає hostid повністю."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2343
+#: sssd.conf.5.xml:2511
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -3487,7 +3712,7 @@ msgstr ""
 "IPA та доменів Active Directory, простій назві (NetBIOS) домену."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2520
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -3500,22 +3725,22 @@ msgstr ""
 "різні стилі запису імен користувачів:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2525
 msgid "username"
 msgstr "користувач"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2528
 msgid "username@domain.name"
 msgstr "користувач@назва.домену"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2363
+#: sssd.conf.5.xml:2531
 msgid "domain\\username"
 msgstr "домен\\користувач"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2366
+#: sssd.conf.5.xml:2534
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
@@ -3524,7 +3749,7 @@ msgstr ""
 "того, щоб полегшити інтеграцію користувачів з доменів Windows."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2371
+#: sssd.conf.5.xml:2539
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -3535,7 +3760,7 @@ msgstr ""
 "домену — все після цього символу."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2377
+#: sssd.conf.5.xml:2545
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -3547,7 +3772,7 @@ msgstr ""
 "платформах з версією libpcre 7."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2384
+#: sssd.conf.5.xml:2552
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
@@ -3557,17 +3782,17 @@ msgstr ""
 "підшаблонів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2431
+#: sssd.conf.5.xml:2599
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr "Типове значення: <quote>%1$s@%2$s</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2437
+#: sssd.conf.5.xml:2605
 msgid "lookup_family_order (string)"
 msgstr "lookup_family_order (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2440
+#: sssd.conf.5.xml:2608
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
@@ -3576,70 +3801,83 @@ msgstr ""
 "під час виконання пошуків у DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2444
+#: sssd.conf.5.xml:2612
 msgid "Supported values:"
 msgstr "Передбачено підтримку таких значень:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2447
+#: sssd.conf.5.xml:2615
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 "ipv4_first: спробувати визначити адресу у форматі IPv4, у разі невдачі "
 "спробувати формат IPv6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2450
+#: sssd.conf.5.xml:2618
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 "ipv4_only: намагатися визначити назви вузлів лише у форматі адрес IPv4."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2621
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 "ipv6_first: спробувати визначити адресу у форматі IPv6, у разі невдачі "
 "спробувати формат IPv4"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2456
+#: sssd.conf.5.xml:2624
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 "ipv6_only: намагатися визначити назви вузлів лише у форматі адрес IPv6."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2459
+#: sssd.conf.5.xml:2627
 msgid "Default: ipv4_first"
 msgstr "Типове значення: ipv4_first"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2633
 msgid "dns_resolver_timeout (integer)"
 msgstr "dns_resolver_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2468
+#: sssd.conf.5.xml:2636
+#, fuzzy
+#| msgid ""
+#| "Defines the amount of time (in seconds) to wait for a reply from the DNS "
+#| "resolver before assuming that it is unreachable. If this timeout is "
+#| "reached, the domain will continue to operate in offline mode."
 msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
+"Defines the amount of time (in seconds) to wait for a reply from the "
+"internal fail over service before assuming that the service is unreachable. "
+"If this timeout is reached, the domain will continue to operate in offline "
+"mode."
 msgstr ""
 "Визначає кількість часу (у секундах) очікування відповіді від засобу "
 "визначення адрес DNS, перш ніж засіб буде визначено недоступним. Якщо час "
 "очікування буде перевищено, домен продовжуватиме роботу у автономному режимі."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2474 sssd-ldap.5.xml:1251 sssd-ldap.5.xml:1293
-#: sssd-ldap.5.xml:1311 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2643
+msgid ""
+"Please see the section <quote>FAILOVER</quote> for more information about "
+"the service resolution."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2648 sssd-ldap.5.xml:1278 sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1338 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr "Типове значення: 6"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2654
 msgid "dns_discovery_domain (string)"
 msgstr "dns_discovery_domain (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2483
+#: sssd.conf.5.xml:2657
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
@@ -3648,54 +3886,54 @@ msgstr ""
 "частину запиту визначення служб DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2661
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 "Типова поведінка: використовувати назву домену з назви вузла комп’ютера."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2493
+#: sssd.conf.5.xml:2667
 msgid "override_gid (integer)"
 msgstr "override_gid (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2496
+#: sssd.conf.5.xml:2670
 msgid "Override the primary GID value with the one specified."
 msgstr "Замірити значення основного GID на вказане."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2502
+#: sssd.conf.5.xml:2676
 msgid "case_sensitive (string)"
 msgstr "case_sensitive (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2510
+#: sssd.conf.5.xml:2684
 msgid "True"
 msgstr "True"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2513
+#: sssd.conf.5.xml:2687
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 "Враховується регістр. Це значення є некоректним для засобу надання даних AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2519
+#: sssd.conf.5.xml:2693
 msgid "False"
 msgstr "False"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2695
 msgid "Case insensitive."
 msgstr "Без врахування регістру."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2525
+#: sssd.conf.5.xml:2699
 msgid "Preserving"
 msgstr "Preserving"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2528
+#: sssd.conf.5.xml:2702
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -3707,7 +3945,7 @@ msgstr ""
 "буде переведено у нижній регістр."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2505
+#: sssd.conf.5.xml:2679
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -3718,17 +3956,17 @@ msgstr ""
 "значення параметра: <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2540
+#: sssd.conf.5.xml:2714
 msgid "Default: True (False for AD provider)"
 msgstr "Типове значення: True (False для засобу надання даних AD)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2546
+#: sssd.conf.5.xml:2720
 msgid "subdomain_inherit (string)"
 msgstr "subdomain_inherit (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2549
+#: sssd.conf.5.xml:2723
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -3740,34 +3978,36 @@ msgstr ""
 "параметрів:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2729
 msgid "ignore_group_members"
 msgstr "ignore_group_members"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2558
+#: sssd.conf.5.xml:2732
 msgid "ldap_purge_cache_timeout"
 msgstr "ldap_purge_cache_timeout"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2561 sssd-ldap.5.xml:1084
+#: sssd.conf.5.xml:2735 sssd-ldap.5.xml:1111
 msgid "ldap_use_tokengroups"
 msgstr "ldap_use_tokengroups"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2564
+#: sssd.conf.5.xml:2738
 msgid "ldap_user_principal"
 msgstr "ldap_user_principal"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2567
+#: sssd.conf.5.xml:2741
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
+"ldap_krb5_keytab (значення krb5_keytab буде використано, якщо "
+"ldap_krb5_keytab не встановлено явним чином)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2573
+#: sssd.conf.5.xml:2747
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3777,34 +4017,33 @@ msgstr ""
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2571 sssd-secrets.5.xml:381
+#: sssd.conf.5.xml:2745 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "Приклад: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2580
-#, fuzzy
-#| msgid "This option is not available in IPA provider."
+#: sssd.conf.5.xml:2754
 msgid "Note: This option only works with the IPA and AD provider."
-msgstr "Цим параметром не можна скористатися у надавачі даних IPA."
+msgstr ""
+"Зауваження: цей параметр працює лише для засобів надання даних IPA і AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2587
+#: sssd.conf.5.xml:2761
 msgid "subdomain_homedir (string)"
 msgstr "subdomain_homedir (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2772
 msgid "%F"
 msgstr "%F"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2599
+#: sssd.conf.5.xml:2773
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr "спрощена (NetBIOS) назва піддомену."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2764
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3819,7 +4058,7 @@ msgstr ""
 "emphasis>.  <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:2778
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
@@ -3827,17 +4066,17 @@ msgstr ""
 "emphasis>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:2782
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr "Типове значення: <filename>/home/%d/%u</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2613
+#: sssd.conf.5.xml:2787
 msgid "realmd_tags (string)"
 msgstr "realmd_tags (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2616
+#: sssd.conf.5.xml:2790
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
@@ -3845,35 +4084,39 @@ msgstr ""
 "домену."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2622
-#, fuzzy
-#| msgid "memcache_timeout (int)"
+#: sssd.conf.5.xml:2796
 msgid "cached_auth_timeout (int)"
-msgstr "memcache_timeout (ціле число)"
+msgstr "cached_auth_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2625
+#: sssd.conf.5.xml:2799
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
 "the online mode."
 msgstr ""
+"Визначає час у секундах з моменту останнього успішного розпізнавання у "
+"мережі, для якого користувача буде розпізнано за допомогою кешованих "
+"реєстраційних даних, доки SSSD перебуває у режимі «у мережі»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2805
 msgid "Special value 0 implies that this feature is disabled."
-msgstr ""
+msgstr "Спеціальне значення 0 означає, що цю можливість вимкнено."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2635
+#: sssd.conf.5.xml:2809
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
 "<quote>initgroups.</quote>"
 msgstr ""
+"Будь ласка, зауважте, що якщо <quote>cached_auth_timeout</quote> має більше "
+"значення за <quote>pam_id_timeout</quote>, модуль може бути викликано для "
+"обробки <quote>initgroups</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1670
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3884,17 +4127,17 @@ msgstr ""
 "quote> <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2653
+#: sssd.conf.5.xml:2827
 msgid "proxy_pam_target (string)"
 msgstr "proxy_pam_target (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2656
+#: sssd.conf.5.xml:2830
 msgid "The proxy target PAM proxies to."
 msgstr "Комп’ютер, для якого виконує проксі-сервер PAM."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2659
+#: sssd.conf.5.xml:2833
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
@@ -3903,12 +4146,12 @@ msgstr ""
 "налаштуваннями pam або створити нові і тут додати назву служби."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2841
 msgid "proxy_lib_name (string)"
 msgstr "proxy_lib_name (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2670
+#: sssd.conf.5.xml:2844
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3919,12 +4162,12 @@ msgstr ""
 "наприклад _nss_files_getpwent."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2680
+#: sssd.conf.5.xml:2854
 msgid "proxy_fast_alias (boolean)"
 msgstr "proxy_fast_alias (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2683
+#: sssd.conf.5.xml:2857
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3939,22 +4182,24 @@ msgstr ""
 "у кеші, щоб пришвидшити надання результатів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2697
-#, fuzzy
-#| msgid "min_id,max_id (integer)"
+#: sssd.conf.5.xml:2871
 msgid "proxy_max_children (integer)"
-msgstr "min_id,max_id (ціле значення)"
+msgstr "proxy_max_children (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2700
+#: sssd.conf.5.xml:2874
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
 "slots, which would cause some issues due to the requests being queued."
 msgstr ""
+"Цей параметр визначає кількість попередньо розгалужених дочірніх проксі. Він "
+"корисний для високонавантажених середовищ SSSD, де sssd може вичерпати "
+"кількість доступних дочірніх слотів, що може спричинити деякі вади через "
+"використання черги запитів."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2823
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
@@ -3963,12 +4208,12 @@ msgstr ""
 "\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2890
 msgid "Application domains"
-msgstr ""
+msgstr "Домени програм (application)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2892
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3983,51 +4228,76 @@ msgid ""
 "<quote>application</quote> optionally inherits settings from a tradition "
 "SSSD domain."
 msgstr ""
+"SSSD, з його інтерфейсом D-Bus (див. <citerefentry> <refentrytitle>sssd-ifp</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) є привабливим для "
+"програм як шлюз до каталогу LDAP, де зберігаються дані користувачів і груп. "
+"Втім, на відміну від традиційного формату роботи SSSD, де усі користувачі і "
+"групи або мають атрибути POSIX, або ці атрибути може бути успадковано з SID "
+"Windows, у багатьох випадках користувачі і групи у сценарії підтримки роботи "
+"програм не мають атрибутів POSIX. Замість визначення розділу <quote>[domain/"
+"<replaceable>НАЗВА</replaceable>]</quote> адміністратор може визначити "
+"розділ <quote>[application/<replaceable>НАЗВА</replaceable>]</quote>, який "
+"на внутрішньому рівні представляє домен типу <quote>application</quote>, "
+"який може успадковувати параметр з традиційного домену SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2738
+#: sssd.conf.5.xml:2912
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
 "application domain and its POSIX sibling domain is set correctly."
 msgstr ""
+"Будь ласка, зауважте, що домен програм має так само явним чином увімкнено у "
+"параметрі <quote>domains</quote>, отже порядок пошуку між доменом програм і "
+"його доменом-близнюком у POSIX має бути встановлено належним чином."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2744
-#, fuzzy
-#| msgid "Section parameters"
+#: sssd.conf.5.xml:2918
 msgid "Application domain parameters"
-msgstr "Параметри розділу"
+msgstr "Параметри доменів програм"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2746
-#, fuzzy
-#| msgid "subdomain_inherit (string)"
+#: sssd.conf.5.xml:2920
 msgid "inherit_from (string)"
-msgstr "subdomain_inherit (рядок)"
+msgstr "inherit_from (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2749
+#: sssd.conf.5.xml:2923
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
 "application settings that augment or override the <quote>sibling</quote> "
 "domain settings."
 msgstr ""
+"Домен типу POSIX SSSD, з якого домен програм успадковує усі параметри. Далі, "
+"домен програм поже додавати власні параметри до параметрів програми, які "
+"розширюють або перевизначають параметри домену-<quote>близнюка</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2937
+#, fuzzy
+#| msgid ""
+#| "The following example illustrates the use of an application domain. In "
+#| "this setup, the POSIX domain is connected to an LDAP server and is used "
+#| "by the OS through the NSS responder. In addition, the application domains "
+#| "also requests the telephoneNumber attribute, stores it as the phone "
+#| "attribute in the cache and makes the phone attribute reachable through "
+#| "the D-Bus interface."
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
-"through the NSS responder. In addition, the application domains also "
-"requests the telephoneNumber attribute, stores it as the phone attribute in "
-"the cache and makes the phone attribute reachable through the D-Bus "
-"interface."
+"through the NSS responder. In addition, the application domain also requests "
+"the telephoneNumber attribute, stores it as the phone attribute in the cache "
+"and makes the phone attribute reachable through the D-Bus interface."
 msgstr ""
+"У наведеному нижче прикладі проілюстровано використання домену програм. У "
+"цій конфігурації домен POSIX з'єднано із сервером LDAP, він використовується "
+"операційною системою через відповідач NSS. Крім того, домен програм також "
+"надсилає запит щодо атрибута telephoneNumber, зберігає його як атрибут phone "
+"у кеші і робить атрибут phone доступним через інтерфейс D-Bus."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:2771
+#: sssd.conf.5.xml:2945
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -4045,14 +4315,28 @@ msgid ""
 "inherit_from = posixdom\n"
 "ldap_user_extra_attrs = phone:telephoneNumber\n"
 msgstr ""
+"[sssd]\n"
+"domains = appdom, posixdom\n"
+"\n"
+"[ifp]\n"
+"user_attributes = +phone\n"
+"\n"
+"[domain/posixdom]\n"
+"id_provider = ldap\n"
+"ldap_uri = ldap://ldap.example.com\n"
+"ldap_search_base = dc=example,dc=com\n"
+"\n"
+"[application/appdom]\n"
+"inherit_from = posixdom\n"
+"ldap_user_extra_attrs = phone:telephoneNumber\n"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2963
 msgid "The local domain section"
 msgstr "Розділ локального домену"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2791
+#: sssd.conf.5.xml:2965
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -4063,29 +4347,29 @@ msgstr ""
 "використовує <replaceable>id_provider=local</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2798
+#: sssd.conf.5.xml:2972
 msgid "default_shell (string)"
 msgstr "default_shell (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2975
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 "Типова оболонка для записів користувачів, створених за допомогою "
 "інструментів простору користувачів SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2805
+#: sssd.conf.5.xml:2979
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr "Типове значення: <filename>/bin/bash</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2810
+#: sssd.conf.5.xml:2984
 msgid "base_directory (string)"
 msgstr "base_directory (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2987
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
@@ -4094,17 +4378,17 @@ msgstr ""
 "replaceable> і використовують отриману адресу як адресу домашнього каталогу."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2992
 msgid "Default: <filename>/home</filename>"
 msgstr "Типове значення: <filename>/home</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2823
+#: sssd.conf.5.xml:2997
 msgid "create_homedir (bool)"
 msgstr "create_homedir (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:3000
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
@@ -4113,17 +4397,17 @@ msgstr ""
 "Може бути перевизначено з командного рядка."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830 sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:3004 sssd.conf.5.xml:3016
 msgid "Default: TRUE"
 msgstr "Типове значення: TRUE"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2835
+#: sssd.conf.5.xml:3009
 msgid "remove_homedir (bool)"
 msgstr "remove_homedir (булівське значення)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2838
+#: sssd.conf.5.xml:3012
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
@@ -4132,12 +4416,12 @@ msgstr ""
 "користувачів. Може бути перевизначено з командного рядка."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2847
+#: sssd.conf.5.xml:3021
 msgid "homedir_umask (integer)"
 msgstr "homedir_umask (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2850
+#: sssd.conf.5.xml:3024
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -4148,17 +4432,17 @@ msgstr ""
 "до щойно створеного домашнього каталогу."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2858
+#: sssd.conf.5.xml:3032
 msgid "Default: 077"
 msgstr "Типове значення: 077"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:3037
 msgid "skel_dir (string)"
 msgstr "skel_dir (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2866
+#: sssd.conf.5.xml:3040
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -4171,17 +4455,17 @@ msgstr ""
 "<manvolnum>8</manvolnum> </citerefentry>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2876
+#: sssd.conf.5.xml:3050
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr "Типове значення: <filename>/etc/skel</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2881
+#: sssd.conf.5.xml:3055
 msgid "mail_dir (string)"
 msgstr "mail_dir (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2884
+#: sssd.conf.5.xml:3058
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -4192,17 +4476,17 @@ msgstr ""
 "каталог не вказано, буде використано типове значення."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2891
+#: sssd.conf.5.xml:3065
 msgid "Default: <filename>/var/mail</filename>"
 msgstr "Типове значення: <filename>/var/mail</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:3070
 msgid "userdel_cmd (string)"
 msgstr "userdel_cmd (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2899
+#: sssd.conf.5.xml:3073
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -4213,102 +4497,100 @@ msgstr ""
 "вилучається. Код виконання, повернутий програмою не обробляється."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2905
+#: sssd.conf.5.xml:3079
 msgid "Default: None, no command is run"
 msgstr "Типове значення: None, не виконувати жодних команд"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2915
-#, fuzzy
-#| msgid "DOMAIN SECTIONS"
+#: sssd.conf.5.xml:3089
 msgid "TRUSTED DOMAIN SECTION"
-msgstr "РОЗДІЛИ ДОМЕНІВ"
+msgstr "РОЗДІЛ ДОВІРЕНИХ ДОМЕНІВ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:3091
+#, fuzzy
+#| msgid ""
+#| "Some options used in the domain section can also be used in the trusted "
+#| "domain section, that is, in a section called <quote>[domain/"
+#| "<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
+#| "replaceable>]</quote>.  Currently supported options in the trusted domain "
+#| "section are:"
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
 "<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
-"replaceable>]</quote>.  Currently supported options in the trusted domain "
-"section are:"
+"replaceable>]</quote>.  Where DOMAIN_NAME is the actual joined-to base "
+"domain. Please refer to examples below for explanation.  Currently supported "
+"options in the trusted domain section are:"
 msgstr ""
+"Деякі параметри, які використовуються у розділі домену, можна також "
+"використовувати у розділі довіреного домену, тобто у розділі, який "
+"називається <quote>[domain/<replaceable>НАЗВА_ДОМЕНУ</replaceable>/"
+"<replaceable>НАЗВА_ДОВІРЕНОГО_ДОМЕНУ</replaceable>]</quote>. У поточній "
+"версії підтримуваними параметрами у розділі довіреного домену є такі "
+"параметри:"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2922
-#, fuzzy
-#| msgid "ldap_search_base (string)"
+#: sssd.conf.5.xml:3098
 msgid "ldap_search_base,"
-msgstr "ldap_search_base (рядок)"
+msgstr "ldap_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2923
-#, fuzzy
-#| msgid "ldap_user_search_base (string)"
+#: sssd.conf.5.xml:3099
 msgid "ldap_user_search_base,"
-msgstr "ldap_user_search_base (рядок)"
+msgstr "ldap_user_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2924
-#, fuzzy
-#| msgid "ldap_group_search_base (string)"
+#: sssd.conf.5.xml:3100
 msgid "ldap_group_search_base,"
-msgstr "ldap_group_search_base (рядок)"
+msgstr "ldap_group_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2925
-#, fuzzy
-#| msgid "ldap_netgroup_search_base (string)"
+#: sssd.conf.5.xml:3101
 msgid "ldap_netgroup_search_base,"
-msgstr "ldap_netgroup_search_base (рядок)"
+msgstr "ldap_netgroup_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2926
-#, fuzzy
-#| msgid "ldap_service_search_base (string)"
+#: sssd.conf.5.xml:3102
 msgid "ldap_service_search_base,"
-msgstr "ldap_service_search_base (рядок)"
+msgstr "ldap_service_search_base,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2927
+#: sssd.conf.5.xml:3103
 msgid "ad_server,"
-msgstr ""
+msgstr "ad_server,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2928
-#, fuzzy
-#| msgid "ad_server, ad_backup_server (string)"
+#: sssd.conf.5.xml:3104
 msgid "ad_backup_server,"
-msgstr "ad_server, ad_backup_server (рядок)"
+msgstr "ad_backup_server,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2929
+#: sssd.conf.5.xml:3105
 msgid "ad_site,"
-msgstr ""
+msgstr "ad_site,"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2930
-#, fuzzy
-#| msgid "use_fully_qualified_names (bool)"
+#: sssd.conf.5.xml:3106
 msgid "use_fully_qualified_names"
-msgstr "use_fully_qualified_names (булеве значення)"
+msgstr "use_fully_qualified_names"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2932
+#: sssd.conf.5.xml:3108
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
+"Докладніший опис цих параметрів можна знайти у окремих описах на сторінці "
+"підручника."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2938 sssd-ldap.5.xml:2662 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:673 sssd-ad.5.xml:1018 sssd-krb5.5.xml:570
-#: sss_rpcidmapd.5.xml:98 sssd-files.5.xml:71
-msgid "EXAMPLE"
-msgstr "ПРИКЛАД"
+#: sssd.conf.5.xml:3114 idmap_sss.8.xml:43
+msgid "EXAMPLES"
+msgstr "ПРИКЛАДИ"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2944
+#: sssd.conf.5.xml:3120
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -4362,9 +4644,15 @@ msgstr ""
 "enumerate = False\n"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2940
+#: sssd.conf.5.xml:3116
+#, fuzzy
+#| msgid ""
+#| "The following example shows a typical SSSD config. It does not describe "
+#| "configuration of the domains themselves - refer to documentation on "
+#| "configuring domains for more details.  <placeholder type=\"programlisting"
+#| "\" id=\"0\"/>"
 msgid ""
-"The following example shows a typical SSSD config. It does not describe "
+"1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 "id=\"0\"/>"
@@ -4373,6 +4661,25 @@ msgstr ""
 "не наведено, — щоб дізнатися більше про неї, ознайомтеся з документацією "
 "щодо налаштовування доменів.  <placeholder type=\"programlisting\" id=\"0\"/>"
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:3153
+#, no-wrap
+msgid ""
+"[domain/ipa.com/child.ad.com]\n"
+"use_fully_qualified_names = false\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3147
+msgid ""
+"2. The following example shows configuration of IPA AD trust where the AD "
+"forest consists of two domains in a parent-child structure.  Suppose IPA "
+"domain (ipa.com) has trust with AD domain(ad.com).  ad.com has child domain "
+"(child.ad.com). To enable shortnames in the child domain the following "
+"configuration should be used.  <placeholder type=\"programlisting\" id=\"0\"/"
+">"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
 msgid "sssd-ldap"
@@ -4395,7 +4702,7 @@ msgstr ""
 "На цій сторінці довідника описано налаштування доменів LDAP для "
 "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
 "</citerefentry>. Щоб дізнатися більше про синтаксис налаштування, зверніться "
-"до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника <citerefentry> "
+"до розділу «ФОРМАТ ФАЙЛА» сторінки довідника <citerefentry> "
 "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>."
 
@@ -4428,7 +4735,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:75 sssd-ad.5.xml:99
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
-#: sssd-secrets.5.xml:94 sssd-kcm.8.xml:141
+#: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
 msgstr "ПАРАМЕТРИ НАЛАШТУВАННЯ"
 
@@ -4453,7 +4760,7 @@ msgstr ""
 "служб. Докладніші відомості можна знайти у розділі «ПОШУК СЛУЖБ»."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:197
+#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:264
 msgid "The format of the URI must match the format defined in RFC 2732:"
 msgstr "Формат адреси має відповідати формату, що визначається RFC 2732:"
 
@@ -4748,7 +5055,7 @@ msgstr "Атрибут LDAP, що відповідає назві обліков
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:270
 msgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
-msgstr ""
+msgstr "Типове значення: uid (rfc2307, rfc2307bis і IPA), sAMAccountName (AD)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:277
@@ -4776,16 +5083,14 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
 msgstr "Атрибут LDAP, що відповідає ідентифікатору основної групи користувача."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:893
+#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:920
 msgid "Default: gidNumber"
 msgstr "Типове значення: gidNumber"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:303
-#, fuzzy
-#| msgid "ldap_user_principal (string)"
 msgid "ldap_user_primary_group (string)"
-msgstr "ldap_user_principal (рядок)"
+msgstr "ldap_user_primary_group (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:306
@@ -4794,11 +5099,15 @@ msgid ""
 "attribute should only be set manually if you are running the <quote>ldap</"
 "quote> provider with ID mapping."
 msgstr ""
+"Атрибут основної групи Active Directory для встановлення відповідності "
+"ідентифікатора. Зауважте, що цей атрибут слід встановлювати вручну, лише "
+"якщо ви користуєтеся засобом надання даних <quote>ldap</quote> з прив'язкою "
+"до ідентифікаторів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:312
 msgid "Default: unset (LDAP), primaryGroupID (AD)"
-msgstr ""
+msgstr "Типове значення: unset (LDAP), primaryGroupID (AD)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:318
@@ -4857,7 +5166,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
 msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта користувача LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:919
+#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:946
 msgid ""
 "Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
 "IPA"
@@ -4880,7 +5189,7 @@ msgstr ""
 "потрібен лише для серверів ActiveDirectory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:961
 msgid "Default: objectSid for ActiveDirectory, not set for other servers."
 msgstr ""
 "Типове значення: objectSid для ActiveDirectory, не встановлено для інших "
@@ -4892,7 +5201,7 @@ msgid "ldap_user_modify_timestamp (string)"
 msgstr "ldap_user_modify_timestamp (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:944 sssd-ldap.5.xml:1167
+#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:971 sssd-ldap.5.xml:1194
 msgid ""
 "The LDAP attribute that contains timestamp of the last modification of the "
 "parent object."
@@ -4901,7 +5210,7 @@ msgstr ""
 "об’єкта."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:948 sssd-ldap.5.xml:1174
+#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:975 sssd-ldap.5.xml:1201
 msgid "Default: modifyTimestamp"
 msgstr "Типове значення: modifyTimestamp"
 
@@ -5368,8 +5677,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
 msgstr "Атрибут LDAP, що відповідає повному імені користувача."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1199
-#: sssd-ldap.5.xml:2240 sssd-ipa.5.xml:544
+#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1152 sssd-ldap.5.xml:1226
+#: sssd-ldap.5.xml:2276 sssd-ipa.5.xml:588
 msgid "Default: cn"
 msgstr "Типове значення: cn"
 
@@ -5472,116 +5781,168 @@ msgstr "Типове значення: host"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:833
+#, fuzzy
+#| msgid "ldap_user_authorized_host (string)"
+msgid "ldap_user_authorized_rhost (string)"
+msgstr "ldap_user_authorized_host (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:836
+#, fuzzy
+#| msgid ""
+#| "If access_provider=ldap and ldap_access_order=host, SSSD will use the "
+#| "presence of the host attribute in the user's LDAP entry to determine "
+#| "access privilege."
+msgid ""
+"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
+"presence of the rhost attribute in the user's LDAP entry to determine access "
+"privilege. Similarly to host verification process."
+msgstr ""
+"Якщо access_provider=ldap і ldap_access_order=host, SSSD використовуватиме "
+"наявність атрибута host у записі користувача LDAP для визначення прав "
+"доступу."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:843
+#, fuzzy
+#| msgid ""
+#| "An explicit deny (!host) is resolved first. Second, SSSD searches for "
+#| "explicit allow (host) and finally for allow_all (*)."
+msgid ""
+"An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
+"explicit allow (rhost) and finally for allow_all (*)."
+msgstr ""
+"Спочатку визначаються явні заборони (!host). Далі SSSD шукає явні дозволи "
+"(host) і нарешті загальні дозволи або allow_all (*)."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:848
+#, fuzzy
+#| msgid ""
+#| "Please note that the ldap_access_order configuration option "
+#| "<emphasis>must</emphasis> include <quote>host</quote> in order for the "
+#| "ldap_user_authorized_host option to work."
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>rhost</quote> in order for the "
+"ldap_user_authorized_rhost option to work."
+msgstr ""
+"Будь ласка, зауважте, що параметр налаштування ldap_access_order "
+"<emphasis>має</emphasis> включати <quote>host</quote>, щоб можна було "
+"скористатися параметром ldap_user_authorized_host."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:855
+#, fuzzy
+#| msgid "Default: host"
+msgid "Default: rhost"
+msgstr "Типове значення: host"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:861
 msgid "ldap_user_certificate (string)"
 msgstr "ldap_user_certificate (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:864
 msgid "Name of the LDAP attribute containing the X509 certificate of the user."
 msgstr "Назва атрибута LDAP, що містить сертифікат X509 користувача."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:840
+#: sssd-ldap.5.xml:868
 #, fuzzy
-#| msgid "Default: no set in the general case, userCertificate for IPA"
-msgid "Default: no set in the general case, userCertificate;binary for IPA"
-msgstr ""
-"Типове значення: не встановлено у загальному випадку, userCertificate для IPA"
+#| msgid "ldap_user_certificate = userCertificate;binary"
+msgid "Default: userCertificate;binary"
+msgstr "ldap_user_certificate = userCertificate;binary"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:847
-#, fuzzy
-#| msgid "ldap_user_shell (string)"
+#: sssd-ldap.5.xml:874
 msgid "ldap_user_email (string)"
-msgstr "ldap_user_shell (рядок)"
+msgstr "ldap_user_email (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:850
-#, fuzzy
-#| msgid ""
-#| "Name of the LDAP attribute containing the X509 certificate of the user."
+#: sssd-ldap.5.xml:877
 msgid "Name of the LDAP attribute containing the email address of the user."
-msgstr "Назва атрибута LDAP, що містить сертифікат X509 користувача."
+msgstr ""
+"Назва атрибута LDAP, який містить адресу електронної пошти користувача."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-#, fuzzy
-#| msgid "Default: false"
+#: sssd-ldap.5.xml:881
 msgid "Default: mail"
-msgstr "Типове значення: false"
+msgstr "Типове значення: mail"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:860
+#: sssd-ldap.5.xml:887
 msgid "ldap_group_object_class (string)"
 msgstr "ldap_group_object_class (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:890
 msgid "The object class of a group entry in LDAP."
 msgstr "Клас об’єктів запису групи у LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:893
 msgid "Default: posixGroup"
 msgstr "Типове значення: posixGroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:872
+#: sssd-ldap.5.xml:899
 msgid "ldap_group_name (string)"
 msgstr "ldap_group_name (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:875
+#: sssd-ldap.5.xml:902
 msgid "The LDAP attribute that corresponds to the group name."
 msgstr "Атрибут LDAP, що відповідає назві групи."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:879
+#: sssd-ldap.5.xml:906
 msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
-msgstr ""
+msgstr "Типове значення: cn (rfc2307, rfc2307bis і IPA), sAMAccountName (AD)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:886
+#: sssd-ldap.5.xml:913
 msgid "ldap_group_gid_number (string)"
 msgstr "ldap_group_gid_number (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:916
 msgid "The LDAP attribute that corresponds to the group's id."
 msgstr "Атрибут LDAP, що відповідає ідентифікатору групи."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:926
 msgid "ldap_group_member (string)"
 msgstr "ldap_group_member (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:902
+#: sssd-ldap.5.xml:929
 msgid "The LDAP attribute that contains the names of the group's members."
 msgstr "Атрибут LDAP, у якому містяться імена учасників групи."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:933
 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
 msgstr "Типове значення: memberuid (rfc2307) / member (rfc2307bis)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:939
 msgid "ldap_group_uuid (string)"
 msgstr "ldap_group_uuid (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:942
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
 msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта групи LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:953
 msgid "ldap_group_objectsid (string)"
 msgstr "ldap_group_objectsid (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:929
+#: sssd-ldap.5.xml:956
 msgid ""
 "The LDAP attribute that contains the objectSID of an LDAP group object. This "
 "is usually only necessary for ActiveDirectory servers."
@@ -5590,17 +5951,17 @@ msgstr ""
 "лише для серверів ActiveDirectory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:968
 msgid "ldap_group_modify_timestamp (string)"
 msgstr "ldap_group_modify_timestamp (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:981
 msgid "ldap_group_type (integer)"
 msgstr "ldap_group_type (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:957
+#: sssd-ldap.5.xml:984
 msgid ""
 "The LDAP attribute that contains an integer value indicating the type of the "
 "group and maybe other flags."
@@ -5609,7 +5970,7 @@ msgstr ""
 "можливо, інші прапорці."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:962
+#: sssd-ldap.5.xml:989
 msgid ""
 "This attribute is currently only used by the AD provider to determine if a "
 "group is a domain local groups and has to be filtered out for trusted "
@@ -5620,44 +5981,41 @@ msgstr ""
 "відфільтровано у списку надійних (довірених) доменів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:968
-#, fuzzy
-#| msgid "Default: groupType in the AD provider, othewise not set"
+#: sssd-ldap.5.xml:995
 msgid "Default: groupType in the AD provider, otherwise not set"
 msgstr ""
 "Типове значення: groupType у засобі надання даних AD, у інших засобах не "
 "встановлено"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:975
-#, fuzzy
-#| msgid "ldap_group_member (string)"
+#: sssd-ldap.5.xml:1002
 msgid "ldap_group_external_member (string)"
-msgstr "ldap_group_member (рядок)"
+msgstr "ldap_group_external_member (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:978
+#: sssd-ldap.5.xml:1005
 msgid ""
 "The LDAP attribute that references group members that are defined in an "
 "external domain. At the moment, only IPA's external members are supported."
 msgstr ""
+"Атрибут LDAP, який посилається на записи учасників групи, які визначено у "
+"зовнішньому домені. У поточній версії передбачено підтримку лише зовнішніх "
+"записів учасників IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
-#, fuzzy
-#| msgid "Default: groupType in the AD provider, othewise not set"
+#: sssd-ldap.5.xml:1011
 msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
 msgstr ""
-"Типове значення: groupType у засобі надання даних AD, у інших засобах не "
-"встановлено"
+"Типове значення: ipaExternalMember у засобі надання даних IPA, у інших "
+"засобах не визначено."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1018
 msgid "ldap_group_nesting_level (integer)"
 msgstr "ldap_group_nesting_level (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1021
 msgid ""
 "If ldap_schema is set to a schema format that supports nested groups (e.g. "
 "RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -5669,7 +6027,7 @@ msgstr ""
 "параметра буде проігноровано, якщо використано схему RFC2307."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
+#: sssd-ldap.5.xml:1028
 msgid ""
 "Note: This option specifies the guaranteed level of nested groups to be "
 "processed for any lookup. However, nested groups beyond this limit "
@@ -5685,13 +6043,7 @@ msgstr ""
 "початкового пошуку, якщо запити щодо пошуку надходять повторно."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-#, fuzzy
-#| msgid ""
-#| "If ldap_group_nesting_level is set to 0 then no nested groups are "
-#| "processed at all. However, when connected to Active-Directory Server 2008 "
-#| "and later it is furthermore required to disable usage of Token-Groups by "
-#| "setting ldap_use_tokengroups to false."
+#: sssd-ldap.5.xml:1037
 msgid ""
 "If ldap_group_nesting_level is set to 0 then no nested groups are processed "
 "at all. However, when connected to Active-Directory Server 2008 and later "
@@ -5701,22 +6053,23 @@ msgid ""
 msgstr ""
 "Якщо значенням ldap_group_nesting_level є 0, вкладені групи взагалі не "
 "оброблятимуться. Втім, якщо з’єднання встановлено з Active-Directory Server "
-"2008 та новішими версіями, слід також вимкнути використання груп "
-"реєстраційних записів (Token-Groups) встановленням для параметра "
-"ldap_use_tokengroups значення false."
+"2008 та новішими версіями з використанням <quote>id_provider=ad</quote>, "
+"слід також вимкнути використання груп реєстраційних записів (Token-Groups) "
+"встановленням для параметра ldap_use_tokengroups значення false з метою "
+"обмеження вкладеності у групах."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1046
 msgid "Default: 2"
 msgstr "Типове значення: 2"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1025
+#: sssd-ldap.5.xml:1052
 msgid "ldap_groups_use_matching_rule_in_chain"
 msgstr "ldap_groups_use_matching_rule_in_chain"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1028
+#: sssd-ldap.5.xml:1055
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which may speed up group lookup operations on deployments with "
@@ -5728,7 +6081,7 @@ msgstr ""
 "високим рівнем вкладеності."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1034
+#: sssd-ldap.5.xml:1061
 msgid ""
 "In most common cases, it is best to leave this option disabled. It generally "
 "only provides a performance increase on very complex nestings."
@@ -5737,7 +6090,7 @@ msgstr ""
 "можна буде спостерігати лише у дуже складних випадках вкладеності груп."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039 sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1093
 msgid ""
 "If this option is enabled, SSSD will use it if it detects that the server "
 "supports it during initial connection. So \"True\" here essentially means "
@@ -5748,7 +6101,7 @@ msgstr ""
 "можливості. Отже, насправді значення «True» означає «визначити автоматично»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1072
+#: sssd-ldap.5.xml:1072 sssd-ldap.5.xml:1099
 msgid ""
 "Note: This feature is currently known to work only with Active Directory "
 "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -5761,12 +6114,12 @@ msgstr ""
 "windows/desktop/aa746475%28v=vs.85%29.aspx\">документації MSDN(TM)</ulink>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1057
+#: sssd-ldap.5.xml:1084
 msgid "ldap_initgroups_use_matching_rule_in_chain"
 msgstr "ldap_initgroups_use_matching_rule_in_chain"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1087
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which might speed up initgroups operations (most notably when "
@@ -5779,7 +6132,7 @@ msgstr ""
 "вкладеності."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1114
 msgid ""
 "This options enables or disables use of Token-Groups attribute when "
 "performing initgroup for users from Active Directory Server 2008 and later."
@@ -5789,115 +6142,115 @@ msgstr ""
 "Directory Server 2008 та новіших версій."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1092
+#: sssd-ldap.5.xml:1119
 msgid "Default: True for AD and IPA otherwise False."
 msgstr "Типове значення: True для AD і IPA, інакше False."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1125
 msgid "ldap_netgroup_object_class (string)"
 msgstr "ldap_netgroup_object_class (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1101
+#: sssd-ldap.5.xml:1128
 msgid "The object class of a netgroup entry in LDAP."
 msgstr "Клас об’єктів запису мережевої групи (netgroup) у LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1104
+#: sssd-ldap.5.xml:1131
 msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
 msgstr "У надавачі даних IPA має бути використано ipa_netgroup_object_class."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1108
+#: sssd-ldap.5.xml:1135
 msgid "Default: nisNetgroup"
 msgstr "Типове значення: nisNetgroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1114
+#: sssd-ldap.5.xml:1141
 msgid "ldap_netgroup_name (string)"
 msgstr "ldap_netgroup_name (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1117
+#: sssd-ldap.5.xml:1144
 msgid "The LDAP attribute that corresponds to the netgroup name."
 msgstr "Атрибут LDAP, що відповідає назві мережевої групи (netgroup)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1121
+#: sssd-ldap.5.xml:1148
 msgid "In IPA provider, ipa_netgroup_name should be used instead."
 msgstr "У надавачі даних IPA має бути використано ipa_netgroup_name."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1131
+#: sssd-ldap.5.xml:1158
 msgid "ldap_netgroup_member (string)"
 msgstr "ldap_netgroup_member (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1134
+#: sssd-ldap.5.xml:1161
 msgid "The LDAP attribute that contains the names of the netgroup's members."
 msgstr ""
 "Атрибут LDAP, у якому містяться імена учасників мережевої групи (netgroup)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1165
 msgid "In IPA provider, ipa_netgroup_member should be used instead."
 msgstr "У надавачі даних IPA має бути використано ipa_netgroup_member."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1142
+#: sssd-ldap.5.xml:1169
 msgid "Default: memberNisNetgroup"
 msgstr "Типове значення: memberNisNetgroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1175
 msgid "ldap_netgroup_triple (string)"
 msgstr "ldap_netgroup_triple (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1178
 msgid ""
 "The LDAP attribute that contains the (host, user, domain) netgroup triples."
 msgstr ""
 "Атрибут LDAP, що містить трійки мережевої групи (вузол, користувач, домен)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1155 sssd-ldap.5.xml:1171
+#: sssd-ldap.5.xml:1182 sssd-ldap.5.xml:1198
 msgid "This option is not available in IPA provider."
 msgstr "Цим параметром не можна скористатися у надавачі даних IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1158
+#: sssd-ldap.5.xml:1185
 msgid "Default: nisNetgroupTriple"
 msgstr "Типове значення: nisNetgroupTriple"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1191
 msgid "ldap_netgroup_modify_timestamp (string)"
 msgstr "ldap_netgroup_modify_timestamp (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1207
 msgid "ldap_service_object_class (string)"
 msgstr "ldap_service_object_class (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1210
 msgid "The object class of a service entry in LDAP."
 msgstr "Клас об’єктів запису служби у LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1186
+#: sssd-ldap.5.xml:1213
 msgid "Default: ipService"
 msgstr "Типове значення: ipService"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1192
+#: sssd-ldap.5.xml:1219
 msgid "ldap_service_name (string)"
 msgstr "ldap_service_name (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1195
+#: sssd-ldap.5.xml:1222
 msgid ""
 "The LDAP attribute that contains the name of service attributes and their "
 "aliases."
@@ -5905,48 +6258,48 @@ msgstr ""
 "Атрибут LDAP, що містить назву атрибутів служби та замінників цих атрибутів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1205
+#: sssd-ldap.5.xml:1232
 msgid "ldap_service_port (string)"
 msgstr "ldap_service_port (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1235
 msgid "The LDAP attribute that contains the port managed by this service."
 msgstr "Атрибут LDAP, що містить номер порту, яким керує ця служба."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1239
 msgid "Default: ipServicePort"
 msgstr "Типове значення: ipServicePort"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1245
 msgid "ldap_service_proto (string)"
 msgstr "ldap_service_proto (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1248
 msgid ""
 "The LDAP attribute that contains the protocols understood by this service."
 msgstr "Атрибут LDAP, що містить протоколи, за яким може працювати ця служба."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1252
 msgid "Default: ipServiceProtocol"
 msgstr "Типове значення: ipServiceProtocol"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1231
+#: sssd-ldap.5.xml:1258
 msgid "ldap_service_search_base (string)"
 msgstr "ldap_service_search_base (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1236
+#: sssd-ldap.5.xml:1263
 msgid "ldap_search_timeout (integer)"
 msgstr "ldap_search_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1266
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches are allowed to run "
 "before they are cancelled and cached results are returned (and offline mode "
@@ -5957,7 +6310,7 @@ msgstr ""
 "автономного режиму роботи)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1245
+#: sssd-ldap.5.xml:1272
 msgid ""
 "Note: this option is subject to change in future versions of the SSSD. It "
 "will likely be replaced at some point by a series of timeouts for specific "
@@ -5968,12 +6321,12 @@ msgstr ""
 "окремих типів пошуків."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1257
+#: sssd-ldap.5.xml:1284
 msgid "ldap_enumeration_search_timeout (integer)"
 msgstr "ldap_enumeration_search_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1260
+#: sssd-ldap.5.xml:1287
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches for user and group "
 "enumerations are allowed to run before they are cancelled and cached results "
@@ -5984,12 +6337,12 @@ msgstr ""
 "кешованих даних (і переходом до автономного режиму роботи)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1273
+#: sssd-ldap.5.xml:1300
 msgid "ldap_network_timeout (integer)"
 msgstr "ldap_network_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1303
 msgid ""
 "Specifies the timeout (in seconds) after which the <citerefentry> "
 "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -6006,12 +6359,12 @@ msgstr ""
 "citerefentry> повертається до стану бездіяльності."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1326
 msgid "ldap_opt_timeout (integer)"
 msgstr "ldap_opt_timeout (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1329
 msgid ""
 "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
 "will abort if no response is received. Also controls the timeout when "
@@ -6025,12 +6378,12 @@ msgstr ""
 "розширеної операції зі зміни пароля та дії StartTLS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1344
 msgid "ldap_connection_expire_timeout (integer)"
 msgstr "ldap_connection_expire_timeout (ціле значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1347
 msgid ""
 "Specifies a timeout (in seconds) that a connection to an LDAP server will be "
 "maintained. After this time, the connection will be re-established. If used "
@@ -6044,17 +6397,17 @@ msgstr ""
 "дії TGT)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1328 sssd-ldap.5.xml:2397
+#: sssd-ldap.5.xml:1355 sssd-ldap.5.xml:2433
 msgid "Default: 900 (15 minutes)"
 msgstr "Типове значення: 900 (15 хвилин)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1361
 msgid "ldap_page_size (integer)"
 msgstr "ldap_page_size (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1364
 msgid ""
 "Specify the number of records to retrieve from LDAP in a single request. "
 "Some LDAP servers enforce a maximum limit per-request."
@@ -6064,17 +6417,17 @@ msgstr ""
 "один запит."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1342
+#: sssd-ldap.5.xml:1369
 msgid "Default: 1000"
 msgstr "Типове значення: 1000"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1375
 msgid "ldap_disable_paging (boolean)"
 msgstr "ldap_disable_paging (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1378
 msgid ""
 "Disable the LDAP paging control. This option should be used if the LDAP "
 "server reports that it supports the LDAP paging control in its RootDSE but "
@@ -6085,7 +6438,7 @@ msgstr ""
 "RootDSE, але цю підтримку не увімкнено або вона не працює належним чином."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1384
 msgid ""
 "Example: OpenLDAP servers with the paging control module installed on the "
 "server but not enabled will report it in the RootDSE but be unable to use it."
@@ -6095,7 +6448,7 @@ msgstr ""
 "підтримкою не можна скористатися."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1363
+#: sssd-ldap.5.xml:1390
 msgid ""
 "Example: 389 DS has a bug where it can only support a one paging control at "
 "a time on a single connection. On busy clients, this can result in some "
@@ -6106,17 +6459,17 @@ msgstr ""
 "це може призвести до відмови у виконанні запитів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1375
+#: sssd-ldap.5.xml:1402
 msgid "ldap_disable_range_retrieval (boolean)"
 msgstr "ldap_disable_range_retrieval (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1378
+#: sssd-ldap.5.xml:1405
 msgid "Disable Active Directory range retrieval."
 msgstr "Вимкнути отримання діапазону Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1381
+#: sssd-ldap.5.xml:1408
 msgid ""
 "Active Directory limits the number of members to be retrieved in a single "
 "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -6132,12 +6485,12 @@ msgstr ""
 "буде представлено як такі, у яких немає учасників."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1396
+#: sssd-ldap.5.xml:1423
 msgid "ldap_sasl_minssf (integer)"
 msgstr "ldap_sasl_minssf (ціле значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1426
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -6148,19 +6501,19 @@ msgstr ""
 "параметра визначається OpenLDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1432
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 "Типове значення: типове для системи значення (зазвичай, визначається у ldap."
 "conf)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1439
 msgid "ldap_deref_threshold (integer)"
 msgstr "ldap_deref_threshold (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1415
+#: sssd-ldap.5.xml:1442
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -6172,7 +6525,7 @@ msgstr ""
 "виконуватиметься окремо."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1448
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0."
 msgstr ""
@@ -6180,7 +6533,7 @@ msgstr ""
 "(розіменуванням), якщо вкажете значення 0."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1452
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -6193,7 +6546,7 @@ msgstr ""
 "OpenLDAP та Active Directory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1433
+#: sssd-ldap.5.xml:1460
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -6204,12 +6557,12 @@ msgstr ""
 "незалежно від використання цього параметра."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1473
 msgid "ldap_tls_reqcert (string)"
 msgstr "ldap_tls_reqcert (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1449
+#: sssd-ldap.5.xml:1476
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
@@ -6219,7 +6572,7 @@ msgstr ""
 "таких значень:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1482
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
@@ -6228,7 +6581,7 @@ msgstr ""
 "жодних сертифікатів сервера."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1486
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6240,7 +6593,7 @@ msgstr ""
 "режимі."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466
+#: sssd-ldap.5.xml:1493
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -6251,7 +6604,7 @@ msgstr ""
 "надано помилковий сертифікат, негайно перервати сеанс."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1472
+#: sssd-ldap.5.xml:1499
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -6262,22 +6615,22 @@ msgstr ""
 "перервати сеанс."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1478
+#: sssd-ldap.5.xml:1505
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr "<emphasis>hard</emphasis> = те саме, що і <quote>demand</quote>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1509
 msgid "Default: hard"
 msgstr "Типове значення: hard"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1515
 msgid "ldap_tls_cacert (string)"
 msgstr "ldap_tls_cacert (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1518
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
@@ -6286,7 +6639,7 @@ msgstr ""
 "розпізнаються <command>sssd</command>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1496 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1523 sssd-ldap.5.xml:1541 sssd-ldap.5.xml:1582
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
@@ -6295,12 +6648,12 @@ msgstr ""
 "у <filename>/etc/openldap/ldap.conf</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1530
 msgid "ldap_tls_cacertdir (string)"
 msgstr "ldap_tls_cacertdir (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1533
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -6313,32 +6666,32 @@ msgstr ""
 "<command>cacertdir_rehash</command>, якщо ця програма є доступною."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1548
 msgid "ldap_tls_cert (string)"
 msgstr "ldap_tls_cert (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1524
+#: sssd-ldap.5.xml:1551
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr "Визначає файл, який містить сертифікат для ключа клієнта."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1534
+#: sssd-ldap.5.xml:1561
 msgid "ldap_tls_key (string)"
 msgstr "ldap_tls_key (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1564
 msgid "Specifies the file that contains the client's key."
 msgstr "Визначає файл, у якому міститься ключ клієнта."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1573
 msgid "ldap_tls_cipher_suite (string)"
 msgstr "ldap_tls_cipher_suite (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1576
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -6350,12 +6703,12 @@ msgstr ""
 "<manvolnum>5</manvolnum></citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1589
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr "ldap_id_use_start_tls (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1565
+#: sssd-ldap.5.xml:1592
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem class="
 "\"protocol\">tls</systemitem> to protect the channel."
@@ -6364,12 +6717,12 @@ msgstr ""
 "class=\"protocol\">tls</systemitem> для захисту каналу."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1602
 msgid "ldap_id_mapping (boolean)"
 msgstr "ldap_id_mapping (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1605
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -6381,21 +6734,19 @@ msgstr ""
 "ldap_group_gid_number."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1584
+#: sssd-ldap.5.xml:1611
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 "У поточній версії у цій можливості передбачено підтримку лише встановлення "
 "відповідності objectSID у ActiveDirectory."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1594
-#, fuzzy
-#| msgid "ldap_min_id, ldap_max_id (interger)"
+#: sssd-ldap.5.xml:1621
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr "ldap_min_id, ldap_max_id (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1624
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -6415,18 +6766,18 @@ msgstr ""
 "ідентифікаторів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1636
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 "Типове значення: не встановлено (обидва параметри встановлено у значення 0)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1642
 msgid "ldap_sasl_mech (string)"
 msgstr "ldap_sasl_mech (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1645
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
 "supported."
@@ -6435,12 +6786,12 @@ msgstr ""
 "перевірено і підтримується лише механізм GSSAPI."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1655
 msgid "ldap_sasl_authid (string)"
 msgstr "ldap_sasl_authid (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1658
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI is used, this "
 "represents the Kerberos principal used for authentication to the directory.  "
@@ -6455,17 +6806,17 @@ msgstr ""
 "myhost)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1666
 msgid "Default: host/hostname@REALM"
 msgstr "Типове значення: вузол/назва_вузла@ОБЛАСТЬ"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1672
 msgid "ldap_sasl_realm (string)"
 msgstr "ldap_sasl_realm (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1648
+#: sssd-ldap.5.xml:1675
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -6477,17 +6828,17 @@ msgstr ""
 "проігноровано."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1681
 msgid "Default: the value of krb5_realm."
 msgstr "Типове значення: значення krb5_realm."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1687
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr "ldap_sasl_canonicalize (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1663
+#: sssd-ldap.5.xml:1690
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
@@ -6497,34 +6848,34 @@ msgstr ""
 "SASL."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1668
+#: sssd-ldap.5.xml:1695
 msgid "Default: false;"
 msgstr "Типове значення: false;"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1701
 msgid "ldap_krb5_keytab (string)"
 msgstr "ldap_krb5_keytab (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1677
+#: sssd-ldap.5.xml:1704
 msgid "Specify the keytab to use when using SASL/GSSAPI."
 msgstr "Визначає таблицю ключів, яку слід використовувати разом з SASL/GSSAPI."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1680
+#: sssd-ldap.5.xml:1707
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 "Типове значення: системна таблиця ключів, зазвичай <filename>/etc/krb5."
 "keytab</filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1686
+#: sssd-ldap.5.xml:1713
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr "ldap_krb5_init_creds (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1689
+#: sssd-ldap.5.xml:1716
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -6535,27 +6886,27 @@ msgstr ""
 "механізм GSSAPI."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1728
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr "ldap_krb5_ticket_lifetime (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1704
+#: sssd-ldap.5.xml:1731
 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr "Визначає строк дії (у секундах) TGT, якщо використовується GSSAPI."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1708 sssd-ad.5.xml:914
+#: sssd-ldap.5.xml:1735 sssd-ad.5.xml:914
 msgid "Default: 86400 (24 hours)"
 msgstr "Типове значення: 86400 (24 години)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1714 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1741 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr "krb5_server, krb5_backup_server (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1717
+#: sssd-ldap.5.xml:1744
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -6574,7 +6925,7 @@ msgstr ""
 "про виявлення служб можна дізнатися з розділу «ПОШУК СЛУЖБ»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1756 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -6586,7 +6937,7 @@ msgstr ""
 "вдасться знайти."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1761 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -6597,29 +6948,29 @@ msgstr ""
 "варто перейти на використання «krb5_server» у файлах налаштувань."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1743 sssd-ipa.5.xml:418 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1770 sssd-ipa.5.xml:432 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr "krb5_realm (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1746
+#: sssd-ldap.5.xml:1773
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
 msgstr "Вказати область Kerberos (для розпізнавання за SASL/GSSAPI)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1749
+#: sssd-ldap.5.xml:1776
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 "Типове значення: типове значення системи, див. <filename>/etc/krb5.conf</"
 "filename>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1755 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1782 sssd-krb5.5.xml:462
 msgid "krb5_canonicalize (boolean)"
 msgstr "krb5_canonicalize (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1785
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -6629,12 +6980,12 @@ msgstr ""
 "версії MIT Kerberos >= 1.7"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1770 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1797 sssd-krb5.5.xml:477
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr "krb5_use_kdcinfo (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1773 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1800 sssd-krb5.5.xml:480
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -6649,7 +7000,7 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1811 sssd-krb5.5.xml:491
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -6660,12 +7011,12 @@ msgstr ""
 "manvolnum> </citerefentry>, щоб дізнатися більше про додаток пошуку."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1825
 msgid "ldap_pwd_policy (string)"
 msgstr "ldap_pwd_policy (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1828
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
@@ -6674,7 +7025,7 @@ msgstr ""
 "використовувати такі значення:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1806
+#: sssd-ldap.5.xml:1833
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
@@ -6683,7 +7034,7 @@ msgstr ""
 "разі використання цього варіанта перевірку на боці сервера вимкнено не буде."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1811
+#: sssd-ldap.5.xml:1838
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -6694,7 +7045,7 @@ msgstr ""
 "manvolnum></citerefentry> для визначення того, чи чинним є пароль."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1817
+#: sssd-ldap.5.xml:1844
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -6705,7 +7056,7 @@ msgstr ""
 "скористайтеся chpass_provider=krb5 для оновлення цих атрибутів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1826
+#: sssd-ldap.5.xml:1853
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
@@ -6715,18 +7066,18 @@ msgstr ""
 "встановленими за допомогою цього параметра."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1861
 msgid "ldap_referrals (boolean)"
 msgstr "ldap_referrals (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1864
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 "Визначає, чи має бути увімкнено автоматичне визначення напрямків пошуку."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1868
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
@@ -6735,7 +7086,7 @@ msgstr ""
 "з версією OpenLDAP 2.4.13 або новішою версією."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1873
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -6749,28 +7100,28 @@ msgstr ""
 "«false» може значно пришвидшити роботу."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1887
 msgid "ldap_dns_service_name (string)"
 msgstr "ldap_dns_service_name (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1890
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 "Визначає назву служби, яку буде використано у разі вмикання визначення служб."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1894
 msgid "Default: ldap"
 msgstr "Типове значення: ldap"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1900
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr "ldap_chpass_dns_service_name (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1876
+#: sssd-ldap.5.xml:1903
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
@@ -6779,17 +7130,17 @@ msgstr ""
 "уможливлює зміну паролів, у разі вмикання визначення служб."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1881
+#: sssd-ldap.5.xml:1908
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr "Типове значення: не встановлено, тобто пошук служб вимкнено"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1887
+#: sssd-ldap.5.xml:1914
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr "ldap_chpass_update_last_change (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1890
+#: sssd-ldap.5.xml:1917
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
@@ -6798,12 +7149,12 @@ msgstr ""
 "щодо кількості днів з часу виконання дії зі зміни пароля."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1902
+#: sssd-ldap.5.xml:1929
 msgid "ldap_access_filter (string)"
 msgstr "ldap_access_filter (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1932
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -6832,12 +7183,12 @@ msgstr ""
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1952
 msgid "Example:"
 msgstr "Приклад:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1928
+#: sssd-ldap.5.xml:1955
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -6849,7 +7200,7 @@ msgstr ""
 "                        "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1959
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
@@ -6858,13 +7209,7 @@ msgstr ""
 "employeeType встановлено у значення «admin»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1937
-#, fuzzy
-#| msgid ""
-#| "Offline caching for this feature is limited to determining whether the "
-#| "user's last online login was granted access permission. If they were "
-#| "granted access during their last login, they will continue to be granted "
-#| "access while offline and vice-versa."
+#: sssd-ldap.5.xml:1964
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -6878,17 +7223,17 @@ msgstr ""
 "таких прав не було надано, у автономному режимі їх також не буде надано."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1945 sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:1972 sssd-ldap.5.xml:2029
 msgid "Default: Empty"
 msgstr "Типове значення: порожній рядок"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1951
+#: sssd-ldap.5.xml:1978
 msgid "ldap_account_expire_policy (string)"
 msgstr "ldap_account_expire_policy (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1981
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
@@ -6897,7 +7242,7 @@ msgstr ""
 "керування доступом на боці клієнта."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1958
+#: sssd-ldap.5.xml:1985
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -6908,12 +7253,12 @@ msgstr ""
 "з відповідним кодом помилки, навіть якщо вказано правильний пароль."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1965
+#: sssd-ldap.5.xml:1992
 msgid "The following values are allowed:"
 msgstr "Можна використовувати такі значення:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1995
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
@@ -6922,7 +7267,7 @@ msgstr ""
 "визначити, чи завершено строк дії облікового запису."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1973
+#: sssd-ldap.5.xml:2000
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -6935,7 +7280,7 @@ msgstr ""
 "Також буде перевірено, чи не вичерпано строк дії облікового запису."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:2007
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -6946,7 +7291,7 @@ msgstr ""
 "ldap_ns_account_lock."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1986
+#: sssd-ldap.5.xml:2013
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -6959,7 +7304,7 @@ msgstr ""
 "атрибутів, надати доступ."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2022
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -6970,24 +7315,24 @@ msgstr ""
 "користуватися параметром ldap_account_expire_policy."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2035
 msgid "ldap_access_order (string)"
 msgstr "ldap_access_order (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2011
+#: sssd-ldap.5.xml:2038
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 "Список відокремлених комами параметрів керування доступом. Можливі значення "
 "списку:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2042
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr "<emphasis>filter</emphasis>: використовувати ldap_access_filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2045
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -7002,7 +7347,7 @@ msgstr ""
 "для працездатності цієї можливості слід встановити «access_provider = ldap»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2028
+#: sssd-ldap.5.xml:2055
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
@@ -7012,7 +7357,7 @@ msgstr ""
 "emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2062
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -7035,13 +7380,13 @@ msgstr ""
 "параметра слід встановити значення «access_provider = ldap»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2052
+#: sssd-ldap.5.xml:2079
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr ""
 "<emphasis>expire</emphasis>: використовувати ldap_account_expire_policy"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2056
+#: sssd-ldap.5.xml:2083
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -7056,7 +7401,7 @@ msgstr ""
 "наприклад на ключах SSH."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2093
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -7071,7 +7416,7 @@ msgstr ""
 "негайно змінити пароль."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2101
 msgid ""
 "Note If user password is expired no explicit message is prompted by SSSD."
 msgstr ""
@@ -7079,7 +7424,7 @@ msgstr ""
 "від SSSD не надходитиме."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2105
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
@@ -7089,7 +7434,7 @@ msgstr ""
 "параметра «ldap_pwd_policy» відповідні правила поводження із паролями."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2083
+#: sssd-ldap.5.xml:2110
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
@@ -7098,19 +7443,38 @@ msgstr ""
 "можливості доступу атрибут authorizedService"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2115
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 "<emphasis>host</emphasis>: за допомогою цього атрибута вузла можна визначити "
 "права доступу"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2092
+#: sssd-ldap.5.xml:2119
+#, fuzzy
+#| msgid ""
+#| "<emphasis>host</emphasis>: use the host attribute to determine access"
+msgid ""
+"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
+"remote host can access"
+msgstr ""
+"<emphasis>host</emphasis>: за допомогою цього атрибута вузла можна визначити "
+"права доступу"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2123
+msgid ""
+"Please note, rhost field in pam is set by application, it is better to check "
+"what the application sends to pam, before enabling this access control option"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2128
 msgid "Default: filter"
 msgstr "Типове значення: filter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2095
+#: sssd-ldap.5.xml:2131
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
@@ -7119,12 +7483,12 @@ msgstr ""
 "використано декілька разів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2102
+#: sssd-ldap.5.xml:2138
 msgid "ldap_pwdlockout_dn (string)"
 msgstr "ldap_pwdlockout_dn (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2105
+#: sssd-ldap.5.xml:2141
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -7138,22 +7502,22 @@ msgstr ""
 "можна буде перевірити належним чином."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2113
+#: sssd-ldap.5.xml:2149
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr "Приклад: cn=ppolicy,ou=policies,dc=example,dc=com"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2152
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr "Типове значення: cn=ppolicy,ou=policies,$ldap_search_base"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2122
+#: sssd-ldap.5.xml:2158
 msgid "ldap_deref (string)"
 msgstr "ldap_deref (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2125
+#: sssd-ldap.5.xml:2161
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
@@ -7162,13 +7526,13 @@ msgstr ""
 "пошуку. Можливі такі варіанти:"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2130
+#: sssd-ldap.5.xml:2166
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 "<emphasis>never</emphasis>: ніколи не виконувати розіменування псевдонімів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2134
+#: sssd-ldap.5.xml:2170
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
@@ -7178,7 +7542,7 @@ msgstr ""
 "пошуку."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2139
+#: sssd-ldap.5.xml:2175
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
@@ -7187,7 +7551,7 @@ msgstr ""
 "під час визначення місця основного об’єкта пошуку."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2144
+#: sssd-ldap.5.xml:2180
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
@@ -7196,7 +7560,7 @@ msgstr ""
 "час пошуку, так і під час визначення місця основного об’єкта пошуку."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2149
+#: sssd-ldap.5.xml:2185
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
@@ -7205,12 +7569,12 @@ msgstr ""
 "сценарієм <emphasis>never</emphasis>)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2157
+#: sssd-ldap.5.xml:2193
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr "ldap_rfc2307_fallback_to_local_users (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2196
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
@@ -7219,7 +7583,7 @@ msgstr ""
 "серверів, у яких використовується схема RFC2307."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2200
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -7237,7 +7601,7 @@ msgstr ""
 "користувачів за допомогою виклику getpw*() або initgroups()."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2175
+#: sssd-ldap.5.xml:2211
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -7249,28 +7613,32 @@ msgstr ""
 "групами LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2223 sssd-ifp.5.xml:136
 #, fuzzy
-#| msgid "ldap_opt_timeout (integer)"
-msgid "wildcart_limit (integer)"
-msgstr "ldap_opt_timeout (ціле число)"
+#| msgid "wildcart_limit (integer)"
+msgid "wildcard_limit (integer)"
+msgstr "wildcart_limit (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2226
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
+"Визначає верхню межу для кількості записів, які отримуватимуться під час "
+"пошуку з використанням символів-замінників."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2194
+#: sssd-ldap.5.xml:2230
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
+"У поточній версії пошук із використанням символів-замінників передбачено "
+"лише для відповідача InfoPipe."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2234
 msgid "Default: 1000 (often the size of one page)"
-msgstr ""
+msgstr "Типове значення: 1000 (часто розмір однієї сторінки)"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ldap.5.xml:51
@@ -7288,12 +7656,12 @@ msgstr ""
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2244
 msgid "SUDO OPTIONS"
 msgstr "ПАРАМЕТРИ SUDO"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2210
+#: sssd-ldap.5.xml:2246
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -7304,52 +7672,52 @@ msgstr ""
 "<manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2221
+#: sssd-ldap.5.xml:2257
 msgid "ldap_sudorule_object_class (string)"
 msgstr "ldap_sudorule_object_class (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2260
 msgid "The object class of a sudo rule entry in LDAP."
 msgstr "Клас об’єктів запису правила sudo у LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2227
+#: sssd-ldap.5.xml:2263
 msgid "Default: sudoRole"
 msgstr "Типове значення: sudoRole"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2233
+#: sssd-ldap.5.xml:2269
 msgid "ldap_sudorule_name (string)"
 msgstr "ldap_sudorule_name (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2272
 msgid "The LDAP attribute that corresponds to the sudo rule name."
 msgstr "Атрибут LDAP, що відповідає назві правила sudo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2246
+#: sssd-ldap.5.xml:2282
 msgid "ldap_sudorule_command (string)"
 msgstr "ldap_sudorule_command (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2249
+#: sssd-ldap.5.xml:2285
 msgid "The LDAP attribute that corresponds to the command name."
 msgstr "Атрибут LDAP, що відповідає назві команди."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2253
+#: sssd-ldap.5.xml:2289
 msgid "Default: sudoCommand"
 msgstr "Типове значення: sudoCommand"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2259
+#: sssd-ldap.5.xml:2295
 msgid "ldap_sudorule_host (string)"
 msgstr "ldap_sudorule_host (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2262
+#: sssd-ldap.5.xml:2298
 msgid ""
 "The LDAP attribute that corresponds to the host name (or host IP address, "
 "host IP network, or host netgroup)"
@@ -7358,17 +7726,17 @@ msgstr ""
 "вузла, мережевій групі вузла)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2303
 msgid "Default: sudoHost"
 msgstr "Типове значення: sudoHost"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2273
+#: sssd-ldap.5.xml:2309
 msgid "ldap_sudorule_user (string)"
 msgstr "ldap_sudorule_user (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2276
+#: sssd-ldap.5.xml:2312
 msgid ""
 "The LDAP attribute that corresponds to the user name (or UID, group name or "
 "user's netgroup)"
@@ -7377,32 +7745,32 @@ msgstr ""
 "або назві мережевої групи користувача)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2316
 msgid "Default: sudoUser"
 msgstr "Типове значення: sudoUser"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2286
+#: sssd-ldap.5.xml:2322
 msgid "ldap_sudorule_option (string)"
 msgstr "ldap_sudorule_option (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2289
+#: sssd-ldap.5.xml:2325
 msgid "The LDAP attribute that corresponds to the sudo options."
 msgstr "Атрибут LDAP, що відповідає параметрам sudo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2329
 msgid "Default: sudoOption"
 msgstr "Типове значення: sudoOption"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2335
 msgid "ldap_sudorule_runasuser (string)"
 msgstr "ldap_sudorule_runasuser (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2302
+#: sssd-ldap.5.xml:2338
 msgid ""
 "The LDAP attribute that corresponds to the user name that commands may be "
 "run as."
@@ -7411,17 +7779,17 @@ msgstr ""
 "команди."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2306
+#: sssd-ldap.5.xml:2342
 msgid "Default: sudoRunAsUser"
 msgstr "Типове значення: sudoRunAsUser"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2312
+#: sssd-ldap.5.xml:2348
 msgid "ldap_sudorule_runasgroup (string)"
 msgstr "ldap_sudorule_runasgroup (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2351
 msgid ""
 "The LDAP attribute that corresponds to the group name or group GID that "
 "commands may be run as."
@@ -7430,17 +7798,17 @@ msgstr ""
 "виконувати команди."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2319
+#: sssd-ldap.5.xml:2355
 msgid "Default: sudoRunAsGroup"
 msgstr "Типове значення: sudoRunAsGroup"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2361
 msgid "ldap_sudorule_notbefore (string)"
 msgstr "ldap_sudorule_notbefore (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2328
+#: sssd-ldap.5.xml:2364
 msgid ""
 "The LDAP attribute that corresponds to the start date/time for when the sudo "
 "rule is valid."
@@ -7448,49 +7816,49 @@ msgstr ""
 "Атрибут LDAP, що відповідає даті і часу набуття чинності правилом sudo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2332
+#: sssd-ldap.5.xml:2368
 msgid "Default: sudoNotBefore"
 msgstr "Типове значення: sudoNotBefore"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2338
+#: sssd-ldap.5.xml:2374
 msgid "ldap_sudorule_notafter (string)"
 msgstr "ldap_sudorule_notafter (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2341
+#: sssd-ldap.5.xml:2377
 msgid ""
 "The LDAP attribute that corresponds to the expiration date/time, after which "
 "the sudo rule will no longer be valid."
 msgstr "Атрибут LDAP, що відповідає даті і часу втрати чинності правилом sudo."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2346
+#: sssd-ldap.5.xml:2382
 msgid "Default: sudoNotAfter"
 msgstr "Типове значення: sudoNotAfter"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2352
+#: sssd-ldap.5.xml:2388
 msgid "ldap_sudorule_order (string)"
 msgstr "ldap_sudorule_order (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2391
 msgid "The LDAP attribute that corresponds to the ordering index of the rule."
 msgstr "Атрибут LDAP, що відповідає порядковому номеру правила."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2359
+#: sssd-ldap.5.xml:2395
 msgid "Default: sudoOrder"
 msgstr "Типове значення: sudoOrder"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2365
+#: sssd-ldap.5.xml:2401
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr "ldap_sudo_full_refresh_interval (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2368
+#: sssd-ldap.5.xml:2404
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
@@ -7500,7 +7868,7 @@ msgstr ""
 "набір правил, що зберігаються на сервері."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2373
+#: sssd-ldap.5.xml:2409
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
@@ -7509,17 +7877,17 @@ msgstr ""
 "<emphasis>ldap_sudo_smart_refresh_interval </emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2378
+#: sssd-ldap.5.xml:2414
 msgid "Default: 21600 (6 hours)"
 msgstr "Типове значення: 21600 (6 годин)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2420
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr "ldap_sudo_smart_refresh_interval (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387
+#: sssd-ldap.5.xml:2423
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest USN "
@@ -7530,7 +7898,7 @@ msgstr ""
 "правил, USN яких перевищує найбільше значення USN у кешованих правилах."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2429
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
@@ -7539,12 +7907,12 @@ msgstr ""
 "дані атрибута modifyTimestamp."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2403
+#: sssd-ldap.5.xml:2439
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr "ldap_sudo_use_host_filter (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2406
+#: sssd-ldap.5.xml:2442
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
@@ -7554,12 +7922,12 @@ msgstr ""
 "назв вузлів)."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2417
+#: sssd-ldap.5.xml:2453
 msgid "ldap_sudo_hostnames (string)"
 msgstr "ldap_sudo_hostnames (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2420
+#: sssd-ldap.5.xml:2456
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
@@ -7568,7 +7936,7 @@ msgstr ""
 "фільтрування списку правил."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2425
+#: sssd-ldap.5.xml:2461
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
@@ -7577,8 +7945,8 @@ msgstr ""
 "назву вузла та повну назву комп’ютера у домені у автоматичному режимі."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2430 sssd-ldap.5.xml:2453 sssd-ldap.5.xml:2471
-#: sssd-ldap.5.xml:2489
+#: sssd-ldap.5.xml:2466 sssd-ldap.5.xml:2489 sssd-ldap.5.xml:2507
+#: sssd-ldap.5.xml:2525
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
@@ -7587,17 +7955,17 @@ msgstr ""
 "<emphasis>false</emphasis>, цей параметр ні на що не впливатиме."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2435 sssd-ldap.5.xml:2458
+#: sssd-ldap.5.xml:2471 sssd-ldap.5.xml:2494
 msgid "Default: not specified"
 msgstr "Типове значення: не вказано"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2477
 msgid "ldap_sudo_ip (string)"
 msgstr "ldap_sudo_ip (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2444
+#: sssd-ldap.5.xml:2480
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
@@ -7606,7 +7974,7 @@ msgstr ""
 "правил."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2449
+#: sssd-ldap.5.xml:2485
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
@@ -7615,12 +7983,12 @@ msgstr ""
 "адресу у автоматичному режимі."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2464
+#: sssd-ldap.5.xml:2500
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr "ldap_sudo_include_netgroups (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2467
+#: sssd-ldap.5.xml:2503
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
@@ -7629,12 +7997,12 @@ msgstr ""
 "мережеву групу (netgroup) у атрибуті sudoHost."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2482
+#: sssd-ldap.5.xml:2518
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr "ldap_sudo_include_regexp (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2485
+#: sssd-ldap.5.xml:2521
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
@@ -7643,7 +8011,7 @@ msgstr ""
 "заміни у атрибуті sudoHost."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2501
+#: sssd-ldap.5.xml:2537
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -7656,93 +8024,97 @@ msgstr ""
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2547
 msgid "AUTOFS OPTIONS"
 msgstr "ПАРАМЕТРИ AUTOFS"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2513
+#: sssd-ldap.5.xml:2549
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
+"Деякі типові значення параметрів, описаних нижче, залежать від бази даних "
+"LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2555
 msgid "ldap_autofs_map_master_name (string)"
 msgstr "ldap_autofs_map_master_name (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2522
+#: sssd-ldap.5.xml:2558
 msgid "The name of the automount master map in LDAP."
 msgstr "Назва основної карти автоматичного монтування у LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2525
+#: sssd-ldap.5.xml:2561
 msgid "Default: auto.master"
 msgstr "Типове значення: auto.master"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2532
+#: sssd-ldap.5.xml:2568
 msgid "ldap_autofs_map_object_class (string)"
 msgstr "ldap_autofs_map_object_class (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2535
+#: sssd-ldap.5.xml:2571
 msgid "The object class of an automount map entry in LDAP."
 msgstr "Клас об’єктів запису карти автоматичного монтування у LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2538
+#: sssd-ldap.5.xml:2574
 msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
 msgstr ""
+"Типове значення: nisMap (rfc2307, autofs_provider=ad), у інших випадках "
+"automountMap"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2546
+#: sssd-ldap.5.xml:2582
 msgid "ldap_autofs_map_name (string)"
 msgstr "ldap_autofs_map_name (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2549
+#: sssd-ldap.5.xml:2585
 msgid "The name of an automount map entry in LDAP."
 msgstr "Назва запису карти автоматичного монтування у LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2552
+#: sssd-ldap.5.xml:2588
 msgid ""
 "Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName"
 msgstr ""
+"Типове значення: nisMapName (rfc2307, autofs_provider=ad), у інших випадках "
+"automountMapName"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2596
 msgid "ldap_autofs_entry_object_class (string)"
 msgstr "ldap_autofs_entry_object_class (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2563
-#, fuzzy
-#| msgid ""
-#| "The key of an automount entry in LDAP. The entry usually corresponds to a "
-#| "mount point."
+#: sssd-ldap.5.xml:2599
 msgid ""
 "The object class of an automount entry in LDAP. The entry usually "
 "corresponds to a mount point."
 msgstr ""
-"Ключ запису автоматичного монтування LDAP. Цей запис зазвичай відповідає "
+"Клас об'єктів автоматичного монтування LDAP. Цей запис зазвичай відповідає "
 "точні монтування."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2568
+#: sssd-ldap.5.xml:2604
 msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
 msgstr ""
+"Типове значення: nisObject (rfc2307, autofs_provider=ad), у інших випадках "
+"automount"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2576
+#: sssd-ldap.5.xml:2612
 msgid "ldap_autofs_entry_key (string)"
 msgstr "ldap_autofs_entry_key (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2579 sssd-ldap.5.xml:2594
+#: sssd-ldap.5.xml:2615 sssd-ldap.5.xml:2630
 msgid ""
 "The key of an automount entry in LDAP. The entry usually corresponds to a "
 "mount point."
@@ -7751,24 +8123,28 @@ msgstr ""
 "точні монтування."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2583
+#: sssd-ldap.5.xml:2619
 msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
 msgstr ""
+"Типове значення: cn (rfc2307, autofs_provider=ad), у інших випадках "
+"automountKey"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2627
 msgid "ldap_autofs_entry_value (string)"
 msgstr "ldap_autofs_entry_value (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2598
+#: sssd-ldap.5.xml:2634
 msgid ""
 "Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
 "automountInformation"
 msgstr ""
+"Типове значення: nisMapEntry (rfc2307, autofs_provider=ad), у інших випадках "
+"automountInformation"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2517
+#: sssd-ldap.5.xml:2553
 msgid ""
 "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
 "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -7781,66 +8157,66 @@ msgstr ""
 "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2609
+#: sssd-ldap.5.xml:2645
 msgid "ADVANCED OPTIONS"
 msgstr "ДОДАТКОВІ ПАРАМЕТРИ"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2616
+#: sssd-ldap.5.xml:2652
 msgid "ldap_netgroup_search_base (string)"
 msgstr "ldap_netgroup_search_base (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2621
+#: sssd-ldap.5.xml:2657
 msgid "ldap_user_search_base (string)"
 msgstr "ldap_user_search_base (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2626
+#: sssd-ldap.5.xml:2662
 msgid "ldap_group_search_base (string)"
 msgstr "ldap_group_search_base (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2631
+#: sssd-ldap.5.xml:2667
 msgid "<note>"
 msgstr "<note>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2633
+#: sssd-ldap.5.xml:2669
 #, fuzzy
 #| msgid ""
 #| "If the option <quote>ldap_use_tokengroups</quote> is enabled. The "
 #| "searches against Active Directory will not be restricted and return all "
-#| "groups memberships, even with no gid mapping. It is recommended to "
+#| "groups memberships, even with no GID mapping. It is recommended to "
 #| "disable this feature, if group names are not being displayed correctly."
 msgid ""
-"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
+"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
 "memberships, even with no GID mapping. It is recommended to disable this "
 "feature, if group names are not being displayed correctly."
 msgstr ""
-"Якщо увімкнено параметр «ldap_use_tokengroup», пошук у Active Directory не "
-"буде обмежуватися і повертатиме усі дані щодо участі у групах, навіть без "
-"прив’язки до gid. Рекомендуємо вимкнути цю можливість, якщо назви груп "
-"показуються неправильно."
+"Якщо увімкнено параметр <quote>ldap_use_tokengroups</quote>, пошуки в Active "
+"Directory не буде обмежено — він повертатиме усі дані щодо участі у групах, "
+"навіть без прив'язки до GID. Рекомендуємо вимкнути цю можливість, якщо назви "
+"груп показуються неправильно."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2640
+#: sssd-ldap.5.xml:2676
 msgid "</note>"
 msgstr "</note>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2642
+#: sssd-ldap.5.xml:2678
 msgid "ldap_sudo_search_base (string)"
 msgstr "ldap_sudo_search_base (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2647
+#: sssd-ldap.5.xml:2683
 msgid "ldap_autofs_search_base (string)"
 msgstr "ldap_autofs_search_base (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2611
+#: sssd-ldap.5.xml:2647
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -7852,8 +8228,15 @@ msgstr ""
 "відомі наслідки ваших дій. <placeholder type=\"variablelist\" id=\"0\"/> "
 "<placeholder type=\"variablelist\" id=\"1\"/>"
 
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2698 sssd-simple.5.xml:131 sssd-ipa.5.xml:717
+#: sssd-ad.5.xml:1018 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+msgid "EXAMPLE"
+msgstr "ПРИКЛАД"
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2664
+#: sssd-ldap.5.xml:2700
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -7864,7 +8247,7 @@ msgstr ""
 "<replaceable>[domains]</replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2670
+#: sssd-ldap.5.xml:2706
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7884,19 +8267,20 @@ msgstr ""
 "cache_credentials = true\n"
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2669 sssd-ldap.5.xml:2687 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:681 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 include/ldap_id_mapping.xml:105
+#: sssd-ldap.5.xml:2705 sssd-ldap.5.xml:2723 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2681
+#: sssd-ldap.5.xml:2717
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr "ПРИКЛАД ФІЛЬТРА ДОСТУПУ LDAP"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2683
+#: sssd-ldap.5.xml:2719
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
@@ -7905,7 +8289,7 @@ msgstr ""
 "чином і використано ldap_access_order=lockout."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2688
+#: sssd-ldap.5.xml:2724
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -7931,13 +8315,13 @@ msgstr ""
 "cache_credentials = true\n"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2703 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2739 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1041 sssd.8.xml:195 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr "ЗАУВАЖЕННЯ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2705
+#: sssd-ldap.5.xml:2741
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -7961,17 +8345,6 @@ msgstr "модуль PAM для SSSD"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: pam_sss.8.xml:22
-#, fuzzy
-#| msgid ""
-#| "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-#| "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-#| "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-#| "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-#| "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> "
-#| "</arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> "
-#| "</arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</"
-#| "replaceable> </arg> <arg choice='opt'> <replaceable>domains=X</"
-#| "replaceable> </arg>"
 msgid ""
 "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
 "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
@@ -7991,7 +8364,9 @@ msgstr ""
 "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
 "arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
 "arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>prompt_always</replaceable> </arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: pam_sss.8.xml:58
@@ -8148,10 +8523,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:166
-#, fuzzy
-#| msgid "<option>domains</option>"
 msgid "<option>allow_missing_name</option>"
-msgstr "<option>domains</option>"
+msgstr "<option>allow_missing_name</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:170
@@ -8159,6 +8532,8 @@ msgid ""
 "The main purpose of this option is to let SSSD determine the user name based "
 "on additional information, e.g. the certificate from a Smartcard."
 msgstr ""
+"Основним призначенням цього параметра є надання SSSD змоги визначати ім'я "
+"користувача на основі додаткових даних, наприклад сертифіката зі смарткартки."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
 #: pam_sss.8.xml:180
@@ -8167,6 +8542,8 @@ msgid ""
 "auth sufficient pam_sss.so allow_missing_name\n"
 "                        "
 msgstr ""
+"auth sufficient pam_sss.so allow_missing_name\n"
+"                        "
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:175
@@ -8178,13 +8555,18 @@ msgid ""
 "the content of the Smartcard, returns it to pam_sss which will finally put "
 "it on the PAM stack."
 msgstr ""
+"Поточним основним призначенням є засоби керування входом до системи, які "
+"можуть спостерігати за подіями обробки карток на засобі читання смарткарток. "
+"Щойно буде вставлено смарткартку, засіб керування входом до системи викличе "
+"стос PAM, до якого включено рядок, подібний до <placeholder type="
+"\"programlisting\" id=\"0\"/> Якщо SSSD спробує визначити ім'я користувача "
+"на основі вмісту смарткартки, повертає його до pam_sss, який, нарешті, "
+"передасть його стосу PAM."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: pam_sss.8.xml:190
-#, fuzzy
-#| msgid "<option>domains</option>"
 msgid "<option>prompt_always</option>"
-msgstr "<option>domains</option>"
+msgstr "<option>prompt_always</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: pam_sss.8.xml:194
@@ -8195,6 +8577,12 @@ msgid ""
 "SSSD pam_sss might prompt for a password, a Smartcard PIN or other "
 "credentials."
 msgstr ""
+"Завжди запитувати у користувача реєстраційні дані. Якщо використано цей "
+"параметр, реєстраційні дані, запит на які надійшов від інших модулів PAM, "
+"типово, пароль, буде проігноровано, а pam_sss надсилатиме запит щодо "
+"реєстраційних даних знову. На основі відповіді на попереднє розпізнавання "
+"від SSSD pam_sss може надіслати запит щодо пароля, пін-коду смарткартки або "
+"інших реєстраційних даних."
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: pam_sss.8.xml:207
@@ -8336,17 +8724,14 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd_krb5_locator_plugin.8.xml:73
-#, fuzzy
-#| msgid ""
-#| "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-#| "debug messages will be sent to stderr."
 msgid ""
 "If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value "
 "the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the "
 "caller."
 msgstr ""
-"Якщо встановлено будь-яке значення змінної середовища "
-"SSSD_KRB5_LOCATOR_DEBUG, діагностичні повідомлення надсилатимуться до stderr."
+"Якщо встановлено будь-яке значення для змінної середовища "
+"SSSD_KRB5_LOCATOR_DISABLE, додаток буде вимкнено і поверне функції виклику "
+"лише KRB5_PLUGIN_NO_HANDLE."
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-simple.5.xml:10 sssd-simple.5.xml:16
@@ -8371,7 +8756,7 @@ msgstr ""
 "На цій сторінці довідника описано налаштування простого засобу керування "
 "доступом для <citerefentry> <refentrytitle>sssd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry>. Щоб дізнатися більше про синтаксис "
-"налаштування, зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника "
+"налаштування, зверніться до розділу «ФОРМАТ ФАЙЛА» сторінки довідника "
 "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>."
 
@@ -8549,12 +8934,12 @@ msgstr ""
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss-certmap.5.xml:10 sss-certmap.5.xml:16
 msgid "sss-certmap"
-msgstr ""
+msgstr "sss-certmap"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss-certmap.5.xml:17
 msgid "SSSD Certificate Matching and Mapping Rules"
-msgstr ""
+msgstr "Правила встановлення відповідності і прив'язування сертифікатів SSSD"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss-certmap.5.xml:23
@@ -8562,6 +8947,9 @@ msgid ""
 "The manual page describes the rules which can be used by SSSD and other "
 "components to match X.509 certificates and map them to accounts."
 msgstr ""
+"На цій сторінці підручника описано правила, якими можна скористатися у SSSD "
+"та інших компонентах для встановлення відповідності сертифікатів X.509 та "
+"прив'язування їх до облікових записів."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss-certmap.5.xml:28
@@ -8576,24 +8964,43 @@ msgid ""
 "encoded binary. If no domains are given only the local domain will be "
 "searched."
 msgstr ""
+"У кожного правила чотири компоненти — <quote>пріоритетність</quote>, "
+"<quote>правило встановлення відповідності</quote>, <quote>правило прив'язки</"
+"quote> і <quote>список доменів</quote>. Усі компоненти є необов'язковими. "
+"Якщо не вказано <quote>пріоритетність</quote>, буде додано правило із "
+"найнижчою пріоритетністю. Типове <quote>правило встановлення відповідності</"
+"quote> встановлює відповідність сертифікатів із використанням ключів "
+"digitalSignature і розширеним використанням ключів clientAuth. Якщо "
+"<quote>правило прив'язки</quote> є порожнім, сертифікати шукатимуться у "
+"атрибуті userCertificate у форматі закодованих двійкових даних DER. Якщо не "
+"буде вказано доменів, пошук відбуватиметься у локальному домені."
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sss-certmap.5.xml:41
 msgid "RULE COMPONENTS"
-msgstr ""
+msgstr "КОМПОНЕНТИ ПРАВИЛ"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sss-certmap.5.xml:43
 msgid "PRIORITY"
-msgstr ""
+msgstr "ПРІОРИТЕТНІСТЬ"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:45
+#, fuzzy
+#| msgid ""
+#| "The rules are process by priority while the number '0' (zero)  indicates "
+#| "the highest priority. The higher the number the lower is the priority. A "
+#| "missing value indicates the lowest priority."
 msgid ""
-"The rules are process by priority while the number '0' (zero)  indicates the "
-"highest priority. The higher the number the lower is the priority. A missing "
-"value indicates the lowest priority."
+"The rules are processed by priority while the number '0' (zero)  indicates "
+"the highest priority. The higher the number the lower is the priority. A "
+"missing value indicates the lowest priority."
 msgstr ""
+"Правила оброблятимуться за пріоритетністю, номер «0» (нуль) відповідає "
+"найвищому рівню пріоритетності. Чим більшим є значення, тим нижчою є "
+"пріоритетність. Якщо значення не вказано, пріоритетність вважається "
+"найнижчою."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:50
@@ -8601,11 +9008,14 @@ msgid ""
 "Internally the priority is treated as unsigned 32bit integer, using a "
 "priority value larger than 4294967295 will cause an error."
 msgstr ""
+"На внутрішньому рівні пріоритетність визначається 32-бітовим цілим числом "
+"без знаку. Використання значення пріоритетності, що перевищує 4294967295, "
+"призводитиме до виведення повідомлення про помилку."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sss-certmap.5.xml:55
 msgid "MATCHING RULE"
-msgstr ""
+msgstr "ПРАВИЛО ВІДПОВІДНОСТІ"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:57
@@ -8618,11 +9028,19 @@ msgid ""
 "Multiple keyword pattern pairs can be either joined with '&amp;&amp;' (and) "
 "or '&#124;&#124;' (or)."
 msgstr ""
+"Правило встановлення відповідності використовується для вибору сертифіката, "
+"до якого слід застосовувати правило прив'язки. У цьому використовується "
+"система, подібна до використаної у параметрі <quote>pkinit_cert_match</"
+"quote> Kerberos MIT. Правило складається з ключового слова між символами "
+"«&lt;» і «&gt;», яке визначає певну частину сертифіката, і взірцем, який має "
+"бути знайдено, для встановлення відповідності правила. Декілька пар ключове "
+"слово-взірець можна сполучати за допомогою логічних операторів «&amp;"
+"&amp;» (та) або «&#124;&#124;» (або)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:69
 msgid "&lt;SUBJECT&gt;regular-expression"
-msgstr ""
+msgstr "&lt;SUBJECT&gt;формальний-вираз"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:72
@@ -8631,6 +9049,10 @@ msgid ""
 "matched. For the matching POSIX Extended Regular Expression syntax is used, "
 "see regex(7)  for details."
 msgstr ""
+"За допомогою цього компонент можна встановлювати відповідність частини або "
+"усього запису призначення. Для встановлення відповідності використовується "
+"синтаксис розширених формальних виразів POSIX. Докладніший опис синтаксису "
+"можна знайти на сторінці підручника regex(7)."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:78
@@ -8644,16 +9066,25 @@ msgid ""
 "confusion those attribute names are best not used or covered by a suitable "
 "regular-expression."
 msgstr ""
+"Для встановлення відповідності запис призначення, що зберігається у "
+"сертифікаті у форматі кодованого DER ASN.1, буде перетворено на текстовий "
+"рядок відповідно до RFC 4514. Це означає, що першою у рядку буде "
+"найспецифічніша компонента. Будь ласка, зауважте, що у RFC 4514 описано не "
+"усі можливі назви атрибутів. Включеними вважаються такі назви: «CN», «L», "
+"«ST», «O», «OU», «C», «STREET», «DC» і «UID». Назви інших атрибутів може "
+"бути показано у різний спосіб на різних платформах і у різних інструментах. "
+"Щоб уникнути двозначностей, не варто використовувати ці атрибути і вживати "
+"їх у відповідних формальних виразах."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:91
 msgid "Example: &lt;SUBJECT&gt;.*,DC=MY,DC=DOMAIN"
-msgstr ""
+msgstr "Приклад: &lt;SUBJECT&gt;.*,DC=MY,DC=DOMAIN"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:96
 msgid "&lt;ISSUER&gt;regular-expression"
-msgstr ""
+msgstr "&lt;ISSUER&gt;формальний-вираз"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:99
@@ -8661,68 +9092,78 @@ msgid ""
 "With this a part or the whole issuer name of the certificate can be matched. "
 "All comments for &lt;SUBJECT&gt; apply her as well."
 msgstr ""
+"За допомогою цього компонент можна встановлювати відповідність частини або "
+"усього запису видавця. Цього запису стосуються усі коментарі щодо &lt;"
+"SUBJECT&gt;."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:104
 msgid "Example: &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$"
-msgstr ""
+msgstr "Приклад: &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:109
 msgid "&lt;KU&gt;key-usage"
-msgstr ""
+msgstr "&lt;KU&gt;використання-ключа"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:112
+#, fuzzy
+#| msgid ""
+#| "This option can be used to specify which key usage values the certificate "
+#| "should have. The following value can be used in a comma separate list:"
 msgid ""
 "This option can be used to specify which key usage values the certificate "
-"should have. The following value can be used in a comma separate list:"
+"should have. The following values can be used in a comma separated list:"
 msgstr ""
+"За допомогою цього параметра можна визначити значення використання ключа, "
+"які повинен містити сертифікат. У списку значень, відокремлених комами, "
+"можна використовувати такі значення:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sss-certmap.5.xml:116
 msgid "digitalSignature"
-msgstr ""
+msgstr "digitalSignature"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sss-certmap.5.xml:117
 msgid "nonRepudiation"
-msgstr ""
+msgstr "nonRepudiation"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sss-certmap.5.xml:118
 msgid "keyEncipherment"
-msgstr ""
+msgstr "keyEncipherment"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sss-certmap.5.xml:119
 msgid "dataEncipherment"
-msgstr ""
+msgstr "dataEncipherment"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sss-certmap.5.xml:120
 msgid "keyAgreement"
-msgstr ""
+msgstr "keyAgreement"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sss-certmap.5.xml:121
 msgid "keyCertSign"
-msgstr ""
+msgstr "keyCertSign"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sss-certmap.5.xml:122
 msgid "cRLSign"
-msgstr ""
+msgstr "cRLSign"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sss-certmap.5.xml:123
 msgid "encipherOnly"
-msgstr ""
+msgstr "encipherOnly"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sss-certmap.5.xml:124
 msgid "decipherOnly"
-msgstr ""
+msgstr "decipherOnly"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:128
@@ -8730,16 +9171,18 @@ msgid ""
 "A numerical value in the range of a 32bit unsigned integer can be used as "
 "well to cover special use cases."
 msgstr ""
+"Для спеціальних випадків можна також використати числове значення у "
+"діапазоні 32-бітових цілих чисел без знаку."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:132
 msgid "Example: &lt;KU&gt;digitalSignature,keyEncipherment"
-msgstr ""
+msgstr "Приклад: &lt;KU&gt;digitalSignature,keyEncipherment"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:137
 msgid "&lt;EKU&gt;extended-key-usage"
-msgstr ""
+msgstr "&lt;EKU&gt;розширене-використання-ключа"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:140
@@ -8747,51 +9190,54 @@ msgid ""
 "This option can be used to specify which extended key usage the certificate "
 "should have. The following value can be used in a comma separated list:"
 msgstr ""
+"За допомогою цього параметра можна визначити значення розширеного "
+"використання ключа, які повинен містити сертифікат. У списку значень, "
+"відокремлених комами, можна використовувати такі значення:"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sss-certmap.5.xml:144
 msgid "serverAuth"
-msgstr ""
+msgstr "serverAuth"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sss-certmap.5.xml:145
 msgid "clientAuth"
-msgstr ""
+msgstr "clientAuth"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sss-certmap.5.xml:146
 msgid "codeSigning"
-msgstr ""
+msgstr "codeSigning"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sss-certmap.5.xml:147
 msgid "emailProtection"
-msgstr ""
+msgstr "emailProtection"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sss-certmap.5.xml:148
 msgid "timeStamping"
-msgstr ""
+msgstr "timeStamping"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sss-certmap.5.xml:149
 msgid "OCSPSigning"
-msgstr ""
+msgstr "OCSPSigning"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sss-certmap.5.xml:150
 msgid "KPClientAuth"
-msgstr ""
+msgstr "KPClientAuth"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sss-certmap.5.xml:151
 msgid "pkinit"
-msgstr ""
+msgstr "pkinit"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sss-certmap.5.xml:152
 msgid "msScLogin"
-msgstr ""
+msgstr "msScLogin"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:156
@@ -8799,16 +9245,18 @@ msgid ""
 "Extended key usages which are not listed above can be specified with their "
 "OID in dotted-decimal notation."
 msgstr ""
+"Розширені використання ключа, які не потрапили до вказаного вище списку, "
+"можна визначити за допомогою їхнього OID у точково-десятковому позначенні."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:160
 msgid "Example: &lt;EKU&gt;clientAuth,1.3.6.1.5.2.3.4"
-msgstr ""
+msgstr "Приклад: &lt;EKU&gt;clientAuth,1.3.6.1.5.2.3.4"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:165
 msgid "&lt;SAN&gt;regular-expression"
-msgstr ""
+msgstr "&lt;SAN&gt;формальний-вираз"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:168
@@ -8817,61 +9265,67 @@ msgid ""
 "Kerberos principals in the PKINIT or AD NT Principal SAN as &lt;SAN:"
 "Principal&gt; does."
 msgstr ""
+"Для сумісності із використанням Kerberos MIT цей параметр встановлюватиме "
+"відповідність реєстраційних даних Kerberos у PKINIT або AD NT Principal SAN "
+"так, як це робить &lt;SAN:Principal&gt;."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:173
 msgid "Example: &lt;SAN&gt;.*@MY\\.REALM"
-msgstr ""
+msgstr "Приклад: &lt;SAN&gt;.*@MY\\.REALM"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:178
 msgid "&lt;SAN:Principal&gt;regular-expression"
-msgstr ""
+msgstr "&lt;SAN:Principal&gt;формальний-вираз"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:181
 msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN."
 msgstr ""
+"Встановити відповідність реєстраційних даних Kerberos у PKINIT або AD NT "
+"Principal SAN."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:185
 msgid "Example: &lt;SAN:Principal&gt;.*@MY\\.REALM"
-msgstr ""
+msgstr "Приклад: &lt;SAN:Principal&gt;.*@MY\\.REALM"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:190
 msgid "&lt;SAN:ntPrincipalName&gt;regular-expression"
-msgstr ""
+msgstr "&lt;SAN:ntPrincipalName&gt;формальний-вираз"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:193
 msgid "Match the Kerberos principals from the AD NT Principal SAN."
 msgstr ""
+"Встановити відповідність реєстраційних даних Kerberos з AD NT Principal SAN."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:197
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY.AD.REALM"
-msgstr ""
+msgstr "Приклад: &lt;SAN:ntPrincipalName&gt;.*@MY.AD.REALM"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:202
 msgid "&lt;SAN:pkinit&gt;regular-expression"
-msgstr ""
+msgstr "&lt;SAN:pkinit&gt;формальний-вираз"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:205
 msgid "Match the Kerberos principals from the PKINIT SAN."
-msgstr ""
+msgstr "Встановити відповідність реєстраційних даних Kerberos з SAN PKINIT."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:208
 msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY\\.PKINIT\\.REALM"
-msgstr ""
+msgstr "Приклад: &lt;SAN:ntPrincipalName&gt;.*@MY\\.PKINIT\\.REALM"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:213
 msgid "&lt;SAN:dotted-decimal-oid&gt;regular-expression"
-msgstr ""
+msgstr "&lt;SAN:dotted-decimal-oid&gt;формальний-вираз"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:216
@@ -8880,16 +9334,19 @@ msgid ""
 "decimal notation, interpret it as string and try to match it against the "
 "regular expression."
 msgstr ""
+"Отримати значення компонента SAN otherName, яке задано OID у крапково-"
+"десятковому позначенні, обробити його як рядок і спробувати встановити "
+"відповідність формальному виразу."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:222
 msgid "Example: &lt;SAN:1.2.3.4&gt;test"
-msgstr ""
+msgstr "Приклад: &lt;SAN:1.2.3.4&gt;test"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:227
 msgid "&lt;SAN:otherName&gt;base64-string"
-msgstr ""
+msgstr "&lt;SAN:otherName&gt;base64-string"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:230
@@ -8899,61 +9356,65 @@ msgid ""
 "otherName components with special encodings which could not be treated as "
 "strings."
 msgstr ""
+"Виконати спробу встановлення двійкової відповідності блоку у кодуванні "
+"base64 із усіма компонентами SAN otherName. За допомогою цього параметра "
+"можна встановлювати відповідність із нетиповими компонентами otherName із "
+"особливими кодуваннями, які не можна обробляти як рядки."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:237
 msgid "Example: &lt;SAN:otherName&gt;MTIz"
-msgstr ""
+msgstr "Приклад: &lt;SAN:otherName&gt;MTIz"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:242
 msgid "&lt;SAN:rfc822Name&gt;regular-expression"
-msgstr ""
+msgstr "&lt;SAN:rfc822Name&gt;формальний-вираз"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:245
 msgid "Match the value of the rfc822Name SAN."
-msgstr ""
+msgstr "Встановити відповідність значення SAN rfc822Name."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:248
 msgid "Example: &lt;SAN:rfc822Name&gt;.*@email\\.domain"
-msgstr ""
+msgstr "Приклад: &lt;SAN:rfc822Name&gt;.*@email\\.domain"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:253
 msgid "&lt;SAN:dNSName&gt;regular-expression"
-msgstr ""
+msgstr "&lt;SAN:dNSName&gt;формальний-вираз"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:256
 msgid "Match the value of the dNSName SAN."
-msgstr ""
+msgstr "Встановити відповідність значення SAN dNSName."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:259
 msgid "Example: &lt;SAN:dNSName&gt;.*\\.my\\.dns\\.domain"
-msgstr ""
+msgstr "Приклад: &lt;SAN:dNSName&gt;.*\\.my\\.dns\\.domain"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:264
 msgid "&lt;SAN:x400Address&gt;base64-string"
-msgstr ""
+msgstr "&lt;SAN:x400Address&gt;рядок-base64"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:267
 msgid "Binary match the value of the x400Address SAN."
-msgstr ""
+msgstr "Встановити двійкову відповідність значення SAN x400Address."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:270
 msgid "Example: &lt;SAN:x400Address&gt;MTIz"
-msgstr ""
+msgstr "Приклад: &lt;SAN:x400Address&gt;MTIz"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:275
 msgid "&lt;SAN:directoryName&gt;regular-expression"
-msgstr ""
+msgstr "&lt;SAN:directoryName&gt;формальний-вираз"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:278
@@ -8961,90 +9422,86 @@ msgid ""
 "Match the value of the directoryName SAN. The same comments as given for &lt;"
 "ISSUER&gt; and &lt;SUBJECT&gt; apply here as well."
 msgstr ""
+"Встановити відповідність значення SAN directoryName. Цього параметра "
+"стосуються ті самі коментарі, які було вказано для параметрів &lt;ISSUER&gt; "
+"та &lt;SUBJECT&gt;."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:283
 msgid "Example: &lt;SAN:directoryName&gt;.*,DC=com"
-msgstr ""
+msgstr "Приклад: &lt;SAN:directoryName&gt;.*,DC=com"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:288
 msgid "&lt;SAN:ediPartyName&gt;base64-string"
-msgstr ""
+msgstr "&lt;SAN:ediPartyName&gt;рядок-base64"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:291
 msgid "Binary match the value of the ediPartyName SAN."
-msgstr ""
+msgstr "Встановити двійкову відповідність значення SAN ediPartyName."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:294
 msgid "Example: &lt;SAN:ediPartyName&gt;MTIz"
-msgstr ""
+msgstr "Приклад: &lt;SAN:ediPartyName&gt;MTIz"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:299
 msgid "&lt;SAN:uniformResourceIdentifier&gt;regular-expression"
-msgstr ""
+msgstr "&lt;SAN:uniformResourceIdentifier&gt;формальний-вираз"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:302
 msgid "Match the value of the uniformResourceIdentifier SAN."
-msgstr ""
+msgstr "Встановити відповідність значення SAN uniformResourceIdentifier."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:305
 msgid "Example: &lt;SAN:uniformResourceIdentifier&gt;URN:.*"
-msgstr ""
+msgstr "Приклад: &lt;SAN:uniformResourceIdentifier&gt;URN:.*"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:310
 msgid "&lt;SAN:iPAddress&gt;regular-expression"
-msgstr ""
+msgstr "&lt;SAN:iPAddress&gt;формальний-вираз"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:313
 msgid "Match the value of the iPAddress SAN."
-msgstr ""
+msgstr "Встановити відповідність значення SAN iPAddress."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:316
 msgid "Example: &lt;SAN:iPAddress&gt;192\\.168\\..*"
-msgstr ""
+msgstr "Приклад: &lt;SAN:iPAddress&gt;192\\.168\\..*"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:321
 msgid "&lt;SAN:registeredID&gt;regular-expression"
-msgstr ""
+msgstr "&lt;SAN:registeredID&gt;формальний-вираз"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:324
 msgid "Match the value of the registeredID SAN as dotted-decimal string."
 msgstr ""
+"Встановити значення SAN registeredID у форматі точково-десяткового рядка."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:328
 msgid "Example: &lt;SAN:registeredID&gt;1\\.2\\.3\\..*"
-msgstr ""
+msgstr "Приклад: &lt;SAN:registeredID&gt;1\\.2\\.3\\..*"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:66
-#, fuzzy
-#| msgid ""
-#| "The following expansions are supported: <placeholder type=\"variablelist"
-#| "\" id=\"0\"/>"
 msgid ""
 "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-"Передбачено використання таких замінників: <placeholder type=\"variablelist"
-"\" id=\"0\"/>"
+msgstr "Доступні варіанти: <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sss-certmap.5.xml:336
-#, fuzzy
-#| msgid "ID MAPPING"
 msgid "MAPPING RULE"
-msgstr "ВСТАНОВЛЕННЯ ВІДПОВІДНОСТІ ІДЕНТИФІКАТОРІВ"
+msgstr "ПРАВИЛО ПРИВʼЯЗУВАННЯ"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:338
@@ -9053,18 +9510,40 @@ msgid ""
 "accounts. A Smartcard with the certificate and the matching private key can "
 "then be used to authenticate as one of those accounts."
 msgstr ""
+"Правило прив'язки використовується для пов'язування сертифіката із одним або "
+"декількома обліковими записами. Далі, смарткарткою із сертифікатом та "
+"відповідним закритим ключем можна скористатися для розпізнавання за одним з "
+"цих облікових записів."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:343
+#, fuzzy
+#| msgid ""
+#| "Currently SSSD basically only supports LDAP to lookup user information "
+#| "(the exception is the proxy provider which is not of relevance here). "
+#| "Because of this the mapping rule is based on LDAP search filter syntax "
+#| "with templates to add certificate content to the filter. It is expected "
+#| "that the filter will only contain the specific data needed for the "
+#| "mapping an that the caller will embed it in another filter to do the "
+#| "actual search. Because of this the filter string should start and stop "
+#| "with '(' and ')' respectively."
 msgid ""
 "Currently SSSD basically only supports LDAP to lookup user information (the "
 "exception is the proxy provider which is not of relevance here). Because of "
 "this the mapping rule is based on LDAP search filter syntax with templates "
 "to add certificate content to the filter. It is expected that the filter "
-"will only contain the specific data needed for the mapping an that the "
+"will only contain the specific data needed for the mapping and that the "
 "caller will embed it in another filter to do the actual search. Because of "
 "this the filter string should start and stop with '(' and ')' respectively."
 msgstr ""
+"У поточній версії SSSD на базовому рівні підтримує пошук даних користувачів "
+"лише у LDAP (винятком є лише засіб надання проксі, який у цьому контексті є "
+"недоречним). Через це правило прив'язки засновано на синтаксисі фільтрування "
+"пошуку LDAP з шаблонами для додавання вмісту сертифікатів до фільтра. "
+"Очікується, що цей фільтр міститиме лише специфічні дані, потрібні для "
+"прив'язки, яку функція виклику вбудовуватиме до іншого фільтра для виконання "
+"справжнього пошуку. Через це рядок фільтрування має починатися із "
+"завершуватися «(» і «)», відповідно."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:353
@@ -9074,21 +9553,37 @@ msgid ""
 "'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute "
 "for IPA can be used."
 msgstr ""
+"Загалом, рекомендується використовувати атрибути з сертифіката і додати їх "
+"до спеціальних атрибутів об'єкта користувача LDAP. Наприклад, можна "
+"скористатися атрибутом «altSecurityIdentities» у AD або атрибутом "
+"«ipaCertMapData» для IPA."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:359
+#, fuzzy
+#| msgid ""
+#| "This should be preferred to read user specific data from the certificate "
+#| "like e.g. an email address and search for it in the LDAP server. The "
+#| "reason is that the user specific data in LDAP might change for various "
+#| "reasons would would break the mapping. On the other hand it would be hard "
+#| "to break the mapping on purpose for a specific user."
 msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
 "is that the user specific data in LDAP might change for various reasons "
-"would would break the mapping. On the other hand it would be hard to break "
-"the mapping on purpose for a specific user."
+"would break the mapping. On the other hand it would be hard to break the "
+"mapping on purpose for a specific user."
 msgstr ""
+"Бажаним шляхом є читання із сертифіката специфічних для користувача даних, "
+"наприклад адреси електронної пошти, і пошук цих даних на сервері LDAP. "
+"Причиною є те, що специфічні для користувача дані у LDAP можу бути з різних "
+"причин змінено, що розірве прив'язку. З іншого боку, якщо скористатися "
+"бажаним шляхом, розірвати прив'язку буде важко."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:374
 msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
-msgstr ""
+msgstr "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:377
@@ -9097,6 +9592,9 @@ msgid ""
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
 "the '_x500' prefix should be used."
 msgstr ""
+"Цей шаблон додасть повний DN видавця, перетворений на рядок відповідно до "
+"RFC 4514. Якщо використано упорядковування X.500 (найспецифічніший RDN "
+"стоїть останнім), буде використано параметр із префіксом «_x500»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:383 sss-certmap.5.xml:409
@@ -9104,6 +9602,9 @@ msgid ""
 "The conversion options starting with 'ad_' will use attribute names as used "
 "by AD, e.g. 'S' instead of 'ST'."
 msgstr ""
+"У варіантах перетворення, назви яких починаються з «ad_», "
+"використовуватимуться назви атрибутів, які використовуються AD, наприклад "
+"«S», замість «ST»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:387 sss-certmap.5.xml:413
@@ -9111,6 +9612,8 @@ msgid ""
 "The conversion options starting with 'nss_' will use attribute names as used "
 "by NSS."
 msgstr ""
+"У варіантах перетворення, назви яких починаються з «nss_», "
+"використовуватимуться назви атрибутів, які використовуються NSS."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:391 sss-certmap.5.xml:417
@@ -9118,6 +9621,8 @@ msgid ""
 "The default conversion option is 'nss', i.e. attribute names according to "
 "NSS and LDAP/RFC 4514 ordering."
 msgstr ""
+"Типовим варіантом перетворення є «nss», тобто назви атрибутів відповідно до "
+"NSS і упорядковування за LDAP/RFC 4514."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:395
@@ -9125,11 +9630,13 @@ msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!ad}&lt;S&gt;{subject_dn!"
 "ad})"
 msgstr ""
+"Приклад: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!ad}&lt;S&gt;{subject_dn!"
+"ad})"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:400
 msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
-msgstr ""
+msgstr "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:403
@@ -9138,6 +9645,9 @@ msgid ""
 "RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
 "the '_x500' prefix should be used."
 msgstr ""
+"Цей шаблон додасть повний DN призначення, перетворений на рядок відповідно "
+"до RFC 4514. Якщо використано упорядковування X.500 (найспецифічніший RDN "
+"стоїть останнім), буде використано параметр із префіксом «_x500»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:421
@@ -9145,11 +9655,13 @@ msgid ""
 "Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!nss_x500}&lt;S&gt;"
 "{subject_dn!nss_x500})"
 msgstr ""
+"Приклад: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!nss_x500}&lt;S&gt;"
+"{subject_dn!nss_x500})"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:426
 msgid "{cert[!(bin|base64)]}"
-msgstr ""
+msgstr "{cert[!(bin|base64)]}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:429
@@ -9160,24 +9672,38 @@ msgid ""
 "hex sequence is the default and can e.g. be used with the LDAP attribute "
 "'userCertificate;binary'."
 msgstr ""
+"Цей шаблон додасть увесь сертифікат у кодуванні DER як рядок до фільтра "
+"пошуку. Залежно від параметра перетворення, двійковий сертифікат або буде "
+"преетворено на екрановану послідовність шістнадцяткових чисел у форматі "
+"«\\xx», або на код base64. Типовим варіантом є екранована шістнадцяткова "
+"послідовність, її може бути, наприклад, використано з атрибутом LDAP "
+"«userCertificate;binary»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:437
 msgid "Example: (userCertificate;binary={cert!bin})"
-msgstr ""
+msgstr "Приклад: (userCertificate;binary={cert!bin})"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:442
 msgid "{subject_principal[.short_name]}"
-msgstr ""
+msgstr "{subject_principal[.short_name]}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:445
+#, fuzzy
+#| msgid ""
+#| "This template will add the Kerberos principal which is taken either from "
+#| "the SAN used by pkinit or the one used by AD. The 'short_name' component "
+#| "represent the first part of the principal before the '@' sign."
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
-"represent the first part of the principal before the '@' sign."
+"represents the first part of the principal before the '@' sign."
 msgstr ""
+"Цей шаблон додасть реєстраційні дані Kerberos, які буде взято або з SAN, "
+"який використовується pkinit, або з реєстраційних даних AD. Компонент "
+"«short_name» відповідає першій частині реєстраційного запису до символу «@»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:451 sss-certmap.5.xml:479
@@ -9185,19 +9711,29 @@ msgid ""
 "Example: (|(userPrincipal={subject_principal})"
 "(samAccountName={subject_principal.short_name}))"
 msgstr ""
+"Приклад: (|(userPrincipal={subject_principal})"
+"(samAccountName={subject_principal.short_name}))"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:456
 msgid "{subject_pkinit_principal[.short_name]}"
-msgstr ""
+msgstr "{subject_pkinit_principal[.short_name]}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:459
+#, fuzzy
+#| msgid ""
+#| "This template will add the Kerberos principal which is given by then SAN "
+#| "used by pkinit. The 'short_name' component represent the first part of "
+#| "the principal before the '@' sign."
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by pkinit. The 'short_name' component represent the first part of the "
+"This template will add the Kerberos principal which is given by the SAN used "
+"by pkinit. The 'short_name' component represents the first part of the "
 "principal before the '@' sign."
 msgstr ""
+"Цей шаблон додасть реєстраційні дані Kerberos, які буде передано SAN, що "
+"використовується pkinit. Компонент «short_name» відповідає першій частині "
+"реєстраційного запису до символу «@»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:465
@@ -9205,32 +9741,50 @@ msgid ""
 "Example: (|(userPrincipal={subject_pkinit_principal})"
 "(uid={subject_pkinit_principal.short_name}))"
 msgstr ""
+"Приклад: (|(userPrincipal={subject_pkinit_principal})"
+"(uid={subject_pkinit_principal.short_name}))"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:470
 msgid "{subject_nt_principal[.short_name]}"
-msgstr ""
+msgstr "{subject_nt_principal[.short_name]}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:473
+#, fuzzy
+#| msgid ""
+#| "This template will add the Kerberos principal which is given by then SAN "
+#| "used by AD. The 'short_name' component represent the first part of the "
+#| "principal before the '@' sign."
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by AD. The 'short_name' component represent the first part of the "
-"principal before the '@' sign."
+"This template will add the Kerberos principal which is given by the SAN used "
+"by AD. The 'short_name' component represent the first part of the principal "
+"before the '@' sign."
 msgstr ""
+"Цей шаблон додасть реєстраційні дані Kerberos, які буде передано SAN, що "
+"використовується AD. Компонент «short_name» відповідає першій частині "
+"реєстраційного запису до символу «@»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:484
 msgid "{subject_rfc822_name[.short_name]}"
-msgstr ""
+msgstr "{subject_rfc822_name[.short_name]}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:487
+#, fuzzy
+#| msgid ""
+#| "This template will add the string which is stored in the rfc822Name "
+#| "component of the SAN, typically an email address. The 'short_name' "
+#| "component represent the first part of the address before the '@' sign."
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
-"represent the first part of the address before the '@' sign."
+"represents the first part of the address before the '@' sign."
 msgstr ""
+"Цей шаблон додасть рядок, який зберігається у компоненті rfc822Name SAN, "
+"типово, адресу електронної пошти. Компонент «short_name» відповідає першій "
+"частині адреси до символу «@»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:493
@@ -9238,30 +9792,42 @@ msgid ""
 "Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name."
 "short_name}))"
 msgstr ""
+"Приклад: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name."
+"short_name}))"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:498
 msgid "{subject_dns_name[.short_name]}"
-msgstr ""
+msgstr "{subject_dns_name[.short_name]}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:501
+#, fuzzy
+#| msgid ""
+#| "This template will add the string which is stored in the dNSName "
+#| "component of the SAN, typically a fully-qualified host name.  The "
+#| "'short_name' component represent the first part of the name before the "
+#| "first '.' sign."
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
-"component represent the first part of the name before the first '.' sign."
+"component represents the first part of the name before the first '.' sign."
 msgstr ""
+"Цей шаблон додасть рядок, який зберігається у компоненті dNSName SAN, "
+"типово, повну назву вузла. Компонент «short_name» відповідає першій частині "
+"назви до першого символу «.»."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:507
 msgid ""
 "Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))"
 msgstr ""
+"Приклад: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:512
 msgid "{subject_uri}"
-msgstr ""
+msgstr "{subject_uri}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:515
@@ -9269,33 +9835,35 @@ msgid ""
 "This template will add the string which is stored in the "
 "uniformResourceIdentifier component of the SAN."
 msgstr ""
+"Цей шаблон додає рядок, який зберігається у компоненті "
+"uniformResourceIdentifier SAN."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:519
 msgid "Example: (uri={subject_uri})"
-msgstr ""
+msgstr "Приклад: (uri={subject_uri})"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:524
 msgid "{subject_ip_address}"
-msgstr ""
+msgstr "{subject_ip_address}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:527
 msgid ""
 "This template will add the string which is stored in the iPAddress component "
 "of the SAN."
-msgstr ""
+msgstr "Цей шаблон додає рядок, який зберігається у компоненті iPAddress SAN."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:531
 msgid "Example: (ip={subject_ip_address})"
-msgstr ""
+msgstr "Приклад: (ip={subject_ip_address})"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:536
 msgid "{subject_x400_address}"
-msgstr ""
+msgstr "{subject_x400_address}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:539
@@ -9303,17 +9871,20 @@ msgid ""
 "This template will add the value which is stored in the x400Address "
 "component of the SAN as escaped hex sequence."
 msgstr ""
+"Цей шаблон додає значення, яке зберігається у компоненті x400Address SAN як "
+"послідовність екранованих шістнадцяткових чисел."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:544
 msgid "Example: (attr:binary={subject_x400_address})"
-msgstr ""
+msgstr "Приклад: (attr:binary={subject_x400_address})"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:549
 msgid ""
 "{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 msgstr ""
+"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:552
@@ -9321,16 +9892,18 @@ msgid ""
 "This template will add the DN string of the value which is stored in the "
 "directoryName component of the SAN."
 msgstr ""
+"Цей шаблон додасть рядок DN значення, яке зберігається у компоненті "
+"directoryName SAN."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:556
 msgid "Example: (orig_dn={subject_directory_name})"
-msgstr ""
+msgstr "Приклад: (orig_dn={subject_directory_name})"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:561
 msgid "{subject_ediparty_name}"
-msgstr ""
+msgstr "{subject_ediparty_name}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:564
@@ -9338,16 +9911,18 @@ msgid ""
 "This template will add the value which is stored in the ediPartyName "
 "component of the SAN as escaped hex sequence."
 msgstr ""
+"Цей шаблон додає значення, яке зберігається у компоненті ediPartyName SAN як "
+"послідовність екранованих шістнадцяткових чисел."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:569
 msgid "Example: (attr:binary={subject_ediparty_name})"
-msgstr ""
+msgstr "Приклад: (attr:binary={subject_ediparty_name})"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
 #: sss-certmap.5.xml:574
 msgid "{subject_registered_id}"
-msgstr ""
+msgstr "{subject_registered_id}"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:577
@@ -9355,28 +9930,40 @@ msgid ""
 "This template will add the OID which is stored in the registeredID component "
 "of the SAN as as dotted-decimal string."
 msgstr ""
+"Цей шаблон додає OID, який зберігається у компоненті registeredID SAN у "
+"форматі точково-десяткового рядка."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:582
 msgid "Example: (oid={subject_registered_id})"
-msgstr ""
+msgstr "Приклад: (oid={subject_registered_id})"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:367
+#, fuzzy
+#| msgid ""
+#| "The templates to add certificate data to the search filter are based on "
+#| "Python-style formatting strings. They consists of a keyword in curly "
+#| "braces with an optional sub-component specifier separated by a '.' or an "
+#| "optional conversion/formatting option separated by a '!'.  Allowed values "
+#| "are: <placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
 "The templates to add certificate data to the search filter are based on "
-"Python-style formatting strings. They consists of a keyword in curly braces "
+"Python-style formatting strings. They consist of a keyword in curly braces "
 "with an optional sub-component specifier separated by a '.' or an optional "
 "conversion/formatting option separated by a '!'.  Allowed values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
+"Шаблони для додавання даних сертифікатів до фільтра пошуку засновано на "
+"рядках форматування у стилі Python. Воли складаються з ключового слова у "
+"фігурних дужках із додатковим підкомпонентом-специфікатором, відокремленим "
+"«.», або додатковим параметром перетворення-форматування, відокремленим «!». "
+"Дозволені значення: <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 #: sss-certmap.5.xml:590
-#, fuzzy
-#| msgid "DOMAIN SECTIONS"
 msgid "DOMAIN LIST"
-msgstr "РОЗДІЛИ ДОМЕНІВ"
+msgstr "СПИСОК ДОМЕНІВ"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:592
@@ -9385,6 +9972,10 @@ msgid ""
 "only searched in the local domain but in the listed domains as well as long "
 "as they are know by SSSD. Domains not know to SSSD will be ignored."
 msgstr ""
+"Якщо список доменів не є порожнім, записи користувачів, прив'язані до "
+"заданого сертифіката, шукаються не лише у локальному домені, а і у доменах "
+"зі списку, якщо вони відомі SSSD. Домени, які не відомі SSSD, буде "
+"проігноровано."
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
@@ -9428,14 +10019,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:43
-#, fuzzy
-#| msgid ""
-#| "The IPA provider accepts the same options used by the <citerefentry> "
-#| "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> identity provider and the <citerefentry> "
-#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> authentication provider with some exceptions described "
-#| "below."
 msgid ""
 "The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity "
@@ -9445,12 +10028,14 @@ msgid ""
 "options used by the sssd-ldap and sssd-krb5 providers with some exceptions. "
 "However, it is neither necessary nor recommended to set these options."
 msgstr ""
-"Інструментом надання даних IPA використовуються ті самі параметри, що "
-"використовуються надавачем даних профілів <citerefentry> <refentrytitle>sssd-"
-"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> та надавачем "
-"даних для розпізнавання <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> з певними винятками, "
-"описаними нижче."
+"Засіб надання даних IPA уможливлює для SSSD використання засобу надання "
+"даних профілів <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> та засобу надання даних "
+"розпізнавання <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> з оптимізацією для середовищ IPA. "
+"Засіб надання даних IPA приймає ті самі параметри, які використовуються "
+"засобами надання даних sssd-ldap та sssd-krb5, із деякими виключеннями. "
+"Втім, встановлювати ці параметри не обов'язково і не рекомендовано."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:57
@@ -9459,27 +10044,22 @@ msgid ""
 "default options with some exceptions, the differences are listed in the "
 "<quote>MODIFIED DEFAULT OPTIONS</quote> section."
 msgstr ""
+"Засіб надання даних IPA в основному копіює типові параметри традиційних "
+"засобів надання даних ldap і krb5 із деякими виключенням. Відмінності "
+"наведено у розділі <quote>ЗМІНЕНІ ТИПОВІ ПАРАМЕТРИ</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:62
-#, fuzzy
-#| msgid ""
-#| "However, it is neither necessary nor recommended to set these options.  "
-#| "IPA provider can also be used as an access and chpass provider. As an "
-#| "access provider it uses HBAC (host-based access control) rules. Please "
-#| "refer to freeipa.org for more information about HBAC. No configuration of "
-#| "access provider is required on the client side."
 msgid ""
 "As an access provider, the IPA provider uses HBAC (host-based access "
 "control)  rules. Please refer to freeipa.org for more information about "
 "HBAC. No configuration of access provider is required on the client side."
 msgstr ""
-"Потреби у встановленні або використанні цих параметрів виникнути не повинно. "
-"Інструментом надання даних IPA також можна скористатися для перевірки прав "
-"доступу та зміни паролів. Для керування доступом використовуються правила "
-"HBAC (host-based access control або керування доступом на основі даних щодо "
-"вузлів). Докладнішу інформацію щодо HBAC можна отримати на сайті freeipa."
-"org. У налаштуванні керування доступом на боці клієнта немає потреби."
+"Як інструмент надання доступу, інструмент надання даних IPA для керування "
+"доступом використовує правила HBAC (host-based access control або керування "
+"доступом на основі даних щодо вузлів). Докладнішу інформацію щодо HBAC можна "
+"отримати на сайті freeipa.org. У налаштуванні керування доступом на боці "
+"клієнта немає потреби."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ipa.5.xml:67
@@ -9535,28 +10115,26 @@ msgstr "ipa_hostname (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ipa.5.xml:113
+#, fuzzy
+#| msgid ""
+#| "Optional. May be set on machines where the hostname(5) does not reflect "
+#| "the fully qualified name used in the IPA domain to identify this host."
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
+"fully qualified name used in the IPA domain to identify this host.  The "
+"hostname must be fully qualified."
 msgstr ""
 "Необов’язковий. Може бути встановлено на комп’ютерах, де hostname(5) не "
 "відповідає повній назві, що використовується доменом IPA для розпізнавання "
 "цього вузла."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121 sssd-ad.5.xml:843
+#: sssd-ipa.5.xml:122 sssd-ad.5.xml:843
 msgid "dyndns_update (boolean)"
 msgstr "dyndns_update (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
-#, fuzzy
-#| msgid ""
-#| "Optional. This option tells SSSD to automatically update the DNS server "
-#| "built into FreeIPA v2 with the IP address of this client. The update is "
-#| "secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-#| "for the updates, if it is not otherwise specified by using the "
-#| "<quote>dyndns_iface</quote> option."
+#: sssd-ipa.5.xml:125
 msgid ""
 "Optional. This option tells SSSD to automatically update the DNS server "
 "built into FreeIPA with the IP address of this client. The update is secured "
@@ -9565,13 +10143,13 @@ msgid ""
 "quote> option."
 msgstr ""
 "Необов’язковий. За допомогою цього параметра можна наказати SSSD автоматично "
-"оновити на сервері DNS, вбудованому до FreeIPA v2, IP-адресу клієнта. Захист "
+"оновити на сервері DNS, вбудованому до FreeIPA, IP-адресу клієнта. Захист "
 "оновлення буде забезпечено за допомогою GSS-TSIG. Для оновлення буде "
 "використано IP-адресу з’єднання LDAP IPA, якщо не вказано іншу адресу за "
 "допомогою параметра «dyndns_iface»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:133 sssd-ad.5.xml:857
+#: sssd-ipa.5.xml:134 sssd-ad.5.xml:857
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -9581,7 +10159,7 @@ msgstr ""
 "у /etc/krb5.conf"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:139
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_update</"
@@ -9592,12 +10170,12 @@ msgstr ""
 "назву, <emphasis>dyndns_update</emphasis>, у файлі налаштувань."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:150 sssd-ad.5.xml:868
+#: sssd-ipa.5.xml:151 sssd-ad.5.xml:868
 msgid "dyndns_ttl (integer)"
 msgstr "dyndns_ttl (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:153 sssd-ad.5.xml:871
+#: sssd-ipa.5.xml:154 sssd-ad.5.xml:871
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -9608,7 +10186,7 @@ msgstr ""
 "Перевизначає TTL на боці сервера, якщо встановлено адміністратором."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:159
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
@@ -9619,33 +10197,30 @@ msgstr ""
 "назву, <emphasis>dyndns_ttl</emphasis>, у файлі налаштувань."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:164
+#: sssd-ipa.5.xml:165
 msgid "Default: 1200 (seconds)"
 msgstr "Типове значення: 1200 (секунд)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:170 sssd-ad.5.xml:882
+#: sssd-ipa.5.xml:171 sssd-ad.5.xml:882
 msgid "dyndns_iface (string)"
 msgstr "dyndns_iface (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173 sssd-ad.5.xml:885
-#, fuzzy
-#| msgid ""
-#| "Optional. Applicable only when dyndns_update is true. Choose the "
-#| "interface whose IP address should be used for dynamic DNS updates."
+#: sssd-ipa.5.xml:174 sssd-ad.5.xml:885
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
 "updates. Special value <quote>*</quote> implies that IPs from all interfaces "
 "should be used."
 msgstr ""
-"Необов’язковий. Застосовний лише тоді, коли dyndns_update має значення true. "
-"Визначити інтерфейс, чию адресу IP має бути використано для динамічних "
-"оновлень DNS."
+"Необов'язковий. Застосовний, лише якщо dyndns_update має значення true. "
+"Виберіть інтерфейс або список інтерфейсів, чиї IP-адреси має бути "
+"використано для динамічних оновлень DNS. Спеціальне значення <quote>*</"
+"quote> означає, що слід використовувати IP-адреси з усіх інтерфейсів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180
+#: sssd-ipa.5.xml:181
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -9656,53 +10231,52 @@ msgstr ""
 "назву, <emphasis>dyndns_iface</emphasis>, у файлі налаштувань."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:186
-#, fuzzy
-#| msgid "Default: Use the IP address of the IPA LDAP connection"
+#: sssd-ipa.5.xml:187
 msgid ""
 "Default: Use the IP addresses of the interface which is used for IPA LDAP "
 "connection"
-msgstr "Типове значення: використовувати IP-адресу з’єднання LDAP IPA"
+msgstr ""
+"Типове значення: використовувати IP-адреси інтерфейсу, який використовується "
+"для з’єднання LDAP IPA"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:190 sssd-ad.5.xml:896
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:896
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
-msgstr ""
+msgstr "Приклад: dyndns_iface = em1, vnet1, vnet2"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196 sssd-ad.5.xml:947
-#, fuzzy
-#| msgid "dyndns_iface (string)"
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:947
 msgid "dyndns_auth (string)"
-msgstr "dyndns_iface (рядок)"
+msgstr "dyndns_auth (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199 sssd-ad.5.xml:950
+#: sssd-ipa.5.xml:200 sssd-ad.5.xml:950
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
 "option to 'none'."
 msgstr ""
+"Визначає, чи має використовувати допоміжний засіб nsupdate розпізнавання GSS-"
+"TSIG для безпечних оновлень за допомогою сервера DNS, незахищені оновлення "
+"можна надсилати встановленням для цього параметра значення «none»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:205 sssd-ad.5.xml:956
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:956
 msgid "Default: GSS-TSIG"
-msgstr "Типове значення: 3"
+msgstr "Типове значення: GSS-TSIG"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:212
 msgid "ipa_enable_dns_sites (boolean)"
 msgstr "ipa_enable_dns_sites (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:197
+#: sssd-ipa.5.xml:215 sssd-ad.5.xml:197
 msgid "Enables DNS sites - location based service discovery."
 msgstr "Вмикає сайти DNS — визначення служб на основі адрес."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:218
+#: sssd-ipa.5.xml:219
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, then the SSSD will first attempt location "
@@ -9722,12 +10296,12 @@ msgstr ""
 "вважатимуться резервними серверами."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:237 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:238 sssd-ad.5.xml:902
 msgid "dyndns_refresh_interval (integer)"
 msgstr "dyndns_refresh_interval (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:240
+#: sssd-ipa.5.xml:241
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -9739,12 +10313,12 @@ msgstr ""
 "є обов’язкоми, його застосовують, лише якщо dyndns_update має значення true."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:920
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:920
 msgid "dyndns_update_ptr (bool)"
 msgstr "dyndns_update_ptr (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:923
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:923
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
@@ -9753,7 +10327,7 @@ msgstr ""
 "DNS клієнта. Застосовується, лише якщо значенням dyndns_update буде true."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:261
+#: sssd-ipa.5.xml:262
 msgid ""
 "This option should be False in most IPA deployments as the IPA server "
 "generates the PTR records automatically when forward records are changed."
@@ -9763,17 +10337,17 @@ msgstr ""
 "переспрямовування."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:268
 msgid "Default: False (disabled)"
 msgstr "Типове значення: False (вимкнено)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273 sssd-ad.5.xml:934
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:934
 msgid "dyndns_force_tcp (bool)"
 msgstr "dyndns_force_tcp (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276 sssd-ad.5.xml:937
+#: sssd-ipa.5.xml:277 sssd-ad.5.xml:937
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
@@ -9782,76 +10356,99 @@ msgstr ""
 "даними з сервером DNS."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:941
+#: sssd-ipa.5.xml:281 sssd-ad.5.xml:941
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr "Типове значення: False (надати змогу nsupdate вибирати протокол)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:286 sssd-ad.5.xml:962
-#, fuzzy
-#| msgid "dyndns_iface (string)"
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:962
 msgid "dyndns_server (string)"
-msgstr "dyndns_iface (рядок)"
+msgstr "dyndns_server (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:289 sssd-ad.5.xml:965
+#: sssd-ipa.5.xml:290 sssd-ad.5.xml:965
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
+"Сервер DNS, який слід використовувати для виконання оновлення DNS. У "
+"більшості конфігурацій рекомендуємо не встановлювати значення для цього "
+"параметра."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:294 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:295 sssd-ad.5.xml:970
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
+"Встановлення значення для цього параметра потрібне для середовищ, де сервер "
+"DNS відрізняється від сервера профілів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:299 sssd-ad.5.xml:975
+#: sssd-ipa.5.xml:300 sssd-ad.5.xml:975
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
+"Будь ласка, зауважте, що цей параметр буде використано лише для резервних "
+"спроб, якщо попередні спроби із використанням автовиявлення завершаться "
+"невдало."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:304 sssd-ad.5.xml:980
-#, fuzzy
-#| msgid "Default: False (let nsupdate choose the protocol)"
+#: sssd-ipa.5.xml:305 sssd-ad.5.xml:980
 msgid "Default: None (let nsupdate choose the server)"
-msgstr "Типове значення: False (надати змогу nsupdate вибирати протокол)"
+msgstr "Типове значення: немає (надати nsupdate змогу вибирати сервер)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:310
-msgid "ipa_hbac_search_base (string)"
-msgstr "ipa_hbac_search_base (рядок)"
+#: sssd-ipa.5.xml:311
+#, fuzzy
+#| msgid "ipa_views_search_base (string)"
+msgid "ipa_deskprofile_search_base (string)"
+msgstr "ipa_views_search_base (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Optional. Use the given string as search base for HBAC related objects."
+#: sssd-ipa.5.xml:314
+#, fuzzy
+#| msgid ""
+#| "Optional. Use the given string as search base for HBAC related objects."
+msgid ""
+"Optional. Use the given string as search base for Desktop Profile related "
+"objects."
 msgstr ""
 "Необов’язковий. Використати вказаний рядок як основу пошуку пов’язаних з "
 "HBAC об’єктів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:317
+#: sssd-ipa.5.xml:318 sssd-ipa.5.xml:331
 msgid "Default: Use base DN"
 msgstr "Типове значення: використання базової назви домену"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:324
+msgid "ipa_hbac_search_base (string)"
+msgstr "ipa_hbac_search_base (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:327
+msgid "Optional. Use the given string as search base for HBAC related objects."
+msgstr ""
+"Необов’язковий. Використати вказаний рядок як основу пошуку пов’язаних з "
+"HBAC об’єктів."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:337
 msgid "ipa_host_search_base (string)"
 msgstr "ipa_host_search_base (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:326
+#: sssd-ipa.5.xml:340
 msgid "Optional. Use the given string as search base for host objects."
 msgstr ""
 "Необов’язковий. Використати вказаний рядок як основу пошуку об’єктів вузлів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:330 sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 sssd-ipa.5.xml:387
-#: sssd-ipa.5.xml:406
+#: sssd-ipa.5.xml:344 sssd-ipa.5.xml:363 sssd-ipa.5.xml:382 sssd-ipa.5.xml:401
+#: sssd-ipa.5.xml:420
 msgid ""
 "See <quote>ldap_search_base</quote> for information about configuring "
 "multiple search bases."
@@ -9860,76 +10457,76 @@ msgstr ""
 "налаштування декількох основ пошуку."
 
 #. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:335 sssd-ipa.5.xml:354 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 include/ldap_search_bases.xml:27
 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 msgstr "Типове значення: значення <emphasis>ldap_search_base</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:356
 msgid "ipa_selinux_search_base (string)"
 msgstr "ipa_selinux_search_base (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:345
+#: sssd-ipa.5.xml:359
 msgid "Optional. Use the given string as search base for SELinux user maps."
 msgstr ""
 "Необов’язковий. Використати вказаний рядок як основу пошуку карт "
 "користувачів SELinux."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:375
 msgid "ipa_subdomains_search_base (string)"
 msgstr "ipa_subdomains_search_base (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364
+#: sssd-ipa.5.xml:378
 msgid "Optional. Use the given string as search base for trusted domains."
 msgstr ""
 "Необов’язковий. Використати вказаний рядок як основу пошуку надійних доменів."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:373
+#: sssd-ipa.5.xml:387
 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
 msgstr "Типове значення: значення <emphasis>cn=trusts,%basedn</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:380
+#: sssd-ipa.5.xml:394
 msgid "ipa_master_domain_search_base (string)"
 msgstr "ipa_master_domain_search_base (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:383
+#: sssd-ipa.5.xml:397
 msgid "Optional. Use the given string as search base for master domain object."
 msgstr ""
 "Необов’язковий. Використати вказаний рядок як основу пошуку основного "
 "об’єкта домену."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:406
 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
 msgstr ""
 "Типове значення: значення виразу <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:399
+#: sssd-ipa.5.xml:413
 msgid "ipa_views_search_base (string)"
 msgstr "ipa_views_search_base (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:402
+#: sssd-ipa.5.xml:416
 msgid "Optional. Use the given string as search base for views containers."
 msgstr ""
 "Необов’язковий. Використати вказаний рядок як основу пошуку контейнерів "
 "перегляду."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:411
+#: sssd-ipa.5.xml:425
 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
 msgstr ""
 "Типове значення: значення <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:435
 msgid ""
 "The name of the Kerberos realm. This is optional and defaults to the value "
 "of <quote>ipa_domain</quote>."
@@ -9938,7 +10535,7 @@ msgstr ""
 "«ipa_domain»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:425
+#: sssd-ipa.5.xml:439
 msgid ""
 "The name of the Kerberos realm has a special meaning in IPA - it is "
 "converted into the base DN to use for performing LDAP operations."
@@ -9947,12 +10544,12 @@ msgstr ""
 "перетворено у основний DN для виконання дій LDAP."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:433 sssd-ad.5.xml:989
+#: sssd-ipa.5.xml:447 sssd-ad.5.xml:989
 msgid "krb5_confd_path (string)"
 msgstr "krb5_confd_path (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:436 sssd-ad.5.xml:992
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:992
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
@@ -9961,7 +10558,7 @@ msgstr ""
 "налаштувань Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:440 sssd-ad.5.xml:996
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:996
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
@@ -9970,7 +10567,7 @@ msgstr ""
 "значення «none»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:444 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1000
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
@@ -9978,33 +10575,85 @@ msgstr ""
 "SSSD)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:465
+#, fuzzy
+#| msgid "ipa_hbac_refresh (integer)"
+msgid "ipa_deskprofile_refresh (integer)"
 msgstr "ipa_hbac_refresh (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:468
+#, fuzzy
+#| msgid ""
+#| "The amount of time between lookups of the HBAC rules against the IPA "
+#| "server. This will reduce the latency and load on the IPA server if there "
+#| "are many access-control requests made in a short period."
 msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server. This will reduce the latency and load on the IPA server if there "
+"are many desktop profiles requests made in a short period."
 msgstr ""
 "Проміжок часу між послідовними пошуками правил HBAC щодо сервера IPA. Зміна "
 "може зменшити час затримки та навантаження на сервер IPA, якщо протягом "
 "короткого періоду часу надходить багато запитів щодо керування доступом."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ipa.5.xml:477 sssd-ad.5.xml:408
+#: sssd-ipa.5.xml:475 sssd-ipa.5.xml:505 sssd-ipa.5.xml:521 sssd-ad.5.xml:408
 msgid "Default: 5 (seconds)"
 msgstr "Типове значення: 5 (секунд)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:481
+#, fuzzy
+#| msgid "ldap_sudo_full_refresh_interval (integer)"
+msgid "ipa_deskprofile_request_interval (integer)"
+msgstr "ldap_sudo_full_refresh_interval (ціле число)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:484
+#, fuzzy
+#| msgid ""
+#| "The amount of time between lookups of the HBAC rules against the IPA "
+#| "server. This will reduce the latency and load on the IPA server if there "
+#| "are many access-control requests made in a short period."
+msgid ""
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server in case the last request did not return any rule."
+msgstr ""
+"Проміжок часу між послідовними пошуками правил HBAC щодо сервера IPA. Зміна "
+"може зменшити час затримки та навантаження на сервер IPA, якщо протягом "
+"короткого періоду часу надходить багато запитів щодо керування доступом."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:489
+#, fuzzy
+#| msgid "Default: 900 (15 minutes)"
+msgid "Default: 60 (minutes)"
+msgstr "Типове значення: 900 (15 хвилин)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:495
+msgid "ipa_hbac_refresh (integer)"
+msgstr "ipa_hbac_refresh (ціле число)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:498
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+"Проміжок часу між послідовними пошуками правил HBAC щодо сервера IPA. Зміна "
+"може зменшити час затримки та навантаження на сервер IPA, якщо протягом "
+"короткого періоду часу надходить багато запитів щодо керування доступом."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:511
 msgid "ipa_hbac_selinux (integer)"
 msgstr "ipa_hbac_selinux (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:470
+#: sssd-ipa.5.xml:514
 msgid ""
 "The amount of time between lookups of the SELinux maps against the IPA "
 "server. This will reduce the latency and load on the IPA server if there are "
@@ -10016,94 +10665,96 @@ msgstr ""
 "користувача до системи."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:527
 msgid "ipa_server_mode (boolean)"
 msgstr "ipa_server_mode (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:486
+#: sssd-ipa.5.xml:530
 msgid ""
 "This option will be set by the IPA installer (ipa-server-install) "
 "automatically and denotes if SSSD is running on an IPA server or not."
 msgstr ""
+"Цей параметр буде встановлено засобом встановлення IPA (ipa-server-install) "
+"автоматично, він визначає, чи запущено SSSD на сервері IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:535
 msgid ""
 "On an IPA server SSSD will lookup users and groups from trusted domains "
 "directly while on a client it will ask an IPA server."
 msgstr ""
+"На сервері IPA SSSD шукатиме записи користувачів і груп із довірених доменів "
+"безпосередньо, хоча на клієнті SSSD надсилатиме запит на сервер IPA."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:502
+#: sssd-ipa.5.xml:546
 msgid "ipa_automount_location (string)"
 msgstr "ipa_automount_location (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:505
+#: sssd-ipa.5.xml:549
 msgid "The automounter location this IPA client will be using"
 msgstr ""
 "Адреса автоматичного монтування, яку буде використовувати цей клієнт IPA"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508
+#: sssd-ipa.5.xml:552
 msgid "Default: The location named \"default\""
 msgstr "Типове значення: адреса з назвою \"default\""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:516
+#: sssd-ipa.5.xml:560
 msgid "VIEWS AND OVERRIDES"
 msgstr "ПЕРЕГЛЯДИ і ПЕРЕВИЗНАЧЕННЯ"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:525
+#: sssd-ipa.5.xml:569
 msgid "ipa_view_class (string)"
 msgstr "ipa_view_class (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:572
 msgid "Objectclass of the view container."
 msgstr "Клас об’єктів для контейнерів перегляду."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:575
 msgid "Default: nsContainer"
 msgstr "Типове значення: nsContainer"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:537
+#: sssd-ipa.5.xml:581
 msgid "ipa_view_name (string)"
 msgstr "ipa_view_name (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:540
+#: sssd-ipa.5.xml:584
 msgid "Name of the attribute holding the name of the view."
 msgstr "Назва атрибута, у якому зберігається назва перегляду."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:550
-#, fuzzy
-#| msgid "ipa_overide_object_class (string)"
+#: sssd-ipa.5.xml:594
 msgid "ipa_override_object_class (string)"
-msgstr "ipa_overide_object_class (рядок)"
+msgstr "ipa_override_object_class (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:597
 msgid "Objectclass of the override objects."
 msgstr "Клас об’єктів для об’єктів перевизначення"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:556
+#: sssd-ipa.5.xml:600
 msgid "Default: ipaOverrideAnchor"
 msgstr "Типове значення: ipaOverrideAnchor"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:606
 msgid "ipa_anchor_uuid (string)"
 msgstr "ipa_anchor_uuid (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:565
+#: sssd-ipa.5.xml:609
 msgid ""
 "Name of the attribute containing the reference to the original object in a "
 "remote domain."
@@ -10112,17 +10763,17 @@ msgstr ""
 "віддаленому домені."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:613
 msgid "Default: ipaAnchorUUID"
 msgstr "Типове значення: ipaAnchorUUID"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:619
 msgid "ipa_user_override_object_class (string)"
 msgstr "ipa_user_override_object_class (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:578
+#: sssd-ipa.5.xml:622
 msgid ""
 "Name of the objectclass for user overrides. It is used to determine if the "
 "found override object is related to a user or a group."
@@ -10132,57 +10783,57 @@ msgstr ""
 "або групою."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:583
+#: sssd-ipa.5.xml:627
 msgid "User overrides can contain attributes given by"
 msgstr "Перевизначення користувачів можуть містити атрибути, задані"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:586
+#: sssd-ipa.5.xml:630
 msgid "ldap_user_name"
 msgstr "ldap_user_name"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:589
+#: sssd-ipa.5.xml:633
 msgid "ldap_user_uid_number"
 msgstr "ldap_user_uid_number"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:592
+#: sssd-ipa.5.xml:636
 msgid "ldap_user_gid_number"
 msgstr "ldap_user_gid_number"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:595
+#: sssd-ipa.5.xml:639
 msgid "ldap_user_gecos"
 msgstr "ldap_user_gecos"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:598
+#: sssd-ipa.5.xml:642
 msgid "ldap_user_home_directory"
 msgstr "ldap_user_home_directory"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:601
+#: sssd-ipa.5.xml:645
 msgid "ldap_user_shell"
 msgstr "ldap_user_shell"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:604
+#: sssd-ipa.5.xml:648
 msgid "ldap_user_ssh_public_key"
 msgstr "ldap_user_ssh_public_key"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:653
 msgid "Default: ipaUserOverride"
 msgstr "Типове значення: ipaUserOverride"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:615
+#: sssd-ipa.5.xml:659
 msgid "ipa_group_override_object_class (string)"
 msgstr "ipa_group_override_object_class (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:618
+#: sssd-ipa.5.xml:662
 msgid ""
 "Name of the objectclass for group overrides. It is used to determine if the "
 "found override object is related to a user or a group."
@@ -10191,27 +10842,27 @@ msgstr ""
 "того, чи знайдений об’єкт перевизначення пов’язано з користувачем або групою."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:623
+#: sssd-ipa.5.xml:667
 msgid "Group overrides can contain attributes given by"
 msgstr "Перевизначення груп можуть містити атрибути, задані"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:626
+#: sssd-ipa.5.xml:670
 msgid "ldap_group_name"
 msgstr "ldap_group_name"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:629
+#: sssd-ipa.5.xml:673
 msgid "ldap_group_gid_number"
 msgstr "ldap_group_gid_number"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
+#: sssd-ipa.5.xml:678
 msgid "Default: ipaGroupOverride"
 msgstr "Типове значення: ipaGroupOverride"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:518
+#: sssd-ipa.5.xml:562
 msgid ""
 "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
 "later version. Since all paths and objectclasses are fixed on the server "
@@ -10226,12 +10877,12 @@ msgstr ""
 "значеннями.  <placeholder type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:646
+#: sssd-ipa.5.xml:690
 msgid "SUBDOMAINS PROVIDER"
 msgstr "СЛУЖБА ПІДДОМЕНІВ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:692
 msgid ""
 "The IPA subdomains provider behaves slightly differently if it is configured "
 "explicitly or implicitly."
@@ -10240,7 +10891,7 @@ msgstr ""
 "спосіб його налаштовано: явний чи неявний."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:652
+#: sssd-ipa.5.xml:696
 msgid ""
 "If the option 'subdomains_provider = ipa' is found in the domain section of "
 "sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -10252,7 +10903,7 @@ msgstr ""
 "якщо це потрібно."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:658
+#: sssd-ipa.5.xml:702
 msgid ""
 "If the option 'subdomains_provider' is not set in the domain section of sssd."
 "conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -10272,7 +10923,7 @@ msgstr ""
 "даних піддоменів буде знову увімкнено."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:675
+#: sssd-ipa.5.xml:719
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -10284,7 +10935,7 @@ msgstr ""
 "ipa."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:682
+#: sssd-ipa.5.xml:726
 #, no-wrap
 msgid ""
 "[domain/example.com]\n"
@@ -10325,11 +10976,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ad.5.xml:36
-#, fuzzy
-#| msgid ""
-#| "The AD provider is a back end used to connect to an Active Directory "
-#| "server. This provider requires that the machine be joined to the AD "
-#| "domain and a keytab is available."
 msgid ""
 "The AD provider is a back end used to connect to an Active Directory server. "
 "This provider requires that the machine be joined to the AD domain and a "
@@ -10337,9 +10983,13 @@ msgid ""
 "channel, SSL/TLS options should not be used with the AD provider and will be "
 "superceded by Kerberos usage."
 msgstr ""
-"Засіб надання даних AD — це модуль, що використовується для встановлення "
-"з’єднання з сервером Active Directory. Цей засіб потребує долучення "
-"комп’ютера до домену AD та доступності таблиці ключів."
+"Засіб надання даних AD є модулем, який використовується для встановлення "
+"з'єднання із сервером Active Directory. Для роботи цього засобу надання "
+"даних потрібно, щоб комп'ютер було долучено до домену AD і щоб було "
+"доступним сховище ключів. Обмін даними із модулем відбувається за допомогою "
+"каналу із шифруванням GSSAPI. Із засобом надання даних AD не слід "
+"використовувати параметри SSL/TLS, оскільки їх перекриває використання "
+"Kerberos."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ad.5.xml:44
@@ -10353,31 +11003,20 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ad.5.xml:48
-#, fuzzy
-#| msgid ""
-#| "The AD provider is able to provide identity information and "
-#| "authentication for entities from trusted domains as well. Currently only "
-#| "trusted domains in the same forest are recognized."
 msgid ""
 "The AD provider can be used to get user information and authenticate users "
 "from trusted domains. Currently only trusted domains in the same forest are "
 "recognized. In addition servers from trusted domains are always auto-"
 "discovered."
 msgstr ""
-"Модуль надання даних AD може надавати дані щодо ідентифікації та "
-"розпізнавання і для записів з надійних доменів. У поточній версії "
-"розпізнаються лише надійні домени з одного лісу."
+"Засобом надання даних AD можна скористатися для отримання даних щодо "
+"користувачів і розпізнавання користувачів за допомогою довірених доменів. У "
+"поточній версії передбачено підтримку використання лише довірених доменів з "
+"того самого лісу. Крім того автоматично визначаються сервери із довірених "
+"доменів."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ad.5.xml:54
-#, fuzzy
-#| msgid ""
-#| "The AD provider accepts the same options used by the <citerefentry> "
-#| "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> identity provider and the <citerefentry> "
-#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> authentication provider with some exceptions described "
-#| "below."
 msgid ""
 "The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity "
@@ -10388,12 +11027,15 @@ msgid ""
 "exceptions. However, it is neither necessary nor recommended to set these "
 "options."
 msgstr ""
-"Інструментом надання даних AD використовуються ті самі параметри, що "
-"використовуються надавачем даних профілів <citerefentry> <refentrytitle>sssd-"
-"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> та надавачем "
-"даних для розпізнавання <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> з певними винятками, "
-"описаними нижче."
+"Засіб надання даних AD уможливлює для SSSD використання засобу надання даних "
+"профілів <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> та засобу надання даних "
+"розпізнавання <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> з оптимізацією для середовищ Active "
+"Directory. Засіб надання даних AD приймає ті самі параметри, які "
+"використовуються засобами надання даних sssd-ldap та sssd-krb5, із деякими "
+"виключеннями. Втім, встановлювати ці параметри не обов'язково і не "
+"рекомендовано."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ad.5.xml:69
@@ -10402,23 +11044,20 @@ msgid ""
 "default options with some exceptions, the differences are listed in the "
 "<quote>MODIFIED DEFAULT OPTIONS</quote> section."
 msgstr ""
+"Засіб надання даних AD в основному копіює типові параметри традиційних "
+"засобів надання даних ldap і krb5 із деякими виключенням. Відмінності "
+"наведено у розділі <quote>ЗМІНЕНІ ТИПОВІ ПАРАМЕТРИ</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-ad.5.xml:74
-#, fuzzy
-#| msgid ""
-#| "However, it is neither necessary nor recommended to set these options. "
-#| "The AD provider can also be used as an access, chpass and sudo provider. "
-#| "No configuration of the access provider is required on the client side."
 msgid ""
 "The AD provider can also be used as an access, chpass, sudo and autofs "
 "provider. No configuration of the access provider is required on the client "
 "side."
 msgstr ""
-"Потреби у встановленні або використанні цих параметрів виникнути не повинно. "
-"Інструментом надання даних AD також можна скористатися для перевірки прав "
-"доступу, зміни паролів та доступу до sudo. У налаштовуванні керування "
-"доступом на боці клієнта немає потреби."
+"Інструментом надання даних AD також можна скористатися для доступу, зміни "
+"паролів запуску від імені користувача (sudo) та використання autofs. У "
+"налаштовуванні керування доступом на боці клієнта немає потреби."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sssd-ad.5.xml:85
@@ -10497,10 +11136,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:127
-#, fuzzy
-#| msgid "ad_domain (string)"
 msgid "ad_enabled_domains (string)"
-msgstr "ad_domain (рядок)"
+msgstr "ad_enabled_domains (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:130
@@ -10509,40 +11146,34 @@ msgid ""
 "SSSD will ignore any domains not listed in this option. If left unset, all "
 "domains from the AD forest will be available."
 msgstr ""
+"Список дозволених доменів Active Directory, відокремлених комами. Якщо "
+"вказано, SSSD ігноруватиме будь-які домени, яких немає у списку цього "
+"параметра. Якщо значення параметра не встановлено, доступними будуть усі "
+"домени з лісу AD."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
 #: sssd-ad.5.xml:140
-#, fuzzy, no-wrap
-#| msgid ""
-#| "ad_gpo_map_deny = +my_pam_service\n"
-#| "                            "
+#, no-wrap
 msgid ""
 "ad_enabled_domains = sales.example.com, eng.example.com\n"
 "                            "
 msgstr ""
-"ad_gpo_map_deny = +my_pam_service\n"
+"ad_enabled_domains = sales.example.com, eng.example.com\n"
 "                            "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:136
-#, fuzzy
-#| msgid ""
-#| "For proper operation, this option should be specified as the lower-case "
-#| "version of the long version of the Active Directory domain."
 msgid ""
 "For proper operation, this option must be specified in all lower-case and as "
 "the fully qualified domain name of the Active Directory domain. For example: "
 "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
-"Для забезпечення належної роботи цей параметр слід вказати у форматі запису "
-"малими літерами повної версії назви домену Active Directory."
+"Для належного функціонування значення цього параметра має бути вказано "
+"малими літерами у форматі повної назви домену Active Directory. Приклад: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:144
-#, fuzzy
-#| msgid ""
-#| "The short domain name (also known as the NetBIOS or the flat name) is "
-#| "autodetected by the SSSD."
 msgid ""
 "The short domain name (also known as the NetBIOS or the flat name) will be "
 "autodetected by SSSD."
@@ -10557,24 +11188,15 @@ msgstr "ad_server, ad_backup_server (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:157
-#, fuzzy
-#| msgid ""
-#| "The comma-separated list of hostnames of the AD servers to which SSSD "
-#| "should connect in order of preference. For more information on failover "
-#| "and server redundancy, see the <quote>FAILOVER</quote> section.  This is "
-#| "optional if autodiscovery is enabled.  For more information on service "
-#| "discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
 msgid ""
 "The comma-separated list of hostnames of the AD servers to which SSSD should "
 "connect in order of preference. For more information on failover and server "
 "redundancy, see the <quote>FAILOVER</quote> section."
 msgstr ""
-"Впорядкований за пріоритетом список назв вузлів, відокремлених комами, "
-"серверів AD, з якими має встановити з’єднання SSSD. Докладніші відомості "
-"щодо резервних серверів викладено у розділі «РЕЗЕРВ». Цей список є "
-"необов’язковим, якщо увімкнено автоматичне виявлення служб. Докладніші "
-"відомості щодо автоматичного виявлення служб наведено у розділі «ПОШУК "
-"СЛУЖБ»."
+"Список назв тих вузлів серверів AD, відокремлених комами, з якими SSSD має "
+"встановлювати з'єднання у порядку пріоритетності. Щоб дізнатися більше про "
+"резервне використання серверів, ознайомтеся із розділом <quote>РЕЗЕРВ</"
+"quote>."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:164
@@ -10582,6 +11204,9 @@ msgid ""
 "This is optional if autodiscovery is enabled.  For more information on "
 "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
 msgstr ""
+"Цей список є необов’язковим, якщо увімкнено автоматичне виявлення служб. "
+"Докладніші відомості щодо автоматичного виявлення служб наведено у розділі "
+"«ПОШУК СЛУЖБ»."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:169
@@ -10589,6 +11214,8 @@ msgid ""
 "Note: Trusted domains will always auto-discover servers even if the primary "
 "server is explicitly defined in the ad_server option."
 msgstr ""
+"Зауваження: довірені домени завжди автоматично визначають сервери, навіть "
+"якщо основний сервер явним чином визначено у параметрі ad_server."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:177
@@ -10704,6 +11331,15 @@ msgid ""
 "microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] section LDAP "
 "extensions</ulink>"
 msgstr ""
+"Визначення участі у вкладених групах має відбуватися із використанням "
+"спеціалізованого OID <quote>:1.2.840.113556.1.4.1941:</quote>, окрім повних "
+"синтаксичних конструкцій DOM:domain.example.org:, щоб засіб обробки не "
+"намагався інтерпретувати символи двокрапки, пов'язані з OID. Якщо ви не "
+"використовуєте цей OID, вкладена участь у групах не визначатиметься. "
+"Ознайомтеся із прикладом використання, який наведено нижче, і цим "
+"посиланням, щоб дізнатися більше про OID: <ulink url=\"https://msdn."
+"microsoft.com/en-us/library/cc223367.aspx\">[MS-ADTS] Правила встановлення "
+"відповідності у LDAP</ulink>"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:262
@@ -10721,17 +11357,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
 #: sssd-ad.5.xml:273
-#, fuzzy, no-wrap
-#| msgid ""
-#| "# apply filter on domain called dom1 only:\n"
-#| "dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
-#| "\n"
-#| "# apply filter on domain called dom2 only:\n"
-#| "DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
-#| "\n"
-#| "# apply filter on forest called EXAMPLE.COM only:\n"
-#| "FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
-#| "                        "
+#, no-wrap
 msgid ""
 "# apply filter on domain called dom1 only:\n"
 "dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
@@ -10754,6 +11380,9 @@ msgstr ""
 "\n"
 "# застосувати фільтрування лише для лісу з назвою EXAMPLE.COM:\n"
 "FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
+"\n"
+"# застосувати фільтрування до учасника вкладеної групи у dom1:\n"
+"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n"
 "                        "
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -11016,29 +11645,27 @@ msgstr "kdm"
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sssd-ad.5.xml:480
 msgid "lightdm"
-msgstr ""
+msgstr "lightdm"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sssd-ad.5.xml:485
 msgid "lxdm"
-msgstr ""
+msgstr "lxdm"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sssd-ad.5.xml:490
 msgid "sddm"
-msgstr ""
+msgstr "sddm"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sssd-ad.5.xml:495
 msgid "unity"
-msgstr ""
+msgstr "unity"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sssd-ad.5.xml:500
-#, fuzzy
-#| msgid "kdm"
 msgid "xdm"
-msgstr "kdm"
+msgstr "xdm"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:509
@@ -11105,7 +11732,7 @@ msgstr "sshd"
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sssd-ad.5.xml:546
 msgid "cockpit"
-msgstr ""
+msgstr "cockpit"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:555
@@ -11333,7 +11960,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sssd-ad.5.xml:698
 msgid "polkit-1"
-msgstr ""
+msgstr "polkit-1"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 #: sssd-ad.5.xml:703
@@ -11449,7 +12076,7 @@ msgstr "Типове значення: deny"
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:810
 msgid "ad_maximum_machine_account_password_age (integer)"
-msgstr ""
+msgstr "ad_maximum_machine_account_password_age (ціле число)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:813
@@ -11458,37 +12085,46 @@ msgid ""
 "given age in days and try to renew it. A value of 0 will disable the renewal "
 "attempt."
 msgstr ""
+"SSSD перевірятиме раз на день, чи має пароль до облікового запису комп'ютера "
+"вік, який перевищує заданий вік у днях, і намагатиметься оновити його. "
+"Значення 0 вимкне спроби оновлення."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:819
-#, fuzzy
-#| msgid "Default: 300"
 msgid "Default: 30 days"
-msgstr "Типове значення: 300"
+msgstr "Типове значення: 30 днів"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:825
-#, fuzzy
-#| msgid "pam_account_expired_message (string)"
 msgid "ad_machine_account_password_renewal_opts (string)"
-msgstr "pam_account_expired_message (рядок)"
+msgstr "ad_machine_account_password_renewal_opts (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:828
+#, fuzzy
+#| msgid ""
+#| "This option should only be used to test the machine account renewal task. "
+#| "The option expect 2 integers seperated by a colon (':'). The first "
+#| "integer defines the interval in seconds how often the task is run. The "
+#| "second specifies the inital timeout in seconds before the task is run for "
+#| "the first time after startup."
 msgid ""
 "This option should only be used to test the machine account renewal task. "
-"The option expect 2 integers seperated by a colon (':'). The first integer "
+"The option expects 2 integers separated by a colon (':'). The first integer "
 "defines the interval in seconds how often the task is run. The second "
-"specifies the inital timeout in seconds before the task is run for the first "
-"time after startup."
+"specifies the initial timeout in seconds before the task is run for the "
+"first time after startup."
 msgstr ""
+"Цей параметр має використовуватися лише для перевірки завдання із оновлення "
+"облікових записів комп'ютерів. Параметру слід передати 2 цілих числа, "
+"відокремлених двокрапкою («:»). Перше ціле число визначає інтервал у "
+"секундах між послідовними повторними виконаннями завдання з оновлення. Друге "
+"— визначає початковий час очікування на перший запуск завдання."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:837
-#, fuzzy
-#| msgid "Default: 86400 (24 hours)"
 msgid "Default: 86400:750 (24h and 15m)"
-msgstr "Типове значення: 86400 (24 години)"
+msgstr "Типове значення: 86400:750 (24 годин і 15 хвилин)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:846
@@ -11514,20 +12150,15 @@ msgstr "Типове значення: 3600 (секунд)"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:892
-#, fuzzy
-#| msgid "Default: Use the IP address of the AD LDAP connection"
 msgid ""
 "Default: Use the IP addresses of the interface which is used for AD LDAP "
 "connection"
-msgstr "Типове значення: використовувати IP-адресу з’єднання LDAP AD"
+msgstr ""
+"Типове значення: використовувати IP-адреси інтерфейсу, який використовується "
+"для з’єднання LDAP AD"
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:905
-#, fuzzy
-#| msgid ""
-#| "How often should the back end perform periodic DNS update in addition to "
-#| "the automatic update performed when the back end goes online.  This "
-#| "option is optional and applicable only when dyndns_update is true."
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -11538,7 +12169,10 @@ msgstr ""
 "Визначає, наскільки часто серверний модуль має виконувати періодичні "
 "оновлення DNS на додачу до автоматичного оновлення, яке виконується під час "
 "кожного встановлення з’єднання серверного модуля з мережею. Цей параметр не "
-"є обов’язкоми, його застосовують, лише якщо dyndns_update має значення true."
+"є обов’язкоми, його застосовують, лише якщо dyndns_update має значення true. "
+"Зауважте, що найменшим можливим значенням є 60 секунд. Якщо буде вказано "
+"значення, яке є меншим за 60, використовуватиметься найменше можливе "
+"значення."
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:928 sss_rpcidmapd.5.xml:76
@@ -11626,9 +12260,12 @@ msgid ""
 "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
 "are included in the default Active Directory schema."
 msgstr ""
+"Якщо для засобу надання даних autofs встановлено значення <quote>ad</quote>, "
+"використовується схема прив'язки атрибутів RFC2307 (nisMap, nisObject, ...), "
+"оскільки ці атрибути включено до типової схеми Active Directory."
 
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
+#. type: Content of: <reference><refentry><refmeta><refentrytitle>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
 msgid "sssd-sudo"
 msgstr "sssd-sudo"
 
@@ -11787,14 +12424,14 @@ msgid ""
 "services, as it became optional. However, sssd-sudo.socket must be enabled "
 "instead.  </phrase>"
 msgstr ""
+"<placeholder type=\"programlisting\" id=\"0\"/> <phrase condition="
+"\"have_systemd\"> Важливо зауважити, що на платформах, де передбачено "
+"підтримку systemd, немає потреби додавати засіб надання даних «sudo» до "
+"списку служб, оскільки він стає необов'язковим. Втім, замість нього слід "
+"увімкнути sssd-sudo.socket.</phrase>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-sudo.5.xml:118
-#, fuzzy
-#| msgid ""
-#| "When the SSSD is configured to use IPA as the ID provider, the sudo "
-#| "provider is automatically enabled. The sudo search base is configured to "
-#| "use the compat tree (ou=sudoers,$DC)."
 msgid ""
 "When SSSD is configured to use IPA as the ID provider, the sudo provider is "
 "automatically enabled. The sudo search base is configured to use the IPA "
@@ -11802,9 +12439,13 @@ msgid ""
 "sssd.conf, this value will be used instead. The compat tree (ou=sudoers,"
 "$SUFFIX) is no longer required for IPA sudo functionality."
 msgstr ""
-"Якщо SSSD налаштовано на використання надавача даних IPA для ідентифікатора, "
-"автоматично вмикається модуль надавача даних sudo. Базу пошуку sudo "
-"налаштовано на використання ієрархії даних compat (ou=sudoers,$DC)."
+"Якщо SSSD налаштовано на використання IPA як засобу надання даних ID, засіб "
+"надання даних sudo буде увімкнено автоматично. Базу пошуку sudo буде "
+"налаштовано на використання природного для IPA дерева LDAP (cn=sudo,"
+"$SUFFIX). Якщо у sssd.conf буде визначено будь-яку іншу базу пошуку, "
+"використовуватиметься це значення. Для використання функціональних "
+"можливостей sudo у IPA потреби у дереві compat (ou=sudoers,$SUFFIX) більше "
+"немає."
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-sudo.5.xml:128
@@ -12061,12 +12702,12 @@ msgid "Run in the foreground, don't become a daemon."
 msgstr "Запустити програму у звичайному режимі, не створювати фонової служби."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117 sss_debuglevel.8.xml:42
+#: sssd.8.xml:117
 msgid "<option>-c</option>,<option>--config</option>"
 msgstr "<option>-c</option>,<option>--config</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121 sss_debuglevel.8.xml:46
+#: sssd.8.xml:121
 msgid ""
 "Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
 "conf</filename>. For reference on the config file syntax and options, "
@@ -12283,31 +12924,24 @@ msgstr "Типове значення: <filename>/etc/sssd/sssd.conf</filename>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_override.8.xml:10 sss_override.8.xml:15
-#, fuzzy
-#| msgid "sss_userdel"
 msgid "sss_override"
-msgstr "sss_userdel"
+msgstr "sss_override"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_override.8.xml:16
 msgid "create local overrides of user and group attributes"
-msgstr ""
+msgstr "створити локальні перевизначення атрибутів користувача і групи"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sss_override.8.xml:21
-#, fuzzy
-#| msgid ""
-#| "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-#| "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-#| "arg>"
 msgid ""
 "<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</"
 "replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
 "arg>"
 msgstr ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>параметри</"
-"replaceable> </arg> <arg "
-"choice='plain'><replaceable>НАЗВА_ОБЛІКОВОГО_ЗАПИСУ</replaceable></arg>"
+"<command>sss_override</command> <arg choice='plain'><replaceable>КОМАНДА</"
+"replaceable></arg> <arg choice='opt'> <replaceable>параметри</replaceable> </"
+"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:32
@@ -12316,6 +12950,9 @@ msgid ""
 "allows to change selected values of specific user and groups. This change "
 "takes effect only on local machine."
 msgstr ""
+"<command>sss_override</command> надає змогу створювати перегляди на боці "
+"клієнта і змінювати вибрані значення для певного користувача і груп. Ці "
+"зміни буде застосовано лише на локальному комп'ютері."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:37
@@ -12328,11 +12965,18 @@ msgid ""
 "take effect.  <emphasis>sss_override</emphasis> prints message when a "
 "restart is required."
 msgstr ""
+"Дані перевизначень зберігаються у кеші SSSD. Якщо кеш вилучено, усі локальні "
+"перевизначення буде втрачено. Будь ласка, зауважте, що після першого "
+"створення перевизначення за допомогою команди <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> або "
+"<emphasis>group-import</emphasis> SSSD слід перезапустити, щоб зміни набули "
+"чинності. Якщо потрібен перезапуск, <emphasis>sss_override</emphasis> виведе "
+"відповідне повідомлення."
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sss_override.8.xml:50 sssctl.8.xml:41
 msgid "AVAILABLE COMMANDS"
-msgstr ""
+msgstr "ДОСТУПНІ КОМАНДИ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:52
@@ -12341,6 +12985,9 @@ msgid ""
 "commands. It is not possible to override <emphasis>uid</emphasis> or "
 "<emphasis>gid</emphasis> to 0."
 msgstr ""
+"Аргумент <emphasis>НАЗВА</emphasis> в усіх командах є назвою початкового "
+"об'єкта. Не можна перевизначити <emphasis>uid</emphasis> або <emphasis>gid</"
+"emphasis> на 0."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:59
@@ -12353,6 +13000,13 @@ msgid ""
 "optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
 "CERTIFICATE</optional>"
 msgstr ""
+"<option>user-add</option> <emphasis>НАЗВА</emphasis> <optional><option>-n,--"
+"name</option> НАЗВА</optional> <optional><option>-u,--uid</option> UID</"
+"optional> <optional><option>-g,--gid</option> GID</optional> "
+"<optional><option>-h,--home</option> ДОМІВКА</optional> <optional><option>-"
+"s,--shell</option> ОБОЛОНКА</optional> <optional><option>-c,--gecos</option> "
+"GECOS</optional> <optional><option>-x,--certificate</option> СЕРТИФІКАТ У "
+"КОДУВАННІ BASE64</optional>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:72
@@ -12360,14 +13014,14 @@ msgid ""
 "Override attributes of an user. Please be aware that calling this command "
 "will replace any previous override for the (NAMEd) user."
 msgstr ""
+"Перевизначити атрибути запису користувача. Будь ласка, зверніть увагу, що "
+"виклик цієї команди замінить усі попередні перевизначення для вказаного за "
+"назвою облікового запису користувача."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:80
-#, fuzzy
-#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
 msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
-msgstr ""
-"<option>--delattr</option> <replaceable>ПАРА_АТРИБУТ-ЗНАЧЕННЯ</replaceable>"
+msgstr "<option>user-del</option> <emphasis>НАЗВА</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:85
@@ -12376,19 +13030,19 @@ msgid ""
 "returned from memory cache. Please see SSSD option "
 "<emphasis>memcache_timeout</emphasis> for more details."
 msgstr ""
+"Вилучити перевизначення користувача. Втім, слід мати на увазі, що "
+"перевизначені атрибути може бути повернено з кешу у пам'яті. Будь ласка, "
+"ознайомтеся із документацією до параметра SSSD <emphasis>memcache_timeout</"
+"emphasis>, щоб дізнатися більше."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:94
-#, fuzzy
-#| msgid ""
-#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-#| "replaceable>"
 msgid ""
 "<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
 "optional>"
 msgstr ""
-"<option>-d</option>,<option>--domain</option> <replaceable>ДОМЕН</"
-"replaceable>"
+"<option>user-find</option> <optional><option>-d,--domain</option> ДОМЕН</"
+"optional>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:99
@@ -12396,24 +13050,24 @@ msgid ""
 "List all users with set overrides.  If <emphasis>DOMAIN</emphasis> parameter "
 "is set, only users from the domain are listed."
 msgstr ""
+"Вивести список усіх користувачів, для яких встановлено перевизначення. Якщо "
+"встановлено параметр <emphasis>ДОМЕН</emphasis>, буде показано лише "
+"користувачів з відповідного домену."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:107
-#, fuzzy
-#| msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
 msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
-msgstr ""
-"<option>--setattr</option> <replaceable>ПАРА_АТРИБУТ-ЗНАЧЕННЯ</replaceable>"
+msgstr "<option>user-show</option> <emphasis>НАЗВА</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:112
 msgid "Show user overrides."
-msgstr ""
+msgstr "Показати перевизначення користувача."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:118
 msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
-msgstr ""
+msgstr "<option>user-import</option> <emphasis>ФАЙЛ</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:123
@@ -12421,11 +13075,16 @@ msgid ""
 "Import user overrides from <emphasis>FILE</emphasis>.  Data format is "
 "similar to standard passwd file.  The format is:"
 msgstr ""
+"Імпортувати перевизначення користувачів з файла <emphasis>ФАЙЛ</emphasis>. "
+"Формат даних у файлі має бути таким самим, як у стандартному файлі passwd. "
+"Приклад:"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:128
 msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
 msgstr ""
+"початкова_назва:назва:uid:gid:gecos:домівка:оболонка:"
+"сертифікат_у_кодуванні_base64"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:131
@@ -12434,21 +13093,24 @@ msgid ""
 "overridden. The rest of fields correspond to new values. You can omit a "
 "value simply by leaving corresponding field empty."
 msgstr ""
+"де «початкова_назва» — початкова назва запису користувача, чиї атрибути має "
+"бути перевизначено. Решта полів відповідає новим значенням. Ви можете "
+"пропустити значення, не заповнюючи відповідного поля."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:140
 msgid "ckent:superman::::::"
-msgstr ""
+msgstr "ckent:superman::::::"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:143
 msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
-msgstr ""
+msgstr "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:149
 msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
-msgstr ""
+msgstr "<option>user-export</option> <emphasis>ФАЙЛ</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:154
@@ -12456,6 +13118,9 @@ msgid ""
 "Export all overridden attributes and store them in <emphasis>FILE</"
 "emphasis>. See <emphasis>user-import</emphasis> for data format."
 msgstr ""
+"Експортувати усі перевизначені атрибути і зберегти їх у файлі "
+"<emphasis>ФАЙЛ</emphasis>. Див. <emphasis>user-import</emphasis>, щоб "
+"дізнатися більше про формат даних."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:162
@@ -12464,6 +13129,9 @@ msgid ""
 "name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
 "optional>"
 msgstr ""
+"<option>group-add</option> <emphasis>НАЗВА</emphasis> <optional><option>-n,--"
+"name</option> НАЗВА</optional> <optional><option>-g,--gid</option> GID</"
+"optional>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:169
@@ -12471,14 +13139,14 @@ msgid ""
 "Override attributes of a group. Please be aware that calling this command "
 "will replace any previous override for the (NAMEd) group."
 msgstr ""
+"Перевизначити атрибути запису групи. Будь ласка, зверніть увагу, що виклик "
+"цієї команди замінить усі попередні перевизначення для вказаної за назвою "
+"групи."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:177
-#, fuzzy
-#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
 msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
-msgstr ""
-"<option>--delattr</option> <replaceable>ПАРА_АТРИБУТ-ЗНАЧЕННЯ</replaceable>"
+msgstr "<option>group-del</option> <emphasis>НАЗВА</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:182
@@ -12487,19 +13155,19 @@ msgid ""
 "returned from memory cache. Please see SSSD option "
 "<emphasis>memcache_timeout</emphasis> for more details."
 msgstr ""
+"Вилучити перевизначення групи. Втім, слід мати на увазі, що перевизначені "
+"атрибути може бути повернено з кешу у пам'яті. Будь ласка, ознайомтеся із "
+"документацією до параметра SSSD <emphasis>memcache_timeout</emphasis>, щоб "
+"дізнатися більше."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:191
-#, fuzzy
-#| msgid ""
-#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-#| "replaceable>"
 msgid ""
 "<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
 "optional>"
 msgstr ""
-"<option>-d</option>,<option>--domain</option> <replaceable>ДОМЕН</"
-"replaceable>"
+"<option>group-find</option> <optional><option>-d,--domain</option> ДОМЕН</"
+"optional>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:196
@@ -12507,21 +13175,24 @@ msgid ""
 "List all groups with set overrides.  If <emphasis>DOMAIN</emphasis> "
 "parameter is set, only groups from the domain are listed."
 msgstr ""
+"Вивести список усіх груп, для яких встановлено перевизначення. Якщо "
+"встановлено параметр <emphasis>ДОМЕН</emphasis>, буде показано лише групи з "
+"відповідного домену."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:204
 msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
-msgstr ""
+msgstr "<option>group-show</option> <emphasis>НАЗВА</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:209
 msgid "Show group overrides."
-msgstr ""
+msgstr "Показати перевизначення групи."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:215
 msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
-msgstr ""
+msgstr "<option>group-import</option> <emphasis>ФАЙЛ</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:220
@@ -12529,11 +13200,13 @@ msgid ""
 "Import group overrides from <emphasis>FILE</emphasis>.  Data format is "
 "similar to standard group file.  The format is:"
 msgstr ""
+"Імпортувати перевизначення груп з файла <emphasis>ФАЙЛ</emphasis>. Формат "
+"даних у файлі має бути таким самим, як у стандартному файлі group. Приклад:"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:225
 msgid "original_name:name:gid"
-msgstr ""
+msgstr "початкова_назва:назва:gid"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:228
@@ -12542,21 +13215,24 @@ msgid ""
 "overridden. The rest of fields correspond to new values. You can omit a "
 "value simply by leaving corresponding field empty."
 msgstr ""
+"де «початкова_назва» — початкова назва групи, чиї атрибути має бути "
+"перевизначено. Решта полів відповідає новим значенням. Ви можете пропустити "
+"значення, не заповнюючи відповідного поля."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:237
 msgid "admins:administrators:"
-msgstr ""
+msgstr "admins:administrators:"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:240
 msgid "Domain Users:Users:501"
-msgstr ""
+msgstr "Domain Users:Users:501"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:246
 msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
-msgstr ""
+msgstr "<option>group-export</option> <emphasis>ФАЙЛ</emphasis>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_override.8.xml:251
@@ -12564,28 +13240,24 @@ msgid ""
 "Export all overridden attributes and store them in <emphasis>FILE</"
 "emphasis>. See <emphasis>group-import</emphasis> for data format."
 msgstr ""
+"Експортувати усі перевизначені атрибути і зберегти їх у файлі "
+"<emphasis>ФАЙЛ</emphasis>. Див. <emphasis>group-import</emphasis>, щоб "
+"дізнатися більше про формат даних."
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sss_override.8.xml:261 sssctl.8.xml:50
-#, fuzzy
-#| msgid "SUDO OPTIONS"
 msgid "COMMON OPTIONS"
-msgstr "ПАРАМЕТРИ SUDO"
+msgstr "ЗАГАЛЬНІ ПАРАМЕТРИ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:263 sssctl.8.xml:52
-#, fuzzy
-#| msgid "This option is not available in IPA provider."
 msgid "Those options are available with all commands."
-msgstr "Цим параметром не можна скористатися у надавачі даних IPA."
+msgstr "Ці параметри можна використовувати з усіма командами."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:268 sssctl.8.xml:57
-#, fuzzy
-#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
 msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
-msgstr ""
-"<option>--delattr</option> <replaceable>ПАРА_АТРИБУТ-ЗНАЧЕННЯ</replaceable>"
+msgstr "<option>--debug</option> <replaceable>РІВЕНЬ</replaceable>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_useradd.8.xml:10 sss_useradd.8.xml:15
@@ -12821,7 +13493,7 @@ msgstr ""
 "На цій сторінці довідника описано налаштування засобу розпізнавання Kerberos "
 "5 для <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
 "manvolnum> </citerefentry>. Щоб дізнатися більше про синтаксис налаштування, "
-"зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника <citerefentry> "
+"зверніться до розділу «ФОРМАТ ФАЙЛА» сторінки довідника <citerefentry> "
 "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>."
 
@@ -13432,6 +14104,9 @@ msgid ""
 "is capable of handling enterprise principals and the option is not set "
 "explicitly in the config file."
 msgstr ""
+"Засіб надання даних IPA встановить для цього параметра значення «true», якщо "
+"виявить, що сервер здатен обробляти реєстраційні дані промислового класу, і "
+"параметр на встановлено явним чином у файлі налаштувань."
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-krb5.5.xml:526
@@ -13882,11 +14557,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_cache.8.xml:31
-#, fuzzy
-#| msgid ""
-#| "<command>sss_cache</command> invalidates records in SSSD cache.  "
-#| "Invalidated records are forced to be reloaded from server as soon as "
-#| "related SSSD backend is online."
 msgid ""
 "<command>sss_cache</command> invalidates records in SSSD cache.  Invalidated "
 "records are forced to be reloaded from server as soon as related SSSD "
@@ -13895,7 +14565,9 @@ msgid ""
 msgstr ""
 "<command>sss_cache</command> скасовує визначення записів у кеші SSSD. Дані "
 "записів зі скасованими визначеннями буде перезавантажено з сервера у "
-"примусовому порядку, щойно відповідний модуль SSSD отримає до них доступ."
+"примусовому порядку, щойно відповідний модуль SSSD отримає до них доступ. "
+"Параметри, які скасовують визначення окремого об'єкта приймають лише один "
+"аргумент."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:43
@@ -13904,10 +14576,8 @@ msgstr "<option>-E</option>,<option>--everything</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:47
-#, fuzzy
-#| msgid "Invalidate all cached entries except for sudo rules."
 msgid "Invalidate all cached entries."
-msgstr "Скасувати чинність усіх кешованих записів, окрім правил sudo."
+msgstr "Скасувати чинність усіх кешованих записів."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:53
@@ -14082,43 +14752,32 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:186
-#, fuzzy
-#| msgid ""
-#| "<option>-g</option>,<option>--group</option> <replaceable>group</"
-#| "replaceable>"
 msgid ""
 "<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
 "replaceable>"
 msgstr ""
-"<option>-g</option>,<option>--group</option> <replaceable>група</replaceable>"
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>правило</"
+"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:191
-#, fuzzy
-#| msgid "Invalidate all cached entries except for sudo rules."
 msgid "Invalidate particular sudo rule."
-msgstr "Скасувати чинність усіх кешованих записів, окрім правил sudo."
+msgstr "Скасувати чинність певного правила sudo."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:197
-#, fuzzy
-#| msgid "<option>-R</option>,<option>--no-remove</option>"
 msgid "<option>-R</option>,<option>--sudo-rules</option>"
-msgstr "<option>-R</option>,<option>--no-remove</option>"
+msgstr "<option>-R</option>,<option>--sudo-rules</option>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:201
-#, fuzzy
-#| msgid ""
-#| "Invalidate all user records. This option overrides invalidation of "
-#| "specific user if it was also set."
 msgid ""
 "Invalidate all cached sudo rules. This option overrides invalidation of "
 "specific sudo rule if it was also set."
 msgstr ""
-"Скасувати визначення всіх записів. Цей параметр має вищий пріоритет за "
-"параметр скасування визначення для будь-якого користувача, якщо такий "
-"параметр вказано."
+"Скасувати визначення усіх кешованих правил sudo. Цей параметр має вищий "
+"пріоритет за параметр скасування визначення для будь-якого правила sudo, "
+"якщо такий параметр вказано."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:209
@@ -14141,7 +14800,9 @@ msgstr "sss_debuglevel"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_debuglevel.8.xml:16
-msgid "change debug level while SSSD is running"
+#, fuzzy
+#| msgid "change debug level while SSSD is running"
+msgid "[DEPRECATED] change debug level while SSSD is running"
 msgstr "змінити рівень діагностики протягом сеансу роботи з SSSD"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
@@ -14158,18 +14819,10 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_debuglevel.8.xml:32
 msgid ""
-"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
-"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
-"running."
+"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl "
+"debug-level command. Please refer to the <command>sssctl</command> man page "
+"for more information on sssctl usage."
 msgstr ""
-"<command>sss_debuglevel</command> змінює рівень діагностики засобу "
-"спостереження та надавачів даних SSSD на вказане значення "
-"<replaceable>НОВИЙ_РІВЕНЬ_ДІАГНОСТИКИ</replaceable> під час роботи SSSD."
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_debuglevel.8.xml:59
-msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
-msgstr "<replaceable>НОВИЙ_РІВЕНЬ_ДІАГНОСТИКИ</replaceable>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_seed.8.xml:10 sss_seed.8.xml:15
@@ -14501,11 +15154,15 @@ msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup that overrides caller-supplied limit."
 msgstr ""
+"Визначає верхню межу для кількості записів, які отримуватимуться під час "
+"пошуку з використанням символів-замінників, які перевизначають обмеження, "
+"яке накладається функцією виклику."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sssd-ifp.5.xml:144
 msgid "Default: 0 (let the caller set an upper limit)"
 msgstr ""
+"Типове значення: 0 (дозволити встановлювати верхнє обмеження функції виклику)"
 
 #. type: Content of: <reference><refentry><refentryinfo>
 #: sss_rpcidmapd.5.xml:8
@@ -14549,7 +15206,7 @@ msgstr ""
 "Файл налаштувань rpc.idmapd зазвичай зберігається тут: <emphasis>/etc/idmapd."
 "conf</emphasis>. Див. підручник з <citerefentry> <refentrytitle>idmapd.conf</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, щоб дізнатися "
-"більше.\n"
+"більше."
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sss_rpcidmapd.5.xml:49
@@ -14665,7 +15322,7 @@ msgstr ""
 ">"
 
 #. type: Content of: <refsect1><title>
-#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:182 include/seealso.xml:2
+#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:180 include/seealso.xml:2
 msgid "SEE ALSO"
 msgstr "ТАКОЖ ПЕРЕГЛЯНЬТЕ"
 
@@ -14724,15 +15381,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_ssh_authorizedkeys.1.xml:41
-#, fuzzy
-#| msgid ""
-#| "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-#| "manvolnum></citerefentry> can be configured to use "
-#| "<command>sss_ssh_authorizedkeys</command> for public key user "
-#| "authentication if it is compiled with support for either "
-#| "<quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</quote> "
-#| "<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
-#| "manvolnum></citerefentry> options."
 msgid ""
 "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
 "citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
@@ -14744,10 +15392,11 @@ msgstr ""
 "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
 "citerefentry> можна налаштувати на використання "
 "<command>sss_ssh_authorizedkeys</command> для розпізнавання користувачів за "
-"відкритими ключами, якщо програму зібрано з підтримкою параметра "
-"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> <quote>AuthorizedKeysCommand</quote> або "
-"<quote>PubkeyAgent</quote>."
+"відкритими ключами, якщо програму зібрано із підтримкою параметра "
+"<quote>AuthorizedKeysCommand</quote>. Будь ласка, зверніться до сторінки "
+"підручника <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry>, щоб дізнатися більше про цей "
+"параметр."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sss_ssh_authorizedkeys.1.xml:59
@@ -14822,15 +15471,6 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_ssh_knownhostsproxy.1.xml:33
-#, fuzzy
-#| msgid ""
-#| "<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys "
-#| "for host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
-#| "known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> "
-#| "section of <citerefentry><refentrytitle>sshd</refentrytitle> "
-#| "<manvolnum>8</manvolnum></citerefentry> for more information)  <filename>/"
-#| "var/lib/sss/pubconf/known_hosts</filename> and estabilishes connection to "
-#| "the host."
 msgid ""
 "<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for "
 "host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
@@ -14907,15 +15547,15 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: idmap_sss.8.xml:10 idmap_sss.8.xml:15
-#, fuzzy
-#| msgid "pam_sss"
 msgid "idmap_sss"
-msgstr "pam_sss"
+msgstr "idmap_sss"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: idmap_sss.8.xml:16
-msgid "SSSSD's idmap_sss Backend for Winbind"
-msgstr ""
+#, fuzzy
+#| msgid "SSSSD's idmap_sss Backend for Winbind"
+msgid "SSSD's idmap_sss Backend for Winbind"
+msgstr "Модуль idmap_sss SSSD для Winbind"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: idmap_sss.8.xml:22
@@ -14923,18 +15563,19 @@ msgid ""
 "The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. "
 "No database is required in this case as the mapping is done by SSSD."
 msgstr ""
+"Модуль idmap_sss надає змогу викликати SSSD для прив'язки UID/GID і SID. У "
+"цьому випадку база даних не потрібна, оскільки прив'язка виконується "
+"засобами SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: idmap_sss.8.xml:29
-#, fuzzy
-#| msgid "SUDO OPTIONS"
 msgid "IDMAP OPTIONS"
-msgstr "ПАРАМЕТРИ SUDO"
+msgstr "ПАРАМЕТРИ IDMAP"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: idmap_sss.8.xml:33
 msgid "range = low - high"
-msgstr ""
+msgstr "діапазон = нижче - вище"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: idmap_sss.8.xml:35
@@ -14942,19 +15583,15 @@ msgid ""
 "Defines the available matching UID and GID range for which the backend is "
 "authoritative."
 msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: idmap_sss.8.xml:43
-#, fuzzy
-#| msgid "EXAMPLE"
-msgid "EXAMPLES"
-msgstr "ПРИКЛАД"
+"Визначає доступний для обробки модулем діапазон відповідності UID і GID."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: idmap_sss.8.xml:45
 msgid ""
 "This example shows how to configure idmap_sss as the default mapping module."
 msgstr ""
+"У цьому прикладі продемонстровано налаштовування idmap_sss як типового "
+"модуля прив'язки."
 
 #. type: Content of: <reference><refentry><refsect1><programlisting>
 #: idmap_sss.8.xml:50
@@ -14968,32 +15605,34 @@ msgid ""
 "idmap config * : range          = 200000-2147483647\n"
 "        "
 msgstr ""
+"[global]\n"
+"security = domain\n"
+"workgroup = MAIN\n"
+"\n"
+"idmap config * : backend        = sss\n"
+"idmap config * : range          = 200000-2147483647\n"
+"        "
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssctl.8.xml:10 sssctl.8.xml:15
 msgid "sssctl"
-msgstr ""
+msgstr "sssctl"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssctl.8.xml:16
 msgid "SSSD control and status utility"
-msgstr ""
+msgstr "Засіб керування і визначення стану SSSD"
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
 #: sssctl.8.xml:21
-#, fuzzy
-#| msgid ""
-#| "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-#| "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-#| "arg>"
 msgid ""
 "<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</"
 "replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
 "arg>"
 msgstr ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>параметри</"
-"replaceable> </arg> <arg "
-"choice='plain'><replaceable>НАЗВА_ОБЛІКОВОГО_ЗАПИСУ</replaceable></arg>"
+"<command>sssctl</command> <arg choice='plain'><replaceable>КОМАНДА</"
+"replaceable></arg> <arg choice='opt'> <replaceable>параметри</replaceable> </"
+"arg>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssctl.8.xml:32
@@ -15004,6 +15643,11 @@ msgid ""
 "files for troubleshooting in such a way that is safe to manipulate while "
 "SSSD is running."
 msgstr ""
+"<command>sssctl</command> є простим і уніфікованим засобом отримання даних "
+"щодо стану SSSD, зокрема активного сервера, серверів автоматичного "
+"визначення, доменів і кешованих об'єктів. Крім того, програма здатна "
+"керувати файлами даних SSSD для усування вад у такий спосіб, щоб з ними "
+"можна було безпечно працювати, доки працює SSSD."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssctl.8.xml:43
@@ -15012,31 +15656,23 @@ msgid ""
 "parameters. To print help for selected command run <command>sssctl COMMAND --"
 "help</command>."
 msgstr ""
+"Щоб ознайомитися зі списком усіх доступних команд, віддайте команду "
+"<command>sssctl</command> без параметрів. Щоб програма вивела довідкове "
+"повідомлення щодо певної команди, віддайте команду <command>sssctl КОМАНДА --"
+"help</command>."
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-files.5.xml:10 sssd-files.5.xml:16
-#, fuzzy
-#| msgid "sssd-simple"
 msgid "sssd-files"
-msgstr "sssd-simple"
+msgstr "sssd-files"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-files.5.xml:17
-#, fuzzy
-#| msgid "SSSD Kerberos provider"
 msgid "SSSD files provider"
-msgstr "Модуль надання даних Kerberos SSSD"
+msgstr "Засіб надання файлів SSSD"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:23
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the AD provider for "
-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry>.  For a detailed syntax reference, refer to "
-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> manual page."
 msgid ""
 "This manual page describes the files provider for <citerefentry> "
 "<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </"
@@ -15044,24 +15680,15 @@ msgid ""
 "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
-"На цій сторінці довідника описано налаштування засобу керування доступом AD "
-"для <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>. Щоб дізнатися більше про синтаксис налаштування, "
-"зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника <citerefentry> "
+"На цій сторінці довідника описано налаштування засобу обробки файлів для "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. Щоб дізнатися більше про синтаксис налаштування, зверніться "
+"до розділу «ФОРМАТ ФАЙЛА» сторінки довідника <citerefentry> "
 "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:36
-#, fuzzy
-#| msgid ""
-#| "These options can be used to configure the sudo service.  The detailed "
-#| "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
-#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with "
-#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry> are in the manual page <citerefentry> "
-#| "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry>."
 msgid ""
 "The files provider mirrors the content of the <citerefentry> "
 "<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -15072,22 +15699,17 @@ msgid ""
 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>."
 msgstr ""
-"Цими параметрами можна скористатися для налаштовування служби sudo. Докладні "
-"настанови щодо налаштовування <citerefentry> <refentrytitle>sudo</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> на роботу з "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> можна знайти на сторінці довідника <citerefentry> "
-"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>."
+"Засіб надання даних файлів створює дзеркальну копію вмісту файлів "
+"<citerefentry> <refentrytitle>passwd</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> і <citerefentry> <refentrytitle>group</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. Метою роботи засобу "
+"надання даних файлів є забезпечення доступу до даних користувачів і груп, "
+"які традиційно доступні за допомогою інтерфейсів NSS, також за допомогою "
+"інтерфейсів SSSD, зокрема <citerefentry> <refentrytitle>sssd-ifp</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:59
-#, fuzzy
-#| msgid ""
-#| "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> manual page for details on the configuration of an SSSD "
-#| "domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
 "The files provider has no specific options of its own, however, generic SSSD "
 "domain options can be set where applicable.  Refer to the section "
@@ -15095,25 +15717,22 @@ msgid ""
 "conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
 "for details on the configuration of an SSSD domain."
 msgstr ""
+"Засіб надання даних файлів не має власних специфічних параметрів. Втім, "
+"можна використовувати загальні параметри доменів SSSD там, де це є доречним. "
 "Зверніться до розділу «РОЗДІЛИ ДОМЕНІВ» сторінки довідника (man) "
 "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>, щоб дізнатися більше про налаштування домену "
-"SSSD. <placeholder type=\"variablelist\" id=\"0\"/>"
+"SSSD. "
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-files.5.xml:73
-#, fuzzy
-#| msgid ""
-#| "The following example assumes that SSSD is correctly configured and LDAP "
-#| "is set to one of the domains in the <replaceable>[domains]</replaceable> "
-#| "section."
 msgid ""
 "The following example assumes that SSSD is correctly configured and files is "
 "one of the domains in the <replaceable>[sssd]</replaceable> section."
 msgstr ""
 "У наведеному нижче прикладі припускається, що SSSD налаштовано належним "
-"чином, а LDAP встановлено на один з доменів з розділу "
-"<replaceable>[domains]</replaceable>."
+"чином, а files встановлено на один з доменів з розділу <replaceable>[sssd]</"
+"replaceable>."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sssd-files.5.xml:79
@@ -15122,31 +15741,21 @@ msgid ""
 "[domain/files]\n"
 "id_provider = files\n"
 msgstr ""
+"[domain/files]\n"
+"id_provider = files\n"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-secrets.5.xml:10 sssd-secrets.5.xml:16
-#, fuzzy
-#| msgid "sssd-simple"
 msgid "sssd-secrets"
-msgstr "sssd-simple"
+msgstr "sssd-secrets"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-secrets.5.xml:17
-#, fuzzy
-#| msgid "SSSD InfoPipe responder"
 msgid "SSSD Secrets responder"
-msgstr "Відповідач InfoPipe SSSD"
+msgstr "Відповідач реєстраційних даних SSSD"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-secrets.5.xml:23
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the InfoPipe responder "
-#| "for <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
-#| "manvolnum> </citerefentry>.  For a detailed syntax reference, refer to "
-#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> manual page."
 msgid ""
 "This manual page describes the configuration of the Secrets responder for "
 "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
@@ -15155,11 +15764,11 @@ msgid ""
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
 "На цій сторінці довідника описано налаштування засобу надання відповідей "
-"InfoPipe для <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>. Щоб дізнатися більше про синтаксис "
-"налаштування, зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>."
+"Secrets для <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>. Щоб дізнатися більше про синтаксис налаштування, "
+"зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-secrets.5.xml:36
@@ -15171,6 +15780,13 @@ msgid ""
 "backups, config management system and in general making it harder to secure "
 "data."
 msgstr ""
+"У багатьох програмах системи або користувача існує потреба у збереженні "
+"конфіденційних даних, зокрема паролів і ключів до служб, та зручній роботі з "
+"цими даними. Простим способом вирішення цієї проблеми є вбудовування цих "
+"<quote>реєстраційних даних</quote> до файлів налаштувань. Втім, це "
+"призводить до потенційного розширення доступу до конфіденційних даних через "
+"резервні копії, системи керування налаштуваннями, та загалом робить захист "
+"даних важчим."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-secrets.5.xml:45
@@ -15183,6 +15799,14 @@ msgid ""
 "them transparently routed to a local or a remote key management store like "
 "IPA Vault for storage, escrow and recovery."
 msgstr ""
+"Проект <ulink url=\"https://github.com/latchset/custodia\">custodia</ulink> "
+"було створено для урегулювання цієї проблеми у хмароподібних середовищах, "
+"але нам ця ідея здалася вартою уваги навіть на рівні окремої ізольованої "
+"системи. Як служба захисту, SSSD є ідеальним місцем для реалізації такої "
+"можливості з доступом до відповідного програмного інтерфейсу через сокети "
+"Unix. Така реалізація уможливлює використання локальних викликів і належну "
+"маршрутизацію до локального або віддаленого сховища ключів, зокрема сховища "
+"IPA, для зберігання, депонування і відновлення даних."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-secrets.5.xml:55
@@ -15192,21 +15816,73 @@ msgid ""
 "users. Secrets can be stored inside <quote>containers</quote> which can be "
 "nested."
 msgstr ""
+"Записи реєстраційних даних є простими парами ключ-значення. Реєстраційні "
+"дані кожного з користувачів співвідносяться із його простором назв на основі "
+"ідентифікатора користувача. Це означає, що реєстраційні дані одного "
+"користувача ніколи не потраплять до іншого. Реєстраційні дані зберігаються у "
+"<quote>контейнерах</quote>, які можна вкладати один у одного."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:69
+#, fuzzy
+#| msgid "sssd-secrets"
+msgid "secrets"
+msgstr "sssd-secrets"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:70
+msgid "secrets for general usage"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:73
+#, fuzzy
+#| msgid "kdm"
+msgid "kcm"
+msgstr "kdm"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:75
+#, fuzzy
+#| msgid ""
+#| "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
+#| "<manvolnum>8</manvolnum> </citerefentry> to specify the default "
+#| "permissions on a newly created home directory."
+msgid ""
+"used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> service."
+msgstr ""
+"Використовується <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> для визначення типових прав доступу "
+"до щойно створеного домашнього каталогу."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:61
+msgid ""
+"Since the secrets responder can be used both externally to store general "
+"secrets, as described in the rest of this man page, but also internally by "
+"other SSSD components to store their secret material, some configuration "
+"options, like quotas can be configured per <quote>hive</quote> in a "
+"configuration subsection named after the hive. The currently supported hives "
+"are: <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:63
+#: sssd-secrets.5.xml:89
 msgid "USING THE SECRETS RESPONDER"
-msgstr ""
+msgstr "КОРИСТУВАННЯ ВІДПОВІДАЧЕМ РЕЄСТРАЦІЙНИХ ДАНИХ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:65
+#: sssd-secrets.5.xml:91
 msgid ""
 "The UNIX socket the SSSD responder listens on is located at <filename>/var/"
 "run/secrets.socket</filename>."
 msgstr ""
+"Сокет UNIX, на якому відповідач SSSD очікує на дані, розташовано у "
+"<filename>/var/run/secrets.socket</filename>."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:84 sssd-kcm.8.xml:132
+#: sssd-secrets.5.xml:110
 #, no-wrap
 msgid ""
 "systemctl start sssd-secrets.socket\n"
@@ -15214,9 +15890,13 @@ msgid ""
 "systemctl enable sssd-secrets.service\n"
 "            "
 msgstr ""
+"systemctl start sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.service\n"
+"            "
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:69
+#: sssd-secrets.5.xml:95
 msgid ""
 "The secrets responder is socket-activated by <citerefentry> "
 "<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </"
@@ -15229,16 +15909,20 @@ msgid ""
 "\"programlisting\" id=\"0\"/> Please note your distribution may already "
 "configure the units for you."
 msgstr ""
+"Відповідач для реєстраційних даних активується за допомогою сокетів "
+"<citerefentry> <refentrytitle>systemd</refentrytitle> <manvolnum>1</"
+"manvolnum> </citerefentry>. На відміну від інших відповідачів SSSD, його не "
+"можна запустити додаванням рядка <quote>secrets</quote> до інструкції "
+"<quote>service</quote>. Модуль сокета systemd називається <quote>sssd-"
+"secrets.socket</quote>, а відповідний файл служби має назву <quote>sssd-"
+"secrets.service</quote>. Щоб службу можна було активувати за допомогою "
+"сокета, слід увімкнути і задіяти сокет, а потім увімкнути службу: "
+"<placeholder type=\"programlisting\" id=\"0\"/> Будь ласка, зауважте, що "
+"відповідні налаштування модулів вже могло бути виконано засобами вашого "
+"дистрибутива."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:96
-#, fuzzy
-#| msgid ""
-#| "NOTE: Must be used in conjunction with the <quote>pam_trusted_users</"
-#| "quote> and <quote>pam_public_domains</quote> options.  Please see the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page for more information on these two "
-#| "PAM responder options."
+#: sssd-secrets.5.xml:122
 msgid ""
 "The generic SSSD responder options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the secrets responder.  Please refer "
@@ -15246,341 +15930,434 @@ msgid ""
 "manvolnum> </citerefentry> manual page for a complete list. In addition, "
 "there are some secrets-specific options as well."
 msgstr ""
-"Зауваження: слід використовувати разом із параметрами «pam_trusted_users» і "
-"«pam_public_domains». Будь ласка, ознайомтеся із сторінкою підручника "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>, щоб дізнатися більше про ці два параметри "
-"відповідача PAM."
+"Відповідачу реєстраційних даних можна передавати типові параметри "
+"відповідача SSSD, зокрема <quote>debug_level</quote> та <quote>fd_limit</"
+"quote>. Із повним списком параметрів можна ознайомитися на сторінці "
+"підручника <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>. Крім того, передбачено декілька "
+"специфічних для реєстраційних даних параметрів."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:132
+msgid ""
+"The secrets responder is configured with a global <quote>[secrets]</quote> "
+"section and an optional per-user <quote>[secrets/users/$uid]</quote> section "
+"in <filename>sssd.conf</filename>. Please note that some options, notably as "
+"the provider type, can only be specified in the per-user subsections."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:107
-#, fuzzy
-#| msgid "id_provider (string)"
+#: sssd-secrets.5.xml:141
 msgid "provider (string)"
-msgstr "id_provider (рядок)"
+msgstr "provider (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:120
+#: sssd-secrets.5.xml:157
 msgid "local"
-msgstr ""
+msgstr "local"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:123
+#: sssd-secrets.5.xml:160
 msgid ""
 "The secrets are stored in a local database, encrypted at rest with a master "
 "key. The local provider does not have any additional config options at the "
 "moment."
 msgstr ""
+"Реєстраційні дані зберігаються у локальній базі даних, зашифровані, разом із "
+"іншими даними, за допомогою основного ключа. Для локального засобу надання "
+"даних у поточній версії не передбачено жодних додаткових параметрів."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:131
+#: sssd-secrets.5.xml:168
 msgid "proxy"
-msgstr ""
+msgstr "proxy"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:134
+#: sssd-secrets.5.xml:171
 msgid ""
 "The secrets responder forwards the requests to a Custodia server. The proxy "
 "provider supports several additional options (see below)."
 msgstr ""
+"Відповідач реєстраційних даних переспрямовує запити до сервера Custodia. Для "
+"засобу надання даних «proxy» передбачено декілька додаткових параметрів "
+"(див. нижче)."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:110
+#: sssd-secrets.5.xml:144
+#, fuzzy
+#| msgid ""
+#| "This option specifies where should the secrets be stored. The secrets "
+#| "responder can configure a per-user subsections that define which provider "
+#| "store the secrets for this particular user. The per-user subsections "
+#| "should contain all options for that user's provider. If a per-user "
+#| "section does not exist, the global settings from the secret responder's "
+#| "section are used.  The following providers are supported: <placeholder "
+#| "type=\"variablelist\" id=\"0\"/>"
 msgid ""
 "This option specifies where should the secrets be stored. The secrets "
-"responder can configure a per-user subsections that define which provider "
-"store the secrets for this particular user. The per-user subsections should "
-"contain all options for that user's provider. If a per-user section does not "
-"exist, the global settings from the secret responder's section are used.  "
-"The following providers are supported: <placeholder type=\"variablelist\" id="
-"\"0\"/>"
+"responder can configure a per-user subsections (e.g. <quote>[secrets/"
+"users/123]</quote> - see bottom of this manual page for a full example using "
+"Custodia for a particular user) that define which provider store the secrets "
+"for this particular user. The per-user subsections should contain all "
+"options for that user's provider. Please note that currently the global "
+"provider is always local, the proxy provider can only be specified in a per-"
+"user section. The following providers are supported: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
 msgstr ""
+"Цей параметр визначає, де слід зберігати реєстраційні дані. Відповідач "
+"реєстраційних даних може налаштувати підрозділи для окремих користувачів, "
+"які визначатимуть, яке сховище відповідача зберігатиме дані певного "
+"користувача. Підрозділи окремих користувачів мають містити усі параметри "
+"відповідного засобу надання даних користувача. Якщо окремого підрозділу "
+"користувача не існує, буде використано загальні параметри відповідача "
+"реєстраційних даних. Передбачено підтримку таких відповідачів: <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:143
-#, fuzzy
-#| msgid "Default: ldap"
+#: sssd-secrets.5.xml:180
 msgid "Default: local"
-msgstr "Типове значення: ldap"
+msgstr "Типове значення: local"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:186
+msgid ""
+"The following options affect only the secrets <quote>hive</quote> and "
+"therefore should be set in a per-hive subsection. Setting the option to 0 "
+"means \"unlimited\"."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:148
-#, fuzzy
-#| msgid "ldap_group_nesting_level (integer)"
+#: sssd-secrets.5.xml:192
 msgid "containers_nest_level (integer)"
-msgstr "ldap_group_nesting_level (ціле число)"
+msgstr "containers_nest_level (ціле значення)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:151
+#: sssd-secrets.5.xml:195
 msgid "This option specifies the maximum allowed number of nested containers."
 msgstr ""
+"Цей параметр визначає максимальну дозволену кількість вкладених контейнерів."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:155
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-secrets.5.xml:199
 msgid "Default: 4"
-msgstr "Типове значення: 3"
+msgstr "Типове значення: 4"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:160
-#, fuzzy
-#| msgid "timeout (integer)"
+#: sssd-secrets.5.xml:204
 msgid "max_secrets (integer)"
-msgstr "timeout (ціле число)"
+msgstr "max_secrets (ціле значення)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:163
-msgid "This option specifies the maximum number of secrets that can be stored."
+#: sssd-secrets.5.xml:207
+#, fuzzy
+#| msgid ""
+#| "This option specifies the maximum number of secrets that can be stored."
+msgid ""
+"This option specifies the maximum number of secrets that can be stored in "
+"the hive."
 msgstr ""
+"Цей параметр визначає максимальну кількість записів реєстраційних даних, які "
+"можна зберігати."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:167
-#, fuzzy
-#| msgid "Default: 10"
-msgid "Default: 1024"
-msgstr "Типове значення: 10"
+#: sssd-secrets.5.xml:211
+msgid "Default: 1024 (secrets hive), 256 (kcm hive)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:172
+#: sssd-secrets.5.xml:216
+#, fuzzy
+#| msgid "max_secrets (integer)"
+msgid "max_uid_secrets (integer)"
+msgstr "max_secrets (ціле значення)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:219
 #, fuzzy
-#| msgid "ldap_page_size (integer)"
+#| msgid ""
+#| "This option specifies the maximum number of secrets that can be stored."
+msgid ""
+"This option specifies the maximum number of secrets that can be stored per-"
+"UID in the hive."
+msgstr ""
+"Цей параметр визначає максимальну кількість записів реєстраційних даних, які "
+"можна зберігати."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:223
+msgid "Default: 256 (secrets hive), 64 (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:228
 msgid "max_payload_size (integer)"
-msgstr "ldap_page_size (ціле число)"
+msgstr "max_payload_size (ціле значення)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:175
+#: sssd-secrets.5.xml:231
 msgid ""
 "This option specifies the maximum payload size allowed for a secret payload "
 "in kilobytes."
 msgstr ""
+"Цей параметри визначає максимальний об'єм даних для реєстраційного запису у "
+"кілобайтах."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:179
+#: sssd-secrets.5.xml:235
+msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-secrets.5.xml:244
+#, no-wrap
+msgid ""
+"[secrets/secrets]\n"
+"max_payload_size = 128\n"
+"\n"
+"[secrets/kcm]\n"
+"max_payload_size = 256\n"
+"            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:241
 #, fuzzy
-#| msgid "Default: 1"
-msgid "Default: 16"
-msgstr "Типове значення: 1"
+#| msgid ""
+#| "To manipulate secrets under this container, just nest the secrets "
+#| "underneath the container path: <placeholder type=\"programlisting\" id="
+#| "\"0\"/>"
+msgid ""
+"For example, to adjust quotas differently for both the <quote>secrets</"
+"quote> and the <quote>kcm</quote> hives, configure the following: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+"Щоб працювати із записами реєстраційних даних у цьому контейнері, просто "
+"вкладіть записи реєстраційних даних до шляху контейнера: <placeholder type="
+"\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:185
+#: sssd-secrets.5.xml:252
 msgid ""
 "The following options are only applicable for configurations that use the "
 "<quote>proxy</quote> provider."
 msgstr ""
+"Вказані нижче параметри стосуються лише конфігурацій, у яких "
+"використовується засіб надання даних <quote>proxy</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:190
-#, fuzzy
-#| msgid "proxy_lib_name (string)"
+#: sssd-secrets.5.xml:257
 msgid "proxy_url (string)"
-msgstr "proxy_lib_name (рядок)"
+msgstr "proxy_url (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:193
+#: sssd-secrets.5.xml:260
 msgid ""
 "The URL the Custodia server is listening on. At the moment, http and https "
 "protocols are supported."
 msgstr ""
+"Адреса, за якою очікуватиме на дані сервер Custodia. У поточній версії "
+"передбачено підтримку протоколів http і https."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:200
-#, fuzzy
-#| msgid "ldap[s]://&lt;host&gt;[:port]"
+#: sssd-secrets.5.xml:267
 msgid "http[s]://&lt;host&gt;[:port]"
-msgstr "ldap[s]://&lt;вузол&gt;[:порт]"
+msgstr "http[s]://&lt;вузол&gt;[:порт]"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:203
+#: sssd-secrets.5.xml:270
 msgid "Example: http://localhost:8080"
-msgstr ""
+msgstr "Приклад: http://localhost:8080"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:208
-#, fuzzy
-#| msgid "auth_provider (string)"
+#: sssd-secrets.5.xml:275
 msgid "auth_type (string)"
-msgstr "auth_provider (рядок)"
+msgstr "auth_type (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:211
+#: sssd-secrets.5.xml:278
 msgid ""
 "The method to use when authenticating to a Custodia server. The following "
 "authentication methods are supported:"
 msgstr ""
+"Спосіб розпізнавання сервером Custodia. Передбачено підтримку таких способів "
+"розпізнавання:"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:216
+#: sssd-secrets.5.xml:283
 msgid "basic_auth"
-msgstr ""
+msgstr "basic_auth"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:219
+#: sssd-secrets.5.xml:286
 msgid ""
 "Authenticate with a username and a password as set in the <quote>username</"
 "quote> and <quote>password</quote> options."
 msgstr ""
+"Виконати розпізнавання на основі імені користувача і пароля, які визначено "
+"параметрами <quote>username</quote> і <quote>password</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:226
+#: sssd-secrets.5.xml:293
 msgid "header"
-msgstr ""
+msgstr "header"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:229
+#: sssd-secrets.5.xml:296
 msgid ""
 "Authenticate with HTTP header value as defined in the "
 "<quote>auth_header_name</quote> and <quote>auth_header_value</quote> "
 "configuration options."
 msgstr ""
+"Виконати розпізнавання за допомогою значення заголовка HTTP, як його "
+"визначено у параметрах налаштування <quote>auth_header_name</quote> і "
+"<quote>auth_header_value</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:240
-#, fuzzy
-#| msgid "ldap_user_name (string)"
+#: sssd-secrets.5.xml:307
 msgid "auth_header_name (string)"
-msgstr "ldap_user_name (рядок)"
+msgstr "auth_header_name (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:243
+#: sssd-secrets.5.xml:310
 msgid ""
 "If set, the secrets responder would put a header with this name into the "
 "HTTP request with the value defined in the <quote>auth_header_value</quote> "
 "configuration option."
 msgstr ""
+"Якщо встановлено, відповідач реєстраційних даних додаватиме заголовок із "
+"цією назвою до запиту HTTP разом із значенням, яке визначається параметром "
+"налаштування <quote>auth_header_value</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:248
+#: sssd-secrets.5.xml:315
 msgid "Example: MYSECRETNAME"
-msgstr ""
+msgstr "Приклад: MYSECRETNAME"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:253
-#, fuzzy
-#| msgid "ldap_autofs_entry_value (string)"
+#: sssd-secrets.5.xml:320
 msgid "auth_header_value (string)"
-msgstr "ldap_autofs_entry_value (рядок)"
+msgstr "auth_header_value (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:256
+#: sssd-secrets.5.xml:323
 msgid ""
 "The value sssd-secrets would use for the <quote>auth_header_name</quote>."
 msgstr ""
+"Значення, яке sssd-secrets має використовувати для <quote>auth_header_name</"
+"quote>."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:260
-#, fuzzy
-#| msgid "Example:"
+#: sssd-secrets.5.xml:327
 msgid "Example: mysecret"
-msgstr "Приклад:"
+msgstr "Приклад: mysecret"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:265
-#, fuzzy
-#| msgid "override_homedir (string)"
+#: sssd-secrets.5.xml:332
 msgid "forward_headers (list of strings)"
-msgstr "override_homedir (рядок)"
+msgstr "forward_headers (список рядків)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:268
+#: sssd-secrets.5.xml:335
 msgid ""
 "The list of HTTP headers to forward to the Custodia server together with the "
 "request."
 msgstr ""
+"Список заголовків HTTP, які слід переспрямувати до сервера Custodia разом із "
+"запитом."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:277
-#, fuzzy
-#| msgid "try_inotify (boolean)"
+#: sssd-secrets.5.xml:344
 msgid "verify_peer (boolean)"
-msgstr "try_inotify (булеве значення)"
+msgstr "verify_peer (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:280
+#: sssd-secrets.5.xml:347
 msgid ""
 "Whether peer's certificate should be verified and valid if HTTPS protocol is "
 "used with the proxy provider."
 msgstr ""
+"Визначає, чи слід перевіряти сертифікат вузла і чи слід вважати його чинним, "
+"якщо для засобу надання даних проксі використано протокол HTTPS."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:289
-#, fuzzy
-#| msgid "try_inotify (boolean)"
+#: sssd-secrets.5.xml:356
 msgid "verify_host (boolean)"
-msgstr "try_inotify (булеве значення)"
+msgstr "verify_host (булеве значення)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:292
+#: sssd-secrets.5.xml:359
 msgid ""
 "Whether peer's hostname must match with hostname in its certificate if HTTPS "
 "protocol is used with the proxy provider."
 msgstr ""
+"Визначає, чи має назва вузла збігатися із назвою вузла у його сертифікаті, "
+"якщо для засобу надання даних проксі використано протокол HTTPS."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:302
-#, fuzzy
-#| msgid "krb5_confd_path (string)"
+#: sssd-secrets.5.xml:369
 msgid "capath (string)"
-msgstr "krb5_confd_path (рядок)"
+msgstr "capath (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:305
+#: sssd-secrets.5.xml:372
 msgid ""
 "Path to directory containing stored certificate authority certificates. "
 "System default path is used if this option is not set."
 msgstr ""
+"Шлях до каталогу, у якому зберігаються сертифікати служб сертифікації. Якщо "
+"для цього параметра не встановлено значення, використовуватиметься "
+"загальносистемний типовий шлях."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:315
-#, fuzzy
-#| msgid "user (string)"
+#: sssd-secrets.5.xml:382
 msgid "cacert (string)"
-msgstr "user (рядок)"
+msgstr "cacert (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:318
+#: sssd-secrets.5.xml:385
 msgid ""
 "Path to file containing server's certificate authority certificate. If this "
 "option is not set then the CA's certificate is looked up in <quote>capath</"
 "quote>."
 msgstr ""
+"Шлях до файла, у якому міститься сертифікат служби сертифікації сервера. "
+"Якщо для цього параметра не встановлено значення, програма шукатиме "
+"сертифікат CA у <quote>capath</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:328
-#, fuzzy
-#| msgid "user (string)"
+#: sssd-secrets.5.xml:395
 msgid "cert (string)"
-msgstr "user (рядок)"
+msgstr "cert (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:331
+#: sssd-secrets.5.xml:398
 msgid ""
 "Path to file containing client's certificate if required by the server. This "
 "file may also contain private key or the private key may be in separate file "
 "set with <quote>key</quote>."
 msgstr ""
+"Шлях до файла, що містить клієнтський сертифікат, якщо такий потрібен для "
+"сервера. Цей файл може також містити закритий ключ. Закритий ключ можна "
+"також зберігати у файлі, назву якого встановлено за допомогою параметра "
+"<quote>key</quote>."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:342
-#, fuzzy
-#| msgid "user (string)"
+#: sssd-secrets.5.xml:409
 msgid "key (string)"
-msgstr "user (рядок)"
+msgstr "key (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:345
-#, fuzzy
-#| msgid "Specifies the file that contains the client's key."
+#: sssd-secrets.5.xml:412
 msgid "Path to file containing client's private key."
-msgstr "Визначає файл, у якому міститься ключ клієнта."
+msgstr "Шлях до файла, у якому міститься закритий ключ клієнта."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:355
+#: sssd-secrets.5.xml:422
 msgid "USING THE REST API"
-msgstr ""
+msgstr "КОРИСТУВАННЯ API REST"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:357
+#: sssd-secrets.5.xml:424
 msgid ""
 "This section lists the available commands and includes examples using the "
 "<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> "
@@ -15593,21 +16370,35 @@ msgid ""
 "with one Content Type and retrieve with another.  The secret URI must begin "
 "with <filename>/secrets/</filename>."
 msgstr ""
+"У цьому розділі наведено список доступних команд та приклади користування із "
+"використанням програми <citerefentry> <refentrytitle>curl</refentrytitle> "
+"<manvolnum>1</manvolnum> </citerefentry>. Усі запити до засобу надання даних "
+"проксі мають встановлювати для заголовка Content Type значення "
+"<quote>application/json</quote>. Крім того, для локального засобу надання "
+"даних передбачено підтримку встановлення для Content Type значення "
+"<quote>application/octet-stream</quote>. Реєстраційні дані, збережені із "
+"запитами, де встановлено значення заголовка Content Type <quote>application/"
+"octet-stream</quote>, є даними у кодуванні base64 у сховищі, які "
+"розшифровуються під час отримання, тому не можна зберігати реєстраційні дані "
+"із одним значенням Content Type і отримувати з іншим. Адреса реєстраційних "
+"даних має починатися з <filename>/secrets/</filename>."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:374
+#: sssd-secrets.5.xml:441
 msgid "Listing secrets"
-msgstr ""
+msgstr "Отримання списку реєстраційних даних"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:377
+#: sssd-secrets.5.xml:444
 msgid ""
 "To list the available secrets, send a HTTP GET request with a trailing slash "
 "appended to the container path."
 msgstr ""
+"Щоб отримати список доступних реєстраційних даних, надішліть запит HTTP GET "
+"із кінцевою навскісною рискою у шляху до контейнера."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:383
+#: sssd-secrets.5.xml:450
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -15615,21 +16406,28 @@ msgid ""
 "     -XGET http://localhost/secrets/\n"
 "                        "
 msgstr ""
+"curl -H \"Content-Type: application/json\" \\\n"
+"     --unix-socket /var/run/secrets.socket \\\n"
+"     -XGET http://localhost/secrets/\n"
+"                        "
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:391
+#: sssd-secrets.5.xml:458
 msgid "Retrieving a secret"
-msgstr ""
+msgstr "Отримання реєстраційних даних"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:394
+#: sssd-secrets.5.xml:461
 msgid ""
 "To read a value of a single secret, send a HTTP GET request without a "
 "trailing slash. The last portion of the URI is the name of the secret."
 msgstr ""
+"Щоб прочитати значення окремого запису реєстраційних даних, надішліть запит "
+"HTTP GET без кінцевої навскісної риски. Остання частина адреси вважатиметься "
+"назвою запису реєстраційних даних."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:401
+#: sssd-secrets.5.xml:468
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -15637,9 +16435,13 @@ msgid ""
 "     -XGET http://localhost/secrets/foo\n"
 "                        "
 msgstr ""
+"curl -H \"Content-Type: application/json\" \\\n"
+"     --unix-socket /var/run/secrets.socket \\\n"
+"     -XGET http://localhost/secrets/foo\n"
+"                        "
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:406
+#: sssd-secrets.5.xml:473
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -15647,39 +16449,51 @@ msgid ""
 "     -XGET http://localhost/secrets/bar\n"
 "                        "
 msgstr ""
+"curl -H \"Content-Type: application/octet-stream\" \\\n"
+"     --unix-socket /var/run/secrets.socket \\\n"
+"     -XGET http://localhost/secrets/bar\n"
+"                        "
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:399
-#, fuzzy
-#| msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+#: sssd-secrets.5.xml:466
 msgid ""
 "Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
 "\"programlisting\" id=\"1\"/>"
-msgstr "Приклад: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+"Приклади: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
+"\"programlisting\" id=\"1\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:414
+#: sssd-secrets.5.xml:481
 msgid "Setting a secret"
-msgstr ""
+msgstr "Встановлення реєстраційних даних"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:417
+#: sssd-secrets.5.xml:484
 msgid ""
 "To set a secret using the <quote>application/json</quote> type, send a HTTP "
 "PUT request with a JSON payload that includes type and value. The type "
 "should be set to \"simple\" and the value should be set to the secret value. "
 "If a secret with that name already exists, the response is a 409 HTTP error."
 msgstr ""
+"Щоб встановити запис реєстраційних даних з використанням типу "
+"<quote>application/json</quote>, надішліть запит HTTP PUT із даними JSON, "
+"які включатимуть тип і значення. Тип (type) має бути встановлено у значення "
+"\"simple\", а значення (value) має містити дані реєстраційного запису. Якщо "
+"запис із вказаною назвою вже існує, відповіддю буде повідомлення про помилку "
+"409 HTTP."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:425
+#: sssd-secrets.5.xml:492
 msgid ""
 "The <quote>application/json</quote> type just sends the secret as the "
 "message payload."
 msgstr ""
+"Тип <quote>application/json</quote> просто надсилає реєстраційний ключ як "
+"вміст повідомлення."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:434
+#: sssd-secrets.5.xml:501
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -15688,9 +16502,14 @@ msgid ""
 "     -d'{\"type\":\"simple\",\"value\":\"foosecret\"}'\n"
 "                        "
 msgstr ""
+"curl -H \"Content-Type: application/json\" \\\n"
+"     --unix-socket /var/run/secrets.socket \\\n"
+"     -XPUT http://localhost/secrets/foo \\\n"
+"     -d'{\"type\":\"simple\",\"value\":\"foosecret\"}'\n"
+"                        "
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:440
+#: sssd-secrets.5.xml:507
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -15699,33 +16518,45 @@ msgid ""
 "     -d'barsecret'\n"
 "                        "
 msgstr ""
+"curl -H \"Content-Type: application/octet-stream\" \\\n"
+"     --unix-socket /var/run/secrets.socket \\\n"
+"     -XPUT http://localhost/secrets/bar \\\n"
+"     -d'barsecret'\n"
+"                        "
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:429
+#: sssd-secrets.5.xml:496
 msgid ""
 "The following example sets a secret named 'foo' to a value of 'foosecret' "
 "and a secret named 'bar' to a value of 'barsecret' using a different Content "
 "Type.  <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
 "\"programlisting\" id=\"1\"/>"
 msgstr ""
+"У наведеному нижче прикладі ми встановлюємо для реєстраційних даних із "
+"назвою «foo» значення «foosecret», а для реєстраційних даних із назвою «bar» "
+"— значення «barsecret», використовуючи різні значення Content Type.  "
+"<placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
+"\"programlisting\" id=\"1\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:449
-#, fuzzy
-#| msgid "Default: nsContainer"
+#: sssd-secrets.5.xml:516
 msgid "Creating a container"
-msgstr "Типове значення: nsContainer"
+msgstr "Створення контейнера"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:452
+#: sssd-secrets.5.xml:519
 msgid ""
 "Containers provide an additional namespace for this user's secrets. To "
 "create a container, send a HTTP POST request, whose URI ends with the "
 "container name. Please note the URI must end with a trailing slash."
 msgstr ""
+"Контейнери надають додатковий простір назв для реєстраційних даних цього "
+"користувача. Для створення контейнера надішліть запит HTTP POST, чи я адреса "
+"завершуватиметься назвою контейнера. Будь ласка, зауважте, що адреса має "
+"завершуватися символом навскісної риски."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:462
+#: sssd-secrets.5.xml:529
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -15733,52 +16564,56 @@ msgid ""
 "     -XPOST http://localhost/secrets/mycontainer/\n"
 "                        "
 msgstr ""
+"curl -H \"Content-Type: application/json\" \\\n"
+"     --unix-socket /var/run/secrets.socket \\\n"
+"     -XPOST http://localhost/secrets/mycontainer/\n"
+"                        "
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:459
-#, fuzzy
-#| msgid ""
-#| "The following example shows a minimal idmapd.conf which makes use of the "
-#| "sss plugin.  <placeholder type=\"programlisting\" id=\"0\"/>"
+#: sssd-secrets.5.xml:526
 msgid ""
 "The following example creates a container named 'mycontainer': <placeholder "
 "type=\"programlisting\" id=\"0\"/>"
 msgstr ""
-"У наведеному нижче прикладі показано мінімальний вигляд idmapd.conf, де "
-"використовується додаток sss.  <placeholder type=\"programlisting\" id=\"0\"/"
-">"
+"У наступному прикладі створюємо контейнер із назвою «mycontainer»: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:471
+#: sssd-secrets.5.xml:538
 #, no-wrap
 msgid ""
 "http://localhost/secrets/mycontainer/mysecret\n"
 "                        "
 msgstr ""
+"http://localhost/secrets/mycontainer/mysecret\n"
+"                        "
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:468
+#: sssd-secrets.5.xml:535
 msgid ""
 "To manipulate secrets under this container, just nest the secrets underneath "
 "the container path: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
+"Щоб працювати із записами реєстраційних даних у цьому контейнері, просто "
+"вкладіть записи реєстраційних даних до шляху контейнера: <placeholder type="
+"\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:477
-#, fuzzy
-#| msgid "delete a user account"
+#: sssd-secrets.5.xml:544
 msgid "Deleting a secret or a container"
-msgstr "вилучення облікового запису користувача"
+msgstr "Вилучення реєстраційних даних або контейнера"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:480
+#: sssd-secrets.5.xml:547
 msgid ""
 "To delete a secret or a container, send a HTTP DELETE request with a path to "
 "the secret or the container."
 msgstr ""
+"Щоб вилучити запис реєстраційних даних або контейнер, надішліть запит HTTP "
+"DELETE із шляхом до запису реєстраційних даних або до контейнера."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:486
+#: sssd-secrets.5.xml:553
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -15786,35 +16621,39 @@ msgid ""
 "     -XDELETE http://localhost/secrets/foo\n"
 "                        "
 msgstr ""
+"curl -H \"Content-Type: application/json\" \\\n"
+"     --unix-socket /var/run/secrets.socket \\\n"
+"     -XDELETE http://localhost/secrets/foo\n"
+"                        "
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:484
-#, fuzzy
-#| msgid ""
-#| "The following expansions are supported: <placeholder type=\"variablelist"
-#| "\" id=\"0\"/>"
+#: sssd-secrets.5.xml:551
 msgid ""
 "The following example deletes a secret named 'foo'.  <placeholder type="
 "\"programlisting\" id=\"0\"/>"
 msgstr ""
-"Передбачено використання таких замінників: <placeholder type=\"variablelist"
-"\" id=\"0\"/>"
+"У наведеному нижче прикладі ми вилучимо реєстраційні дані для запису «foo».  "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:496
+#: sssd-secrets.5.xml:563
 msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION"
-msgstr ""
+msgstr "ПРИКЛАД НАЛАШТОВУВАННЯ МОДУЛІВ НАДАННЯ ДАНИХ CUSTODIA І ПРОКСІ"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:498
+#: sssd-secrets.5.xml:565
 msgid ""
 "For testing the proxy provider, you need to set up a Custodia server to "
 "proxy requests to. Please always consult the Custodia documentation, the "
 "configuration directives might change with different Custodia versions."
 msgstr ""
+"Для тестування засобу надання даних «proxy» вам слід налаштувати проксі-"
+"передавання на сервер Custodia. Будь ласка, завжди користуйтеся "
+"документацією до Custodia, оскільки інструкції налаштовування у різних "
+"версіях Custodia можуть бути різними."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:509
+#: sssd-secrets.5.xml:576
 #, no-wrap
 msgid ""
 "[global]\n"
@@ -15842,9 +16681,33 @@ msgid ""
 "store = simple\n"
 "            "
 msgstr ""
+"[global]\n"
+"server_version = \"Secret/0.0.7\"\n"
+"server_url = http://localhost:8080/\n"
+"auditlog = /var/log/custodia.log\n"
+"debug = True\n"
+"\n"
+"[store:simple]\n"
+"handler = custodia.store.sqlite.SqliteStore\n"
+"dburi = /var/lib/custodia.db\n"
+"table = secrets\n"
+"\n"
+"[auth:header]\n"
+"handler = custodia.httpd.authenticators.SimpleHeaderAuth\n"
+"header = MYSECRETNAME\n"
+"value = mysecretkey\n"
+"\n"
+"[authz:paths]\n"
+"handler = custodia.httpd.authorizers.SimplePathAuthz\n"
+"paths = /secrets\n"
+"\n"
+"[/]\n"
+"handler = custodia.root.Root\n"
+"store = simple\n"
+"            "
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:503
+#: sssd-secrets.5.xml:570
 msgid ""
 "This configuration will set up a Custodia server listening on http://"
 "localhost:8080, allowing anyone with header named MYSECRETNAME set to "
@@ -15852,16 +16715,24 @@ msgid ""
 "into a file (for example, <replaceable>custodia.conf</replaceable>): "
 "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
+"Ці налаштування визначають для сервера Custodia адресу очікування даних "
+"http://localhost:8080, дозволяють будь-кому із заголовком із назвою "
+"MYSECRETNAME, який встановлено у значення mysecretkey, обмін даними із "
+"сервером Custodia. Запишіть ці дані до файла (наприклад, "
+"<replaceable>custodia.conf</replaceable>): <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:535
+#: sssd-secrets.5.xml:602
 msgid ""
 "Then run the <replaceable>custodia</replaceable> command, pointing it at the "
 "config file as a command line argument."
 msgstr ""
+"Далі, віддайте команду <replaceable>custodia</replaceable>, вказавши файл "
+"налаштувань у параметрі командного рядка."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:539
+#: sssd-secrets.5.xml:606
 msgid ""
 "Please note that currently it's not possible to proxy all requests globally "
 "to a Custodia instance. Instead, per-user subsections for user IDs that "
@@ -15870,9 +16741,16 @@ msgid ""
 "requests to Custodia, but all other user's requests would be handled by a "
 "local provider."
 msgstr ""
+"Будь ласка, зверніть увагу на те, що у поточній версії неможливо на "
+"загальному рівні переспрямовувати усі запити до екземпляра Custodia. Замість "
+"цього слід визначати підрозділи для окремих ідентифікаторів користувачів, "
+"які переспрямовуватимуть запити до Custodia. У наведеному нижче прикладі "
+"проілюстровано конфігурацію, за якої запити користувача із UID 123 "
+"переспрямовуватимуться до Custodia, а запити усіх інших користувачів "
+"оброблятимуться локальним засобом надання даних."
 
 #. type: Content of: <reference><refentry><refsect1><programlisting>
-#: sssd-secrets.5.xml:547
+#: sssd-secrets.5.xml:614
 #, no-wrap
 msgid ""
 "[secrets]\n"
@@ -15885,20 +16763,109 @@ msgid ""
 "auth_header_value = mysecretkey\n"
 "        "
 msgstr ""
+"[secrets]\n"
+"\n"
+"[secrets/users/123]\n"
+"provider = proxy\n"
+"proxy_url = http://localhost:8080/secrets/\n"
+"auth_type = header\n"
+"auth_header_name = MYSECRETNAME\n"
+"auth_header_value = mysecretkey\n"
+"        "
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
+#: sssd-session-recording.5.xml:16
+msgid "sssd-session-recording"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-session-recording.5.xml:17
 #, fuzzy
-#| msgid "sssd-krb5"
+#| msgid "Configuring sudo to cooperate with SSSD"
+msgid "Configuring session recording with SSSD"
+msgstr "Налаштовування sudo на співпрацю з SSSD"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:23
+#, fuzzy
+#| msgid ""
+#| "This manual page describes the configuration of the simple access-control "
+#| "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
+#| "<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax "
+#| "reference, refer to the <quote>FILE FORMAT</quote> section of the "
+#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> manual page."
+msgid ""
+"This manual page describes how to configure <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to "
+"implement user session recording on text terminals.  For a detailed "
+"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> "
+"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+"На цій сторінці довідника описано налаштування простого засобу керування "
+"доступом для <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>. Щоб дізнатися більше про синтаксис "
+"налаштування, зверніться до розділу «ФОРМАТ ФАЙЛА» сторінки довідника "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:41
+msgid ""
+"SSSD can be set up to enable recording of everything specific users see or "
+"type during their sessions on text terminals. E.g.  when users log in on the "
+"console, or via SSH. SSSD itself doesn't record anything, but makes sure "
+"tlog-rec-session is started upon user login, so it can record according to "
+"its configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:48
+msgid ""
+"For users with session recording enabled, SSSD replaces the user shell with "
+"tlog-rec-session in NSS responses, and adds a variable specifying the "
+"original shell to the user environment, upon PAM session setup. This way "
+"tlog-rec-session can be started in place of the user shell, and know which "
+"actual shell to start, once it set up the recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:60
+#, fuzzy
+#| msgid "These options can be used to configure the PAC responder."
+msgid "These options can be used to configure the session recording."
+msgstr ""
+"Цими параметрами можна скористатися для налаштовування відповідача PAC."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:146
+msgid ""
+"The following snippet of sssd.conf enables session recording for users "
+"\"contractor1\" and \"contractor2\", and group \"students\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-session-recording.5.xml:151
+#, no-wrap
+msgid ""
+"[session_recording]\n"
+"scope = some\n"
+"users = contractor1, contractor2\n"
+"groups = students\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
 msgid "sssd-kcm"
-msgstr "sssd-krb5"
+msgstr "sssd-kcm"
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sssd-kcm.8.xml:17
-#, fuzzy
-#| msgid "SSSD Kerberos provider"
 msgid "SSSD Kerberos Cache Manager"
-msgstr "Модуль надання даних Kerberos SSSD"
+msgstr "Керування кешем Kerberos SSSD"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-kcm.8.xml:23
@@ -15909,6 +16876,12 @@ msgid ""
 "the MIT Kerberos library also provides client side (more details on that "
 "below) support for the KCM credential cache."
 msgstr ""
+"На цій сторінці підручника описано налаштування засобу керування кешем "
+"Kerberos SSSD (Kerberos Cache Manager або KCM). KCM є процесом, який "
+"зберігає, стежить і керує кешем реєстраційних даних Kerberos. Ідея створення "
+"засобу походить із проекту Heimdal Kerberos, хоча у бібліотеці Kerberos MIT "
+"також надається підтримка з боку клієнта для кешу реєстраційних даних KCM "
+"(докладніше про це нижче)."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-kcm.8.xml:31
@@ -15920,6 +16893,12 @@ msgid ""
 "being referred to as a <quote>\"KCM server\"</quote>. The client and server "
 "communicate over a UNIX socket."
 msgstr ""
+"У конфігураціях, де кешем Kerberos керує KCM, бібліотека Kerberos (типово "
+"використовується за допомогою якоїсь програми, наприклад <citerefentry> "
+"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </"
+"citerefentry>) є <quote>клієнтом KCM</quote>, а фонова служба KCM вважається "
+"<quote>сервером KCM</quote>. Клієнт і сервер обмінюються даними за допомогою "
+"сокета UNIX."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-kcm.8.xml:42
@@ -15928,11 +16907,14 @@ msgid ""
 "access check control based on the UID and GID of the KCM client. The root "
 "user has access to all credential caches."
 msgstr ""
+"Сервер KCM стежити за кожним власником кешу реєстраційних даних і виконує "
+"перевірку прав доступу на основі UID і GID клієнта KCM. Користувач root має "
+"доступ до усіх кешів реєстраційних даних."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-kcm.8.xml:47
 msgid "The KCM credential cache has several interesting properties:"
-msgstr ""
+msgstr "Кеш реєстраційних даних KCM має декілька цікавих властивостей:"
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 #: sssd-kcm.8.xml:51
@@ -15940,6 +16922,8 @@ msgid ""
 "since the process runs in userspace, it is subject to UID namespacing, "
 "unlike the kernel keyring"
 msgstr ""
+"оскільки процес виконується у просторі користувача, він підлягає обмеженням "
+"за простором назв UID, на відміну від набору ключів ядра"
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 #: sssd-kcm.8.xml:56
@@ -15948,24 +16932,21 @@ msgid ""
 "containers, the KCM server is a separate process whose entry point is a UNIX "
 "socket"
 msgstr ""
+"на відміну від кешу на основі наборів ключів ядра, який є спільним для усіх "
+"контейнерів, сервер KCM є окремим процесом, чия точка входу є сокетом UNIX"
 
 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 #: sssd-kcm.8.xml:61
-#, fuzzy
-#| msgid ""
-#| "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> for more information on configuring Kerberos."
 msgid ""
 "the SSSD implementation stores the ccaches in the SSSD <citerefentry> "
 "<refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</manvolnum> </"
 "citerefentry> secrets store, allowing the ccaches to survive KCM server "
 "restarts or machine reboots."
 msgstr ""
-"<quote>krb5</quote> — вбудоване розпізнавання Kerberos. Докладніші відомості "
-"щодо налаштовування Kerberos викладено у довіднику з <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum></manvolnum> </"
-"citerefentry>."
+"реалізація у SSSD зберігає ccache-і у сховищі реєстраційних даних "
+"<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry> SSSD, що надає змогу ccache-ам переживати "
+"перезапуски сервера KCM та перезавантаження комп'ютера."
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-kcm.8.xml:69
@@ -15974,11 +16955,15 @@ msgid ""
 "the credential cache between some or no containers by bind-mounting the "
 "socket."
 msgstr ""
+"Це надає змогу системі використовувати кеш реєстраційних даних із "
+"врахуванням збірок, одночасно надаючи спільний доступ до кешу реєстраційних "
+"даних для декількох контейнерів або без контейнерів взагалі шляхом "
+"прив'язування-монтування сокета."
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-kcm.8.xml:76
 msgid "USING THE KCM CREDENTIAL CACHE"
-msgstr ""
+msgstr "КОРИСТУВАННЯ КЕШЕМ РЕЄСТРАЦІЙНИХ ДАНИХ KCM"
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sssd-kcm.8.xml:86
@@ -15988,16 +16973,12 @@ msgid ""
 "    default_ccache_name = KCM:\n"
 "            "
 msgstr ""
+"[libdefaults]\n"
+"    default_ccache_name = KCM:\n"
+"            "
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-kcm.8.xml:78
-#, fuzzy
-#| msgid ""
-#| "If the auth-module krb5 is used in an SSSD domain, the following options "
-#| "must be used. See the <citerefentry> <refentrytitle>sssd.conf</"
-#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, "
-#| "section <quote>DOMAIN SECTIONS</quote>, for details on the configuration "
-#| "of an SSSD domain.  <placeholder type=\"variablelist\" id=\"0\"/>"
 msgid ""
 "In order to use KCM credential cache, it must be selected as the default "
 "credential type in <citerefentry> <refentrytitle>krb5.conf</"
@@ -16005,21 +16986,14 @@ msgid ""
 "cache name must be only <quote>KCM:</quote> without any template "
 "expansions.  For example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
-"Якщо у домені SSSD використано auth-module krb5, має бути використано "
-"вказані нижче параметри. Зверніться до сторінки довідника (man) "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>, розділ «РОЗДІЛИ ДОМЕНІВ», щоб дізнатися більше "
-"про налаштування домену SSSD. <placeholder type=\"variablelist\" id=\"0\"/>"
+"Для використання кешу реєстраційних даних KCM його слід вибрати стандартним "
+"типом реєстраційних даних у <citerefentry> <refentrytitle>krb5.conf</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>. Назвою кешу "
+"реєстраційних даних має бути лише <quote>KCM:</quote> без будь-яких "
+"розширень шаблонами. Приклад: <placeholder type=\"programlisting\" id=\"0\"/>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-kcm.8.xml:91
-#, fuzzy
-#| msgid ""
-#| "Specifies if the SSSD should instruct the Kerberos libraries what realm "
-#| "and which KDCs to use. This option is on by default, if you disable it, "
-#| "you need to configure the Kerberos library using the <citerefentry> "
-#| "<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry> configuration file."
 msgid ""
 "Next, make sure the Kerberos client libraries and the KCM server must agree "
 "on the UNIX socket path. By default, both use the same path <replaceable>/"
@@ -16028,21 +17002,31 @@ msgid ""
 "the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</"
 "manvolnum> </citerefentry> manual page."
 msgstr ""
-"Визначає, чи слід SSSD вказувати бібліотекам Kerberos, яку область і які "
-"значення KDC слід використовувати. Типово, дію параметра увімкнено. Якщо ви "
-"вимкнете його, вам слід налаштувати бібліотеку Kerberos за допомогою файла "
-"налаштувань <citerefentry> <refentrytitle>krb5.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry>."
+"Далі, слід визначити однаковий шлях до сокета UNIX для клієнтських бібліотек "
+"Kerberos і сервера KCM. Типово, у обох випадках використовується однаковий "
+"шлях <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>. Для "
+"налаштовування бібліотеки Kerberos змініть значення її параметра "
+"<quote>kcm_socket</quote>, як це описано на сторінці підручника "
+"<citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 #: sssd-kcm.8.xml:113
-#, no-wrap
+#, fuzzy, no-wrap
+#| msgid ""
+#| "systemctl start sssd-kcm.socket\n"
+#| "systemctl enable sssd-kcm.socket\n"
+#| "systemctl enable sssd-kcm.service\n"
+#| "            "
 msgid ""
 "systemctl start sssd-kcm.socket\n"
 "systemctl enable sssd-kcm.socket\n"
-"systemctl enable sssd-kcm.service\n"
 "            "
 msgstr ""
+"systemctl start sssd-kcm.socket\n"
+"systemctl enable sssd-kcm.socket\n"
+"systemctl enable sssd-kcm.service\n"
+"            "
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sssd-kcm.8.xml:102
@@ -16055,14 +17039,40 @@ msgid ""
 "id=\"0\"/> Please note your distribution may already configure the units for "
 "you."
 msgstr ""
+"Нарешті, переконайтеся, що з сервером KCM SSSD можна встановити зв'язок. "
+"Типово, служба KCM вмикається за допомогою сокета з <citerefentry> "
+"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </"
+"citerefentry>. На відміну від інших служб SSSD, її не можна запустити "
+"додаванням рядка <quote>kcm</quote> до інструкції <quote>service</quote>.  "
+"<placeholder type=\"programlisting\" id=\"0\"/> Будь ласка, зауважте, що "
+"відповідні налаштування модулів вже могло бути виконано засобами вашого "
+"дистрибутива."
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-kcm.8.xml:123
+#: sssd-kcm.8.xml:122
 msgid "THE CREDENTIAL CACHE STORAGE"
+msgstr "СХОВИЩЕ КЕШУ РЕЄСТРАЦІЙНИХ ДАНИХ"
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:131
+#, fuzzy, no-wrap
+#| msgid ""
+#| "systemctl start sssd-secrets.socket\n"
+#| "systemctl enable sssd-secrets.socket\n"
+#| "systemctl enable sssd-secrets.service\n"
+#| "            "
+msgid ""
+"systemctl start sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.socket\n"
+"            "
 msgstr ""
+"systemctl start sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.service\n"
+"            "
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:125
+#: sssd-kcm.8.xml:124
 msgid ""
 "The credential caches are stored in the SSSD secrets service (see "
 "<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
@@ -16071,17 +17081,16 @@ msgid ""
 "<placeholder type=\"programlisting\" id=\"0\"/> Your distribution should "
 "already set the dependencies between the services."
 msgstr ""
+"Кеші реєстраційних даних зберігаються у сховищі служби реєстраційних даних "
+"SSSD (докладніший опис наведено на сторінці підручника <citerefentry> "
+"<refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>). Тому важливо, щоб було увімкнено службу sssd-secrets, а її "
+"сокет був доступним: <placeholder type=\"programlisting\" id=\"0\"/> "
+"Відповідні залежності між цими службами вже мало бути встановлено засобами "
+"вашого дистрибутива."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:143
-#, fuzzy
-#| msgid ""
-#| "This manual page describes the configuration of the simple access-control "
-#| "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-#| "<manvolnum>8</manvolnum> </citerefentry>.  For a detailed syntax "
-#| "reference, refer to the <quote>FILE FORMAT</quote> section of the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page."
+#: sssd-kcm.8.xml:141
 msgid ""
 "The KCM service is configured in the <quote>kcm</quote> section of the sssd."
 "conf file. Please note that currently, is it not sufficient to restart the "
@@ -16092,22 +17101,18 @@ msgid ""
 "<quote>FILE FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd."
 "conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
 msgstr ""
-"На цій сторінці довідника описано налаштування простого засобу керування "
-"доступом для <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>. Щоб дізнатися більше про синтаксис "
-"налаштування, зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>."
+"Налаштовування служби KCM виконується за допомогою розділу <quote>kcm</"
+"quote> файла sssd.conf. Будь ласка, зауважте, що у поточній версії для "
+"застосування налаштувань перезапуску служби sssd-kcm недостатньо, оскільки "
+"обробка і читання налаштувань sssd до внутрішньої бази даних налаштувань "
+"виконується лише самою службою sssd. Тому вам слід перезапустити вашу службу "
+"sssd, якщо ви щось змінили у розділі <quote>kcm</quote> файла sssd.conf. "
+"Докладний опис синтаксису файла налаштувань наведено у розділі <quote>ФОРМАТ "
+"ФАЙЛА</quote> сторінки підручника <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:157
-#, fuzzy
-#| msgid ""
-#| "NOTE: Must be used in conjunction with the <quote>pam_trusted_users</"
-#| "quote> and <quote>pam_public_domains</quote> options.  Please see the "
-#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> manual page for more information on these two "
-#| "PAM responder options."
+#: sssd-kcm.8.xml:155
 msgid ""
 "The generic SSSD service options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the kcm service.  Please refer to "
@@ -16115,44 +17120,440 @@ msgid ""
 "manvolnum> </citerefentry> manual page for a complete list. In addition, "
 "there are some KCM-specific options as well."
 msgstr ""
-"Зауваження: слід використовувати разом із параметрами «pam_trusted_users» і "
-"«pam_public_domains». Будь ласка, ознайомтеся із сторінкою підручника "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>, щоб дізнатися більше про ці два параметри "
-"відповідача PAM."
+"Службі kcm можна передавати типові параметри служби SSSD, зокрема "
+"<quote>debug_level</quote> та <quote>fd_limit</quote> Із повним списком "
+"параметрів можна ознайомитися на сторінці підручника <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>. Крім того, передбачено декілька специфічних для KCM "
+"параметрів."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-kcm.8.xml:168
-#, fuzzy
-#| msgid "skel_dir (string)"
+#: sssd-kcm.8.xml:166
 msgid "socket_path (string)"
-msgstr "skel_dir (рядок)"
+msgstr "socket_path (рядок)"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:171
+#: sssd-kcm.8.xml:169
 msgid "The socket the KCM service will listen on."
-msgstr ""
+msgstr "Сокет, на якому очікуватиме на з'єднання служба KCM."
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:174
+#: sssd-kcm.8.xml:172
 msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
 msgstr ""
+"Типове значення: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:184
-#, fuzzy
-#| msgid ""
-#| "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</"
-#| "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</"
-#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>"
+#: sssd-kcm.8.xml:182
 msgid ""
 "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>,"
 msgstr ""
 "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry>"
+"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>,"
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
+#, fuzzy
+#| msgid "sssd-simple"
+msgid "sssd-systemtap"
+msgstr "sssd-simple"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-systemtap.5.xml:17
+msgid "SSSD systemtap information"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:23
+#, fuzzy
+#| msgid ""
+#| "The detailed instructions for configuration of sudo_provider are in the "
+#| "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry>."
+msgid ""
+"This manual page provides information about the systemtap functionality in "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+"Докладні настанов щодо налаштовування sudo_provider можна знайти на сторінці "
+"довідника (man) <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:32
+msgid ""
+"SystemTap Probe points have been added into various locations in SSSD code "
+"to assist in troubleshooting and analyzing performance related issues."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:40
+msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:46
+msgid ""
+"Probes and miscellaneous functions are defined in /usr/share/systemtap/"
+"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp "
+"respectively."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-systemtap.5.xml:57
+msgid "PROBE POINTS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:341
+msgid ""
+"The information below lists the probe points and arguments available in the "
+"following format:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:64
+#, fuzzy
+#| msgid "realm name"
+msgid "probe $name"
+msgstr "назва області"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:67
+msgid "Description of probe point"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:70
+#, no-wrap
+msgid ""
+"variable1:datatype\n"
+"variable2:datatype\n"
+"variable3:datatype\n"
+"...\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:80
+msgid "Database Transaction Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:84
+msgid "probe sssd_transaction_start"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:87
+msgid ""
+"Start of a sysdb transaction, probes the sysdb_transaction_start() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118
+#: sssd-systemtap.5.xml:131
+#, no-wrap
+msgid ""
+"nesting:integer\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:97
+msgid "probe sssd_transaction_cancel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:100
+msgid ""
+"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel()  "
+"function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:111
+msgid "probe sssd_transaction_commit_before"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:114
+msgid "Probes the sysdb_transaction_commit_before()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:124
+msgid "probe sssd_transaction_commit_after"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:127
+msgid "Probes the sysdb_transaction_commit_after()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:141
+msgid "LDAP Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:145
+#, fuzzy
+#| msgid "ldap_search_base,"
+msgid "probe sdap_search_send"
+msgstr "ldap_search_base,"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:148
+msgid "Probes the sdap_get_generic_ext_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:152 sssd-systemtap.5.xml:167 sssd-systemtap.5.xml:196
+#, no-wrap
+msgid ""
+"base:string\n"
+"scope:integer\n"
+"filter:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:160
+#, fuzzy
+#| msgid "ldap_search_base,"
+msgid "probe sdap_search_recv"
+msgstr "ldap_search_base,"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:163
+msgid "Probes the sdap_get_generic_ext_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:175
+msgid "probe sdap_deref_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:178
+msgid "Probes the sdap_deref_search_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:182
+#, no-wrap
+msgid ""
+"base_dn:string\n"
+"deref_attr:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:189
+msgid "probe sdap_deref_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:192
+msgid "Probes the sdap_deref_search_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:208
+msgid "LDAP Account Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:212
+msgid "probe sdap_acct_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:215
+msgid "Probes the sdap_acct_req_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:219 sssd-systemtap.5.xml:234
+#, no-wrap
+msgid ""
+"entry_type:int\n"
+"filter_type:int\n"
+"filter_value:string\n"
+"extra_value:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:227
+msgid "probe sdap_acct_req_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:230
+msgid "Probes the sdap_acct_req_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:246
+msgid "LDAP User Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:250
+msgid "probe sdap_search_user_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:253
+msgid "Probes the sdap_search_user_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
+#: sssd-systemtap.5.xml:293
+#, fuzzy, no-wrap
+#| msgid ""
+#| "fallback_homedir = /home/%u\n"
+#| "                            "
+msgid ""
+"filter:string\n"
+"                       "
+msgstr ""
+"fallback_homedir = /home/%u\n"
+"                            "
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:262
+msgid "probe sdap_search_user_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:265
+msgid "Probes the sdap_search_user_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:274
+msgid "probe sdap_search_user_save_begin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:277
+msgid "Probes the sdap_search_user_save_begin()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:286
+msgid "probe sdap_search_user_save_end"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:289
+msgid "Probes the sdap_search_user_save_end()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:302
+msgid "Data Provider Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:306
+msgid "probe dp_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:309
+msgid "A Data Provider request is submitted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:312
+#, no-wrap
+msgid ""
+"dp_req_domain:string\n"
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:320
+msgid "probe dp_req_done"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:323
+msgid "A Data Provider request is completed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:326
+#, no-wrap
+msgid ""
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"dp_ret:int\n"
+"dp_errorstr:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:339
+msgid "MISCELLANEOUS FUNCTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:346
+msgid "function acct_req_desc(entry_type)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:349
+msgid "Convert entry_type to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:354
+msgid ""
+"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
+"filter_value, extra_value)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:358
+msgid "Create probe string based on filter type"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:363
+msgid "function dp_target_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:366
+msgid "Convert target to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:371
+msgid "function dp_method_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:374
+msgid "Convert method to string and return string"
+msgstr ""
 
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
@@ -16241,16 +17642,12 @@ msgstr ""
 
 #. type: Content of: <refentryinfo>
 #: include/upstream.xml:2
-#, fuzzy
-#| msgid ""
-#| "<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-#| "fedorahosted.org/sssd</orgname>"
 msgid ""
 "<productname>SSSD</productname> <orgname>The SSSD upstream - https://pagure."
 "io/SSSD/sssd/</orgname>"
 msgstr ""
 "<productname>SSSD</productname> <orgname>Основна гілка розробки SSSD — "
-"http://fedorahosted.org/sssd</orgname>"
+"https://pagure.io/SSSD/sssd/</orgname>"
 
 #. type: Content of: outside any tag (error?)
 #: include/upstream.xml:1
@@ -16359,6 +17756,83 @@ msgstr ""
 "Якщо список комп’ютерів буде вичерпано, основний модуль перейде у режим "
 "автономної роботи і повторюватиме спроби з’єднання кожні 30 секунд."
 
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:53
+msgid "Failover time outs and tuning"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:55
+msgid ""
+"Resolving a server to connect to can be as simple as running a single DNS "
+"query or can involve several steps, such as finding the correct site or "
+"trying out multiple host names in case some of the configured servers are "
+"not reachable. The more complex scenarios can take some time and SSSD needs "
+"to balance between providing enough time to finish the resolution process "
+"but on the other hand, not trying for too long before falling back to "
+"offline mode. If the SSSD debug logs show that the server resolution is "
+"timing out before a live server is contacted, you can consider changing the "
+"time outs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:76
+#, fuzzy
+#| msgid "dns_resolver_timeout (integer)"
+msgid "dns_resolver_op_timeout"
+msgstr "dns_resolver_timeout (ціле число)"
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:80
+msgid "How long would SSSD talk to a single DNS server."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:86
+#, fuzzy
+#| msgid "dns_resolver_timeout (integer)"
+msgid "dns_resolver_timeout"
+msgstr "dns_resolver_timeout (ціле число)"
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:90
+msgid ""
+"How long would SSSD try to resolve a failover service. This service "
+"resolution internally might include several steps, such as resolving DNS SRV "
+"queries or locating the site."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:67
+#, fuzzy
+#| msgid ""
+#| "All of the common configuration options that apply to SSSD domains also "
+#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
+#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details.  "
+#| "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgid ""
+"This section lists the available tunables. Please refer to their description "
+"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, manual page.  <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+"Всі загальні параметри налаштування, які стосуються доменів SSSD, також "
+"стосуються і доменів LDAP. Зверніться до розділу «РОЗДІЛИ ДОМЕНІВ» сторінки "
+"підручника <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>, щоб дізнатися більше.  "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:100
+msgid ""
+"For LDAP-based providers, the resolve operation is performed as part of an "
+"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"quote> timeout should be set to a larger value than "
+"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
+"value than <quote>dns_resolver_op_timeout</quote>."
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/ldap_id_mapping.xml:2
 msgid "ID MAPPING"
@@ -16543,18 +18017,13 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
 #: include/ldap_id_mapping.xml:111
-#, fuzzy
-#| msgid ""
-#| "The default configuration results in configuring 10,000 slices, each "
-#| "capable of holding up to 200,000 IDs, starting from 10,001 and going up "
-#| "to 2,000,100,000. This should be sufficient for most deployments."
 msgid ""
 "The default configuration results in configuring 10,000 slices, each capable "
 "of holding up to 200,000 IDs, starting from 200,000 and going up to "
 "2,000,200,000. This should be sufficient for most deployments."
 msgstr ""
 "За типових налаштувань буде створено 10000 зрізів, кожен з яких може містити "
-"до 200000 ідентифікаторів, починаючи з 10001 і аж до 2000100000. Цього має "
+"до 200000 ідентифікаторів, починаючи з 2000000 і аж до 2000200000. Цього має "
 "вистачити для більшості розгорнутих середовищ."
 
 #. type: Content of: <refsect1><refsect2><refsect3><title>
@@ -16662,11 +18131,6 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
 #: include/ldap_id_mapping.xml:179
-#, fuzzy
-#| msgid ""
-#| "For example, if your most recently-added Active Directory user has "
-#| "objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-#| "<quote>ldap_idmap_range_size</quote> must be at least 1107."
 msgid ""
 "For example, if your most recently-added Active Directory user has "
 "objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
@@ -16675,7 +18139,9 @@ msgid ""
 msgstr ""
 "Приклад: якщо найсвіжішим доданим користувачем Active Directory є користувач "
 "з objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"«ldap_idmap_range_size» повинне мати значення, яке є не меншим за 1107."
+"«ldap_idmap_range_size» повинне мати значення, яке є не меншим за 1108, "
+"оскільки розмір діапазону дорівнює максимальному SID мінус мінімальний SID "
+"плюс 1. (Наприклад, 1108 = 1107 - 0 + 1)."
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
 #: include/ldap_id_mapping.xml:186
@@ -16756,10 +18222,8 @@ msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
 #: include/ldap_id_mapping.xml:249
-#, fuzzy
-#| msgid "ldap_idmap_range_size (integer)"
 msgid "ldap_idmap_helper_table_size (integer)"
-msgstr "ldap_idmap_range_size (ціле число)"
+msgstr "ldap_idmap_helper_table_size (ціле число)"
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
 #: include/ldap_id_mapping.xml:252
@@ -16767,6 +18231,8 @@ msgid ""
 "Maximal number of secondary slices that is tried when performing mapping "
 "from UNIX id to SID."
 msgstr ""
+"Максимальна кількість вторинних зрізів, яку можна використовувати під час "
+"виконання прив'язки ідентифікатора UNIX до SID."
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
 #: include/ldap_id_mapping.xml:256
@@ -16776,6 +18242,11 @@ msgid ""
 "generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
 "then no additional secondary slices are generated."
 msgstr ""
+"Зауваження: під час прив'язування SID до ідентифікатора UNIX може бути "
+"створено додаткові вторинні зрізи, якщо частини RID SID перебувають поза "
+"межами діапазону вже створених вторинних зрізів. Якщо значенням "
+"ldap_idmap_helper_table_size буде 0, додаткові вторинні зрізи не "
+"створюватимуться."
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/ldap_id_mapping.xml:273
@@ -16945,11 +18416,6 @@ msgstr ""
 
 #. type: Content of: <listitem><para>
 #: include/debug_levels.xml:38 include/debug_levels_tools.xml:19
-#, fuzzy
-#| msgid ""
-#| "<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. "
-#| "An error that doesn't kill the SSSD, but one that indicates that at least "
-#| "one major feature is not going to work properly."
 msgid ""
 "<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
 "error that doesn't kill SSSD, but one that indicates that at least one major "
@@ -17073,17 +18539,13 @@ msgstr "<emphasis>Типове значення</emphasis>: 0"
 
 #. type: Content of: outside any tag (error?)
 #: include/experimental.xml:1
-#, fuzzy
-#| msgid ""
-#| "<emphasis> This is an experimental feature, please use http://"
-#| "fedorahosted.org/sssd to report any issues.  </emphasis>"
 msgid ""
 "<emphasis> This is an experimental feature, please use https://pagure.io/"
 "SSSD/sssd/ to report any issues.  </emphasis>"
 msgstr ""
-"<emphasis> Цю можливість ще не перевірено достатнім чином. Будь ласка, якщо "
+"<emphasis> Цю можливість ще не перевірено достатнім чином Будь ласка, якщо "
 "помітите якісь вади, повідомте про них за допомогою настанов на сторінці "
-"http://fedorahosted.org/sssd.  </emphasis>"
+"https://pagure.io/SSSD/sssd/.  </emphasis>"
 
 #. type: Content of: <refsect1><title>
 #: include/local.xml:2
@@ -17136,27 +18598,29 @@ msgstr ""
 #| "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </"
 #| "citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> "
 #| "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
-#| "citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
-#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+#| "citerefentry>, </phrase> <phrase condition=\"with_secrets\"> "
+#| "<citerefentry> <refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry>, </phrase> <citerefentry> "
+#| "<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
 #| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+#| "<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
 #| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+#| "<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
 #| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+#| "<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
 #| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
-#| "citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
+#| "<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
 #| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#| "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
-#| "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> "
-#| "<citerefentry> <refentrytitle>sss_ssh_authorizedkeys</refentrytitle> "
-#| "<manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
+#| "\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 #| "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
 #| "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
 #| "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
@@ -17179,34 +18643,37 @@ msgid ""
 "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> "
 "<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
+"citerefentry>, </phrase> <citerefentry> <refentrytitle>sssd-session-"
+"recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, "
+"<citerefentry> <refentrytitle>sss_cache</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
-"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
+"\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
 "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>.  <citerefentry> "
 "<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
+"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
+"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> </phrase>"
 msgstr ""
 "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
@@ -17220,6 +18687,8 @@ msgstr ""
 "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </"
 "citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> "
 "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> "
+"<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
@@ -17341,12 +18810,12 @@ msgstr "ім’я користувача повністю (користувач@
 #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
 #: include/override_homedir.xml:27
 msgid "%l"
-msgstr ""
+msgstr "%l"
 
 #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: include/override_homedir.xml:28
 msgid "The first letter of the login name."
-msgstr ""
+msgstr "Перша літера назви облікового запису."
 
 #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 #: include/override_homedir.xml:32
@@ -17434,10 +18903,8 @@ msgstr "Типове значення: /home"
 
 #. type: Content of: <refsect1><title>
 #: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2
-#, fuzzy
-#| msgid "GENERAL OPTIONS"
 msgid "MODIFIED DEFAULT OPTIONS"
-msgstr "ЗАГАЛЬНІ ПАРАМЕТРИ"
+msgstr "ЗМІНЕНІ ТИПОВІ ПАРАМЕТРИ"
 
 #. type: Content of: <refsect1><para>
 #: include/ad_modified_defaults.xml:4
@@ -17446,83 +18913,65 @@ msgid ""
 "defaults, these option names and AD provider-specific defaults are listed "
 "below:"
 msgstr ""
+"Деякі типові значення параметрів не збігаються із типовими значеннями "
+"параметрів засобу надання даних. Із назвами відповідних параметрів та "
+"специфічні для засобу надання даних AD значення цих параметрів можна "
+"ознайомитися за допомогою наведеного нижче списку:"
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9
-#, fuzzy
-#| msgid "SSSD IPA provider"
 msgid "KRB5 Provider"
-msgstr "Модуль надання даних IPA SSSD"
+msgstr "Модуль надання даних KRB5"
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13
-#, fuzzy
-#| msgid "krb5_validate (boolean)"
 msgid "krb5_validate = true"
-msgstr "krb5_validate (булеве значення)"
+msgstr "krb5_validate = true"
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:18
-#, fuzzy
-#| msgid "krb5_use_enterprise_principal (boolean)"
 msgid "krb5_use_enterprise_principal = true"
-msgstr "krb5_use_enterprise_principal (булеве значення)"
+msgstr "krb5_use_enterprise_principal = true"
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/ad_modified_defaults.xml:24
-#, fuzzy
-#| msgid "SSSD LDAP provider"
 msgid "LDAP Provider"
-msgstr "Модуль надання даних LDAP SSSD"
+msgstr "Модуль надання даних LDAP"
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:28
-#, fuzzy
-#| msgid "ldap_schema (string)"
 msgid "ldap_schema = ad"
-msgstr "ldap_schema (рядок)"
+msgstr "ldap_schema = ad"
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38
-#, fuzzy
-#| msgid "ldap_force_upper_case_realm (boolean)"
 msgid "ldap_force_upper_case_realm = true"
-msgstr "ldap_force_upper_case_realm (булеве значення)"
+msgstr "ldap_force_upper_case_realm = true"
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:38
-#, fuzzy
-#| msgid "ldap_id_mapping (boolean)"
 msgid "ldap_id_mapping = true"
-msgstr "ldap_id_mapping (булеве значення)"
+msgstr "ldap_id_mapping = true"
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:43
-#, fuzzy
-#| msgid "ldap_sasl_mech (string)"
 msgid "ldap_sasl_mech = gssapi"
-msgstr "ldap_sasl_mech (рядок)"
+msgstr "ldap_sasl_mech = gssapi"
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:48
-#, fuzzy
-#| msgid "ldap_referrals (boolean)"
 msgid "ldap_referrals = false"
-msgstr "ldap_referrals (булеве значення)"
+msgstr "ldap_referrals = false"
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:53
-#, fuzzy
-#| msgid "ldap_account_expire_policy (string)"
 msgid "ldap_account_expire_policy = ad"
-msgstr "ldap_account_expire_policy (рядок)"
+msgstr "ldap_account_expire_policy = ad"
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58
-#, fuzzy
-#| msgid "ldap_use_tokengroups"
 msgid "ldap_use_tokengroups = true"
-msgstr "ldap_use_tokengroups"
+msgstr "ldap_use_tokengroups = true"
 
 #. type: Content of: <refsect1><para>
 #: include/ipa_modified_defaults.xml:4
@@ -17531,274 +18980,125 @@ msgid ""
 "defaults, these option names and IPA provider-specific defaults are listed "
 "below:"
 msgstr ""
+"Деякі типові значення параметрів не збігаються із типовими значеннями "
+"параметрів засобу надання даних. Із назвами відповідних параметрів та "
+"специфічні для засобу надання даних IPA значення цих параметрів можна "
+"ознайомитися за допомогою наведеного нижче списку:"
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:18
-#, fuzzy
-#| msgid "krb5_use_fast (string)"
 msgid "krb5_use_fast = try"
-msgstr "krb5_use_fast (рядок)"
+msgstr "krb5_use_fast = try"
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:23
-#, fuzzy
-#| msgid "krb5_canonicalize (boolean)"
 msgid "krb5_canonicalize = true"
-msgstr "krb5_canonicalize (булеве значення)"
+msgstr "krb5_canonicalize = true"
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/ipa_modified_defaults.xml:29
 msgid "LDAP Provider - General"
-msgstr ""
+msgstr "Модуль надання даних LDAP — Загальне"
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:33
-#, fuzzy
-#| msgid "ldap_schema (string)"
 msgid "ldap_schema = ipa_v1"
-msgstr "ldap_schema (рядок)"
+msgstr "ldap_schema = ipa_v1"
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:43
-#, fuzzy
-#| msgid "ldap_sasl_mech (string)"
 msgid "ldap_sasl_mech = GSSAPI"
-msgstr "ldap_sasl_mech (рядок)"
+msgstr "ldap_sasl_mech = GSSAPI"
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:48
-#, fuzzy
-#| msgid "ldap_sasl_minssf (integer)"
 msgid "ldap_sasl_minssf = 56"
-msgstr "ldap_sasl_minssf (ціле значення)"
+msgstr "ldap_sasl_minssf = 56"
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:53
-#, fuzzy
-#| msgid "ldap_account_expire_policy (string)"
 msgid "ldap_account_expire_policy = ipa"
-msgstr "ldap_account_expire_policy (рядок)"
+msgstr "ldap_account_expire_policy = ipa"
 
 #. type: Content of: <refsect1><refsect2><title>
 #: include/ipa_modified_defaults.xml:64
 msgid "LDAP Provider - User options"
-msgstr ""
+msgstr "Модуль надання даних LDAP — Параметри користувачів"
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:68
-#, fuzzy
-#| msgid "ldap_user_member_of (string)"
 msgid "ldap_user_member_of = memberOf"
-msgstr "ldap_user_member_of (рядок)"
+msgstr "ldap_user_member_of = memberOf"
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:73
-#, fuzzy
-#| msgid "ldap_user_uuid (string)"
 msgid "ldap_user_uuid = ipaUniqueID"
-msgstr "ldap_user_uuid (рядок)"
+msgstr "ldap_user_uuid = ipaUniqueID"
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:78
-#, fuzzy
-#| msgid "ldap_user_ssh_public_key"
 msgid "ldap_user_ssh_public_key = ipaSshPubKey"
-msgstr "ldap_user_ssh_public_key"
+msgstr "ldap_user_ssh_public_key = ipaSshPubKey"
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
 #: include/ipa_modified_defaults.xml:83
 msgid "ldap_user_auth_type = ipaUserAuthType"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:88
-#, fuzzy
-#| msgid "ldap_user_certificate (string)"
-msgid "ldap_user_certificate = userCertificate;binary"
-msgstr "ldap_user_certificate (рядок)"
+msgstr "ldap_user_auth_type = ipaUserAuthType"
 
 #. type: Content of: <refsect1><refsect2><title>
-#: include/ipa_modified_defaults.xml:94
+#: include/ipa_modified_defaults.xml:89
 msgid "LDAP Provider - Group options"
-msgstr ""
+msgstr "Модуль надання даних LDAP — Параметри груп"
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:98
-#, fuzzy
-#| msgid "ldap_group_object_class (string)"
+#: include/ipa_modified_defaults.xml:93
 msgid "ldap_group_object_class = ipaUserGroup"
-msgstr "ldap_group_object_class (рядок)"
+msgstr "ldap_group_object_class = ipaUserGroup"
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:103
-#, fuzzy
-#| msgid "ldap_group_object_class (string)"
+#: include/ipa_modified_defaults.xml:98
 msgid "ldap_group_object_class_alt = posixGroup"
-msgstr "ldap_group_object_class (рядок)"
+msgstr "ldap_group_object_class_alt = posixGroup"
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:108
-#, fuzzy
-#| msgid "ldap_group_member (string)"
+#: include/ipa_modified_defaults.xml:103
 msgid "ldap_group_member = member"
-msgstr "ldap_group_member (рядок)"
+msgstr "ldap_group_member = member"
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:113
-#, fuzzy
-#| msgid "ldap_group_uuid (string)"
+#: include/ipa_modified_defaults.xml:108
 msgid "ldap_group_uuid = ipaUniqueID"
-msgstr "ldap_group_uuid (рядок)"
+msgstr "ldap_group_uuid = ipaUniqueID"
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:118
-#, fuzzy
-#| msgid "ldap_group_objectsid (string)"
+#: include/ipa_modified_defaults.xml:113
 msgid "ldap_group_objectsid = ipaNTSecurityIdentifier"
-msgstr "ldap_group_objectsid (рядок)"
+msgstr "ldap_group_objectsid = ipaNTSecurityIdentifier"
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:123
+#: include/ipa_modified_defaults.xml:118
 msgid "ldap_group_external_member = ipaExternalMember"
-msgstr ""
+msgstr "ldap_group_external_member = ipaExternalMember"
 
-#~ msgid ""
-#~ "Comma separated list of services that are started when sssd itself starts."
+#~ msgid "Default: no set in the general case, userCertificate;binary for IPA"
 #~ msgstr ""
-#~ "Список служб, записи якого відокремлено комами, які слід запускати у разі "
-#~ "запуску sssd."
+#~ "Типове значення: не встановлено у загальному випадку, userCertificate;"
+#~ "binary для IPA"
 
 #~ msgid ""
-#~ "The user to drop the privileges to where appropriate to avoid running as "
-#~ "the root user."
+#~ "<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
+#~ "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
+#~ "running."
 #~ msgstr ""
-#~ "Користувач, правами доступу якого слід користуватися там, де це є "
-#~ "доречним, щоб уникнути роботи від імені користувача root."
+#~ "<command>sss_debuglevel</command> змінює рівень діагностики засобу "
+#~ "спостереження та надавачів даних SSSD на вказане значення "
+#~ "<replaceable>НОВИЙ_РІВЕНЬ_ДІАГНОСТИКИ</replaceable> під час роботи SSSD."
 
-#~ msgid "force_timeout (integer)"
-#~ msgstr "force_timeout (ціле число)"
-
-#~ msgid ""
-#~ "If a service is not responding to ping checks (see the <quote>timeout</"
-#~ "quote> option), it is first sent the SIGTERM signal that instructs it to "
-#~ "quit gracefully.  If the service does not terminate after "
-#~ "<quote>force_timeout</quote> seconds, the monitor will forcibly shut it "
-#~ "down by sending a SIGKILL signal."
-#~ msgstr ""
-#~ "Якщо служба не відповідає на перевірки луна-імпульсом (пінгом) (див. "
-#~ "параметр <quote>timeout</quote>), система спочатку надсилає сигнал "
-#~ "SIGTERM, яким наказує службі завершити роботу у штатному режимі. Якщо "
-#~ "служба не завершить роботу протягом часу, визначено параметром "
-#~ "<quote>force_timeout</quote> у секундах, монітор примусово завершить "
-#~ "роботу служби надсиланням сигналу SIGKILL."
-
-#~ msgid ""
-#~ "Specifies the comma-separated list of UID values or user names that are "
-#~ "allowed to access the PAM responder. User names are resolved to UIDs at "
-#~ "startup."
-#~ msgstr ""
-#~ "Визначає список значень UID або імен користувачів, відокремлених "
-#~ "комами. \n"
-#~ "Користувачам з цього списку буде дозволено доступ до відповідача PAM. UID "
-#~ "за \n"
-#~ "іменами користувачів визначатимуться під час запуску."
-
-#~ msgid ""
-#~ "If user is authenticating using SSH keys and account is expired then by "
-#~ "default 'Permission denied' is output. This output will be changed to "
-#~ "content of this variable if it is set."
-#~ msgstr ""
-#~ "Якщо користувач проходить розпізнавання за допомогою ключів SSH, а строк "
-#~ "дії облікового запису вичерпано, буде виведено типове повідомлення про "
-#~ "заборону доступу («Permission denied»). Це повідомлення буде змінено на "
-#~ "вміст змінної, якщо її значення буде встановлено."
+#~ msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+#~ msgstr "<replaceable>НОВИЙ_РІВЕНЬ_ДІАГНОСТИКИ</replaceable>"
 
-#~ msgid "Default: uid"
-#~ msgstr "Типове значення: uid"
+#~ msgid "Default: 1024"
+#~ msgstr "Типове значення: 1024"
 
-#~ msgid ""
-#~ "Please note that the default values correspond to the default schema "
-#~ "which is RFC2307."
-#~ msgstr ""
-#~ "Будь ласка, зауважте, що типові значення відповідають типовій схемі, яку "
-#~ "визначено у RFC2307."
-
-#~ msgid "Default: automountMap"
-#~ msgstr "Типове значення: automountMap"
-
-#~ msgid "Default: ou"
-#~ msgstr "Типове значення: ou"
-
-#~ msgid "Default: automountInformation"
-#~ msgstr "Типове значення: automountInformation"
-
-#~ msgid "NOTE: This option currently supports only one interface."
-#~ msgstr ""
-#~ "ЗАУВАЖЕННЯ: для цього параметра у поточній версії передбачено підтримку "
-#~ "лише одного інтерфейсу."
-
-#~ msgid ""
-#~ "Verify with the help of krb5_keytab that the TGT obtained has not been "
-#~ "spoofed."
-#~ msgstr ""
-#~ "Перевірити за допомогою krb5_keytab, чи не було підмінено отриманий TGT."
-
-#~ msgid ""
-#~ "Note that this default differs from the traditional Kerberos provider "
-#~ "back end."
-#~ msgstr ""
-#~ "Зауважте, що це типове значення не збігається з типовим значенням засобу "
-#~ "модуля Kerberos."
-
-#~ msgid ""
-#~ "Specifies if the host and user principal should be canonicalized when "
-#~ "connecting to IPA LDAP and also for AS requests. This feature is "
-#~ "available with MIT Kerberos >= 1.7"
-#~ msgstr ""
-#~ "Визначає, чи слід перетворювати реєстраційний запис вузла і користувача у "
-#~ "канонічну форм під час встановлення з’єднання з LDAP IPA, а також для "
-#~ "запитів AS. Цю можливість передбачено з версії MIT Kerberos >= 1.7"
-
-#~ msgid "<emphasis>never</emphasis> use FAST."
-#~ msgstr "<emphasis>never</emphasis> — (ніколи) не використовувати FAST."
-
-#~ msgid ""
-#~ "<emphasis>try</emphasis> to use FAST. If the server does not support "
-#~ "FAST, continue the authentication without it. This is equivalent to not "
-#~ "setting this option at all."
-#~ msgstr ""
-#~ "<emphasis>try</emphasis> — (спробувати) використати FAST. Якщо на сервері "
-#~ "не передбачено підтримки FAST, продовжити спробу розпізнавання без FAST. "
-#~ "Це еквівалентно невстановленню значення цього параметра взагалі."
-
-#~ msgid "Default: try"
-#~ msgstr "Типове значення: try"
-
-#~ msgid "This option should only be set by the IPA installer."
-#~ msgstr "Цей параметр має встановлюватися лише засобом встановлення IPA."
-
-#~ msgid ""
-#~ "The option denotes that the SSSD is running on IPA server and should "
-#~ "perform lookups of users and groups from trusted domains differently."
-#~ msgstr ""
-#~ "За допомогою цього параметра можна визначити, чи працює SSSD на сервері "
-#~ "IPA і має виконувати пошуки користувачів і груп з довірених доменів "
-#~ "окремо."
-
-#~ msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-#~ msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-
-#~ msgid ""
-#~ "If <quote>PubkeyAgent</quote> is supported, "
-#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-#~ "manvolnum></citerefentry> can be configured to use it by using the "
-#~ "following directive for <citerefentry> <refentrytitle>sshd</"
-#~ "refentrytitle> <manvolnum>8</manvolnum></citerefentry> configuration: "
-#~ "<placeholder type=\"programlisting\" id=\"0\"/>"
-#~ msgstr ""
-#~ "Якщо передбачено підтримку <quote>PubkeyAgent</quote>, "
-#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-#~ "manvolnum></citerefentry> може бути налаштовано на використання ключів за "
-#~ "допомогою такої інструкції <citerefentry> <refentrytitle>sshd</"
-#~ "refentrytitle> <manvolnum>8</manvolnum></citerefentry>: <placeholder type="
-#~ "\"programlisting\" id=\"0\"/>"
+#~ msgid "Default: 16"
+#~ msgstr "Типове значення: 16"
diff --git a/src/man/po/zh_CN.po b/src/man/po/zh_CN.po
index c580ef8b8..da187e42d 100644
--- a/src/man/po/zh_CN.po
+++ b/src/man/po/zh_CN.po
@@ -6,9 +6,9 @@
 # Christopher Meng <cickumqt@gmail.com>, 2012
 msgid ""
 msgstr ""
-"Project-Id-Version: sssd-docs 1.12.90\n"
+"Project-Id-Version: sssd-docs 1.15.3\n"
 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2017-07-25 11:51+0200\n"
+"POT-Creation-Date: 2017-10-20 16:15+0200\n"
 "PO-Revision-Date: 2014-12-15 12:16-0500\n"
 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
 "Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/"
@@ -30,7 +30,8 @@ msgstr ""
 #: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
 #: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
 #: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5
-#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-kcm.8.xml:5
+#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-session-recording.5.xml:5
+#: sssd-kcm.8.xml:5 sssd-systemtap.5.xml:5
 msgid "SSSD Manual pages"
 msgstr "SSSD 手册页面"
 
@@ -72,7 +73,8 @@ msgstr ""
 #: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31
 #: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
 #: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30
-#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-kcm.8.xml:21
+#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-session-recording.5.xml:21
+#: sssd-kcm.8.xml:21 sssd-systemtap.5.xml:21
 msgid "DESCRIPTION"
 msgstr ""
 
@@ -87,8 +89,8 @@ msgstr ""
 #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_ssh_knownhostsproxy.1.xml:62
 msgid "OPTIONS"
 msgstr "选项"
 
@@ -136,7 +138,8 @@ msgstr "sssd.conf"
 #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
 #: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11
 #: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
-#: sssd-files.5.xml:11 sssd-secrets.5.xml:11
+#: sssd-files.5.xml:11 sssd-secrets.5.xml:11 sssd-session-recording.5.xml:11
+#: sssd-systemtap.5.xml:11
 msgid "5"
 msgstr "5"
 
@@ -144,7 +147,8 @@ msgstr "5"
 #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
 #: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12
 #: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
-#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-kcm.8.xml:12
+#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-session-recording.5.xml:12
+#: sssd-kcm.8.xml:12 sssd-systemtap.5.xml:12
 msgid "File Formats and Conventions"
 msgstr ""
 
@@ -295,11 +299,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:813
-#: sssd.conf.5.xml:1422 sssd-ldap.5.xml:1695 sssd-ldap.5.xml:1792
-#: sssd-ldap.5.xml:1854 sssd-ldap.5.xml:2411 sssd-ldap.5.xml:2476
-#: sssd-ldap.5.xml:2494 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:284 sssd-secrets.5.xml:297
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
+#: sssd.conf.5.xml:1467 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1881 sssd-ldap.5.xml:2447 sssd-ldap.5.xml:2512
+#: sssd-ldap.5.xml:2530 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
+#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
 msgid "Default: true"
 msgstr ""
 
@@ -316,17 +320,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:697
-#: sssd.conf.5.xml:1376 sssd.conf.5.xml:2691 sssd-ldap.5.xml:708
-#: sssd-ldap.5.xml:1569 sssd-ldap.5.xml:1588 sssd-ldap.5.xml:1764
-#: sssd-ldap.5.xml:2181 sssd-ipa.5.xml:144 sssd-ipa.5.xml:231
-#: sssd-ipa.5.xml:496 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
+#: sssd.conf.5.xml:1400 sssd.conf.5.xml:2865 sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:1596 sssd-ldap.5.xml:1615 sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:2217 sssd-ipa.5.xml:145 sssd-ipa.5.xml:232
+#: sssd-ipa.5.xml:540 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
 #: sssd-krb5.5.xml:471
 msgid "Default: false"
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2219
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2255
+#: sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:210
+#: sssd-systemtap.5.xml:248 sssd-systemtap.5.xml:304
 msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
 msgstr ""
 
@@ -349,8 +355,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1328 sssd.conf.5.xml:2707
-#: sssd-ldap.5.xml:1440 include/ldap_id_mapping.xml:264
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1352 sssd.conf.5.xml:2881
+#: sssd-ldap.5.xml:1467 include/ldap_id_mapping.xml:264
 msgid "Default: 10"
 msgstr ""
 
@@ -365,7 +371,7 @@ msgid "The [sssd] section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:2796
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:2970
 msgid "Section parameters"
 msgstr ""
 
@@ -413,19 +419,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:589
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
 msgid "reconnection_retries (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:592
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
 msgid ""
 "Number of times services should attempt to reconnect in the event of a Data "
 "Provider crash or restart before they give up"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:597
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
 msgid "Default: 3"
 msgstr "默认： 3"
 
@@ -445,7 +451,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2508
 msgid "re_expression (string)"
 msgstr ""
 
@@ -465,12 +471,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2391
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2559
 msgid "full_name_format (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2394
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2562
 msgid ""
 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -478,39 +484,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2405
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2573
 msgid "%1$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2574
 msgid "user name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2577
 msgid "%2$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2412
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2580
 msgid "domain name as specified in the SSSD config file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2418
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2586
 msgid "%3$s"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2421
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2589
 msgid ""
 "domain flat name. Mostly usable for Active Directory domains, both directly "
 "configured or discovered via IPA trusts."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2402
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2570
 msgid ""
 "The following expansions are supported: <placeholder type=\"variablelist\" "
 "id=\"0\"/>"
@@ -634,11 +640,11 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1132 sssd-ldap.5.xml:679
-#: sssd-ldap.5.xml:1528 sssd-ldap.5.xml:1540 sssd-ldap.5.xml:1622
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1156 sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:1555 sssd-ldap.5.xml:1567 sssd-ldap.5.xml:1649
 #: sssd-ad.5.xml:667 sssd-ad.5.xml:742 sssd-krb5.5.xml:410 sssd-krb5.5.xml:556
-#: sssd-secrets.5.xml:272 sssd-secrets.5.xml:310 sssd-secrets.5.xml:323
-#: sssd-secrets.5.xml:337 sssd-secrets.5.xml:348
+#: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
+#: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415
 #: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
 msgid "Default: not set"
 msgstr ""
@@ -809,8 +815,24 @@ msgid ""
 "be looked up in a random order for each parent domain."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:563
+msgid ""
+"Please, note that when this option is set the output format of all commands "
+"is always fully-qualified even when using short names for input.  In case "
+"the administrator wants the output not fully-qualified, the full_name_format "
+"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
+"However, keep in mind that during login, login applications often "
+"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
+"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
+"shortname is returned for a qualified input (while trying to reach a user "
+"which exists in multiple domains) might re-route the login attempt into the "
+"domain which users shortnames, making this workaround totally not "
+"recommended in cases where usernames may overlap between domains."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563 sssd.conf.5.xml:1340 sssd.conf.5.xml:2757
+#: sssd.conf.5.xml:587 sssd.conf.5.xml:1364 sssd.conf.5.xml:2931
 #: sssd-ad.5.xml:148 sssd-ad.5.xml:286 sssd-ad.5.xml:300
 msgid "Default: Not set"
 msgstr ""
@@ -827,12 +849,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:574
+#: sssd.conf.5.xml:598
 msgid "SERVICES SECTIONS"
 msgstr "服务部分"
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:600
 msgid ""
 "Settings that can be used to configure different services are described in "
 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -841,22 +863,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:607
 msgid "General service configuration options"
 msgstr "基本服务配置选项"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:609
 msgid "These options can be used to configure any service."
 msgstr "这些选项可被用于配置任何服务。"
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:626
 msgid "fd_limit"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:605
+#: sssd.conf.5.xml:629
 msgid ""
 "This option specifies the maximum number of file descriptors that may be "
 "opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -866,17 +888,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:614
+#: sssd.conf.5.xml:638
 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:643
 msgid "client_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:646
 msgid ""
 "This option specifies the number of seconds that a client of an SSSD process "
 "can hold onto a file descriptor without communicating on it. This value is "
@@ -886,18 +908,18 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:631 sssd.conf.5.xml:663 sssd.conf.5.xml:944
-#: sssd.conf.5.xml:1198 sssd-ldap.5.xml:1267
+#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
+#: sssd.conf.5.xml:1222 sssd-ldap.5.xml:1294
 msgid "Default: 60"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:660
 msgid "offline_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:663
 msgid ""
 "When SSSD switches to offline mode the amount of time before it tries to go "
 "back online will increase based upon the time spent disconnected.  This "
@@ -905,24 +927,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:670
 msgid "offline_timeout + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:673
 msgid ""
 "The random offset can increment up to 30 seconds.  After each unsuccessful "
 "attempt to go online, the new interval is recalculated by the following:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:678
 msgid "new_interval = old_interval*2 + random_offset"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:681
 msgid ""
 "Note that the maximum length of each interval is currently limited to one "
 "hour. If the calculated length of new_interval is greater than an hour, it "
@@ -930,12 +952,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:692
 msgid "responder_idle_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:695
 msgid ""
 "This option specifies the number of seconds that an SSSD responder process "
 "can be up without being used. This value is limited in order to avoid "
@@ -947,58 +969,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685 sssd.conf.5.xml:956 sssd.conf.5.xml:1514
+#: sssd.conf.5.xml:709 sssd.conf.5.xml:980 sssd.conf.5.xml:1559
 #: sssd-ldap.5.xml:722
 msgid "Default: 300"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:690
+#: sssd.conf.5.xml:714
 msgid "cache_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:717
 msgid ""
 "This option specifies whether the responder should query all caches before "
 "querying the Data Providers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:729
 msgid "NSS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:731
 msgid ""
 "These options can be used to configure the Name Service Switch (NSS) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:712
+#: sssd.conf.5.xml:736
 msgid "enum_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715
+#: sssd.conf.5.xml:739
 msgid ""
 "How many seconds should nss_sss cache enumerations (requests for info about "
 "all users)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:719
+#: sssd.conf.5.xml:743
 msgid "Default: 120"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:748
 msgid "entry_cache_nowait_percentage (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
+#: sssd.conf.5.xml:751
 msgid ""
 "The entry cache can be set to automatically update entries in the background "
 "if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -1006,7 +1028,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:733
+#: sssd.conf.5.xml:757
 msgid ""
 "For example, if the domain's entry_cache_timeout is set to 30s and "
 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1016,7 +1038,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:767
 msgid ""
 "Valid values for this option are 0-99 and represent a percentage of the "
 "entry_cache_timeout for each domain. For performance reasons, this "
@@ -1025,17 +1047,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:775 sssd.conf.5.xml:1421
 msgid "Default: 50"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:780
 msgid "entry_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:783
 msgid ""
 "Specifies for how many seconds nss_sss should cache negative cache hits "
 "(that is, queries for invalid database entries, like nonexistent ones)  "
@@ -1043,34 +1065,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:765 sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:789 sssd.conf.5.xml:1445
 msgid "Default: 15"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:770
+#: sssd.conf.5.xml:794
 msgid "local_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:773
+#: sssd.conf.5.xml:797
 msgid ""
 "Specifies for how many seconds nss_sss should keep local users and groups in "
 "negative cache before trying to look it up in the back end again."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778 sssd.conf.5.xml:1186 sssd.conf.5.xml:2641 sssd.8.xml:79
+#: sssd.conf.5.xml:802 sssd.conf.5.xml:1210 sssd.conf.5.xml:2815 sssd.8.xml:79
 msgid "Default: 0"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:807
 msgid "filter_users, filter_groups (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:786
+#: sssd.conf.5.xml:810
 msgid ""
 "Exclude certain users or groups from being fetched from the sss NSS "
 "database. This is particularly useful for system accounts. This option can "
@@ -1079,7 +1101,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:817
 msgid ""
 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 "members, since filtering happens after they are propagated for returning via "
@@ -1088,41 +1110,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:801
+#: sssd.conf.5.xml:825
 msgid "Default: root"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:830
 msgid "filter_users_in_groups (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:833
 msgid ""
 "If you want filtered user still be group members set this option to false."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:820
+#: sssd.conf.5.xml:844
 msgid "fallback_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:847
 msgid ""
 "Set a default template for a user's home directory if one is not specified "
 "explicitly by the domain's data provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:852
 msgid ""
 "The available values for this option are the same as for override_homedir."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:834
+#: sssd.conf.5.xml:858
 #, no-wrap
 msgid ""
 "fallback_homedir = /home/%u\n"
@@ -1130,23 +1152,23 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1265 sssd.conf.5.xml:1284
+#: sssd.conf.5.xml:856 sssd.conf.5.xml:1289 sssd.conf.5.xml:1308
 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59
 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:862
 msgid "Default: not set (no substitution for unset home directories)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:868
 msgid "override_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:871
 msgid ""
 "Override the login shell for all users. This option supersedes any other "
 "shell options if it takes effect and can be set either in the [nss] section "
@@ -1154,47 +1176,47 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:877
 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:883
 msgid "allowed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:886
 msgid ""
 "Restrict user shell to one of the listed values. The order of evaluation is:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:889
 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:869
+#: sssd.conf.5.xml:893
 msgid ""
 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 "quote>, use the value of the shell_fallback parameter."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:898
 msgid ""
 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 "shells</quote>, a nologin shell is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:879
+#: sssd.conf.5.xml:903
 msgid "The wildcard (*) can be used to allow any shell."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:906
 msgid ""
 "The (*) is useful if you want to use shell_fallback in case that user's "
 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1202,105 +1224,105 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:913
 msgid "An empty string for shell is passed as-is to libc."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:892
+#: sssd.conf.5.xml:916
 msgid ""
 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 "that a restart of the SSSD is required in case a new shell is installed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:920
 msgid "Default: Not set. The user shell is automatically used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:925
 msgid "vetoed_shells (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:904
+#: sssd.conf.5.xml:928
 msgid "Replace any instance of these shells with the shell_fallback"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:909
+#: sssd.conf.5.xml:933
 msgid "shell_fallback (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:936
 msgid ""
 "The default shell to use if an allowed shell is not installed on the machine."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:940
 msgid "Default: /bin/sh"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:945
 msgid "default_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:948
 msgid ""
 "The default shell to use if the provider does not return one during lookup. "
 "This option can be specified globally in the [nss] section or per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:954
 msgid ""
 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 "substitute something sensible when necessary, usually /bin/sh)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:937 sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:961 sssd.conf.5.xml:1215
 msgid "get_domains_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1218
 msgid ""
 "Specifies time in seconds for which the list of subdomains will be "
 "considered valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:973
 msgid "memcache_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:952
+#: sssd.conf.5.xml:976
 msgid ""
 "Specifies time in seconds for which records in the in-memory cache will be "
 "valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:983
 msgid ""
 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 "client applications will not use the fast in-memory cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:967 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:991 sssd-ifp.5.xml:74
 msgid "user_attributes (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:994
 msgid ""
 "Some of the additional NSS responder requests can return more attributes "
 "than just the POSIX ones defined by the NSS interface. The list of "
@@ -1311,96 +1333,96 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1007
 msgid ""
 "To make configuration more easy the NSS responder will check the InfoPipe "
 "option if it is not set for the NSS responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1012
 msgid "Default: not set, fallback to InfoPipe option"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:993
+#: sssd.conf.5.xml:1017
 msgid "pwfield (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:996
+#: sssd.conf.5.xml:1020
 msgid ""
 "The value that NSS operations that return users or groups will return for "
 "the <quote>password</quote> field."
 msgstr ""
 
 #. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1025 include/override_homedir.xml:56
 msgid "This option can also be set per-domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1004
+#: sssd.conf.5.xml:1028
 msgid ""
 "Default: <quote>*</quote> (remote domains)  or <quote>x</quote> (the files "
 "domain)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1012
+#: sssd.conf.5.xml:1036
 msgid "PAM configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1038
 msgid ""
 "These options can be used to configure the Pluggable Authentication Module "
 "(PAM) service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1043
 msgid "offline_credentials_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1022
+#: sssd.conf.5.xml:1046
 msgid ""
 "If the authentication provider is offline, how long should we allow cached "
 "logins (in days since the last successful online login)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027 sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1051 sssd.conf.5.xml:1064
 msgid "Default: 0 (No limit)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1057
 msgid "offline_failed_login_attempts (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1060
 msgid ""
 "If the authentication provider is offline, how many failed login attempts "
 "are allowed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1070
 msgid "offline_failed_login_delay (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1073
 msgid ""
 "The time in minutes which has to pass after offline_failed_login_attempts "
 "has been reached before a new login attempt is possible."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1078
 msgid ""
 "If set to 0 the user cannot authenticate offline if "
 "offline_failed_login_attempts has been reached. Only a successful online "
@@ -1408,122 +1430,122 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1084 sssd.conf.5.xml:1182
 msgid "Default: 5"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1090
 msgid "pam_verbosity (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1093
 msgid ""
 "Controls what kind of messages are shown to the user during authentication. "
 "The higher the number to more messages are displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1098
 msgid "Currently sssd supports the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1101
 msgid "<emphasis>0</emphasis>: do not show any message"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1104
 msgid "<emphasis>1</emphasis>: show only important messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1108
 msgid "<emphasis>2</emphasis>: show informational messages"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1111
 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.8.xml:63
+#: sssd.conf.5.xml:1115 sssd.8.xml:63
 msgid "Default: 1"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1121
 msgid "pam_response_filter (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1124
 msgid ""
-"A comma separated list of strings which allows to remove (filter) data send "
+"A comma separated list of strings which allows to remove (filter) data sent "
 "by the PAM responder to pam_sss PAM module. There are different kind of "
-"responses send to pam_sss e.g. messages displayed to the user or environment "
+"responses sent to pam_sss e.g. messages displayed to the user or environment "
 "variables which should be set by pam_sss."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1132
 msgid ""
 "While messages already can be controlled with the help of the pam_verbosity "
 "option this option allows to filter out other kind of responses as well."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1139
 msgid "ENV"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1116
-msgid "Do not sent any environment variables to any service."
+#: sssd.conf.5.xml:1140
+msgid "Do not send any environment variables to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1143
 msgid "ENV:var_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
-msgid "Do not sent environment variable var_name to any service."
+#: sssd.conf.5.xml:1144
+msgid "Do not send environment variable var_name to any service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1148
 msgid "ENV:var_name:service"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1125
-msgid "Do not sent environment variable var_name to service."
+#: sssd.conf.5.xml:1149
+msgid "Do not send environment variable var_name to service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1137
 msgid ""
 "Currently the following filters are supported: <placeholder type="
 "\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1159
 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1165
 msgid "pam_id_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1168
 msgid ""
 "For any PAM request while SSSD is online, the SSSD will attempt to "
 "immediately update the cached identity information for the user in order to "
@@ -1531,7 +1553,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1174
 msgid ""
 "A complete PAM conversation may perform multiple PAM requests, such as "
 "account management and session opening. This option controls (on a per-"
@@ -1540,17 +1562,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1188
 msgid "pam_pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1167 sssd.conf.5.xml:1866
+#: sssd.conf.5.xml:1191 sssd.conf.5.xml:2010
 msgid "Display a warning N days before the password expires."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1194
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -1558,26 +1580,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1869
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2013
 msgid ""
 "If zero is set, then this filter is not applied, i.e. if the expiration "
 "warning was received from backend server, it will automatically be displayed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1205
 msgid ""
 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 "emphasis> for a particular domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1227
 msgid "pam_trusted_users (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1206
+#: sssd.conf.5.xml:1230
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to run PAM conversations against trusted domains.  Users not "
@@ -1587,74 +1609,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1240
 msgid "Default: All users are considered trusted by default"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1220
+#: sssd.conf.5.xml:1244
 msgid ""
 "Please note that UID 0 is always allowed to access the PAM responder even in "
 "case it is not in the pam_trusted_users list."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1251
 msgid "pam_public_domains (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1254
 msgid ""
 "Specifies the comma-separated list of domain names that are accessible even "
 "to untrusted users."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1258
 msgid "Two special values for pam_public_domains option are defined:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1238
+#: sssd.conf.5.xml:1262
 msgid ""
 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1242
+#: sssd.conf.5.xml:1266
 msgid ""
 "none (Untrusted users are not allowed to access any domains PAM in "
 "responder.)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1246 sssd.conf.5.xml:1271 sssd.conf.5.xml:1290
-#: sssd.conf.5.xml:1663 sssd.conf.5.xml:2577 sssd-ldap.5.xml:1823
+#: sssd.conf.5.xml:1270 sssd.conf.5.xml:1295 sssd.conf.5.xml:1314
+#: sssd.conf.5.xml:1807 sssd.conf.5.xml:2751 sssd-ldap.5.xml:1850
 msgid "Default: none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1275
 msgid "pam_account_expired_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1254
+#: sssd.conf.5.xml:1278
 msgid ""
 "Allows a custom expiration message to be set, replacing the default "
 "'Permission denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1283
 msgid ""
 "Note: Please be aware that message is only printed for the SSH service "
 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:1291
 #, no-wrap
 msgid ""
 "pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1662,19 +1684,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1276
+#: sssd.conf.5.xml:1300
 msgid "pam_account_locked_message (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1303
 msgid ""
 "Allows a custom lockout message to be set, replacing the default 'Permission "
 "denied' message."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1310
 #, no-wrap
 msgid ""
 "pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1682,12 +1704,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1319
 msgid "pam_cert_auth (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1322
 msgid ""
 "Enable certificate based Smartcard authentication.  Since this requires "
 "additional communication with the Smartcard which will delay the "
@@ -1695,58 +1717,58 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1304 sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1078
-#: sssd-ldap.5.xml:1369 sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1896
+#: sssd.conf.5.xml:1328 sssd-ldap.5.xml:1078 sssd-ldap.5.xml:1105
+#: sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1417 sssd-ldap.5.xml:1923
 #: include/ldap_id_mapping.xml:244
 msgid "Default: False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1309
+#: sssd.conf.5.xml:1333
 msgid "pam_cert_db_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1312
+#: sssd.conf.5.xml:1336
 msgid ""
 "The path to the certificate database which contain the PKCS#11 modules to "
 "access the Smartcard."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1340
 msgid "Default: /etc/pki/nssdb (NSS version)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1345
 msgid "p11_child_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1348
 msgid "How many seconds will pam_sss wait for p11_child to finish."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1357
 msgid "pam_app_services (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1360
 msgid ""
 "Which PAM services are permitted to contact domains of type "
 "<quote>application</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1349
+#: sssd.conf.5.xml:1373
 msgid "SUDO configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1351
+#: sssd.conf.5.xml:1375
 msgid ""
 "These options can be used to configure the sudo service.  The detailed "
 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1757,34 +1779,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1392
 msgid "sudo_timed (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1371
+#: sssd.conf.5.xml:1395
 msgid ""
 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 "that implement time-dependent sudoers entries."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1407
+msgid "sudo_threshold (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1410
+msgid ""
+"Maximum number of expired rules that can be refreshed at once. If number of "
+"expired rules is below threshold, those rules are refreshed with "
+"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
+"<quote>full refresh</quote> of sudo rules is triggered instead. This "
+"threshold number also applies to IPA sudo command and command group searches."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1429
 msgid "AUTOFS configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1431
 msgid "These options can be used to configure the autofs service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1390
+#: sssd.conf.5.xml:1435
 msgid "autofs_negative_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1393
+#: sssd.conf.5.xml:1438
 msgid ""
 "Specifies for how many seconds should the autofs responder negative cache "
 "hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1792,68 +1829,68 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1409
+#: sssd.conf.5.xml:1454
 msgid "SSH configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1411
+#: sssd.conf.5.xml:1456
 msgid "These options can be used to configure the SSH service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1415
+#: sssd.conf.5.xml:1460
 msgid "ssh_hash_known_hosts (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1463
 msgid ""
 "Whether or not to hash host names and addresses in the managed known_hosts "
 "file."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1427
+#: sssd.conf.5.xml:1472
 msgid "ssh_known_hosts_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430
+#: sssd.conf.5.xml:1475
 msgid ""
 "How many seconds to keep a host in the managed known_hosts file after its "
 "host keys were requested."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1434
+#: sssd.conf.5.xml:1479
 msgid "Default: 180"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1484
 msgid "ca_db (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1487
 msgid ""
 "Path to a storage of trusted CA certificates. The option is used to validate "
 "user certificates before deriving public ssh keys from them."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1447
+#: sssd.conf.5.xml:1492
 msgid "Default: /etc/pki/nssdb"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1455
+#: sssd.conf.5.xml:1500
 msgid "PAC responder configuration options"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1457
+#: sssd.conf.5.xml:1502
 msgid ""
 "The PAC responder works together with the authorization data plugin for MIT "
 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1864,7 +1901,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1466
+#: sssd.conf.5.xml:1511
 msgid ""
 "If the remote user does not exist in the cache, it is created. The UID is "
 "determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1875,24 +1912,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1519
 msgid ""
 "If there are SIDs of groups from domains sssd knows about, the user will be "
 "added to those groups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1525
 msgid "These options can be used to configure the PAC responder."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1484 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1529 sssd-ifp.5.xml:50
 msgid "allowed_uids (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1487
+#: sssd.conf.5.xml:1532
 msgid ""
 "Specifies the comma-separated list of UID values or user names that are "
 "allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1900,12 +1937,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1538
 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1497
+#: sssd.conf.5.xml:1542
 msgid ""
 "Please note that although the UID 0 is used as the default it will be "
 "overwritten with this option. If you still want to allow the root user to "
@@ -1914,29 +1951,148 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
+#: sssd.conf.5.xml:1551
 msgid "pac_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1554
 msgid ""
 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 "data can be used to determine the group memberships of a user."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1567
+#, fuzzy
+#| msgid "General service configuration options"
+msgid "Session recording configuration options"
+msgstr "基本服务配置选项"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1569
+msgid ""
+"Session recording works in conjunction with <citerefentry> "
+"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>, a part of tlog package, to log what users see and type when "
+"they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
+"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1582
+#, fuzzy
+#| msgid "These options can be used to configure any service."
+msgid "These options can be used to configure session recording."
+msgstr "这些选项可被用于配置任何服务。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1586 sssd-session-recording.5.xml:64
+msgid "scope (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:71
+msgid "\"none\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:74
+msgid "No users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1601 sssd-session-recording.5.xml:79
+msgid "\"some\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1604 sssd-session-recording.5.xml:82
+msgid ""
+"Users/groups specified by <replaceable>users</replaceable> and "
+"<replaceable>groups</replaceable> options are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1613 sssd-session-recording.5.xml:91
+msgid "\"all\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1616 sssd-session-recording.5.xml:94
+msgid "All users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1589 sssd-session-recording.5.xml:67
+msgid ""
+"One of the following strings specifying the scope of session recording: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:101
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: \"none\""
+msgstr "默认： 3"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1628 sssd-session-recording.5.xml:106
+msgid "users (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1631 sssd-session-recording.5.xml:109
+msgid ""
+"A comma-separated list of users which should have session recording enabled. "
+"Matches user names as returned by NSS. I.e. after the possible space "
+"replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1637 sssd-session-recording.5.xml:115
+msgid "Default: Empty. Matches no users."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1642 sssd-session-recording.5.xml:120
+msgid "groups (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1645 sssd-session-recording.5.xml:123
+msgid ""
+"A comma-separated list of groups, members of which should have session "
+"recording enabled. Matches group names as returned by NSS. I.e. after the "
+"possible space replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1651 sssd-session-recording.5.xml:129
+msgid ""
+"NOTE: using this option (having it set to anything) has a considerable "
+"performance cost, because each uncached request for a user requires "
+"retrieving and matching the groups the user is member of."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:136
+msgid "Default: Empty. Matches no groups."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1668
 msgid "DOMAIN SECTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1531
+#: sssd.conf.5.xml:1675
 msgid "domain_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1534
+#: sssd.conf.5.xml:1678
 msgid ""
 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 "as the Name Service Switch or by applications that do not need POSIX data to "
@@ -1945,14 +2101,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1542
+#: sssd.conf.5.xml:1686
 msgid ""
 "Allowed values for this option are <quote>posix</quote> and "
 "<quote>application</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546
+#: sssd.conf.5.xml:1690
 msgid ""
 "POSIX domains are reachable by all services. Application domains are only "
 "reachable from the InfoPipe responder (see <citerefentry> "
@@ -1961,40 +2117,38 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1698
 msgid ""
 "NOTE: The application domains are currently well tested with "
 "<quote>id_provider=ldap</quote> only."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1702
 msgid ""
 "For an easy way to configure a non-POSIX domains, please see the "
 "<quote>Application domains</quote> section."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1562
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd.conf.5.xml:1706
 msgid "Default: posix"
-msgstr "默认： 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1568
+#: sssd.conf.5.xml:1712
 msgid "min_id,max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1715
 msgid ""
 "UID and GID limits for the domain. If a domain contains an entry that is "
 "outside these limits, it is ignored."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1720
 msgid ""
 "For users, this affects the primary GID limit. The user will not be returned "
 "to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -2003,46 +2157,46 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1727
 msgid ""
 "These ID limits affect even saving entries to cache, not only returning them "
 "by name or ID."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1731
 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1737
 msgid "enumerate (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596
+#: sssd.conf.5.xml:1740
 msgid ""
 "Determines if a domain can be enumerated. This parameter can have one of the "
 "following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1744
 msgid "TRUE = Users and groups are enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603
+#: sssd.conf.5.xml:1747
 msgid "FALSE = No enumerations for this domain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1821 sssd.conf.5.xml:1988
+#: sssd.conf.5.xml:1750 sssd.conf.5.xml:1965 sssd.conf.5.xml:2132
 msgid "Default: FALSE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1609
+#: sssd.conf.5.xml:1753
 msgid ""
 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 "enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2054,14 +2208,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1766
 msgid ""
 "While the first enumeration is running, requests for the complete user or "
 "group lists may return no results until it completes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1771
 msgid ""
 "Further, enabling enumeration may increase the time necessary to detect "
 "network disconnection, as longer timeouts are required to ensure that "
@@ -2070,39 +2224,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:1779
 msgid ""
 "For the reasons cited above, enabling enumeration is not recommended, "
 "especially in large environments."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1643
+#: sssd.conf.5.xml:1787
 msgid "subdomain_enumerate (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1650
+#: sssd.conf.5.xml:1794
 msgid "all"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1651
+#: sssd.conf.5.xml:1795
 msgid "All discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1798
 msgid "none"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1799
 msgid "No discovered trusted domains will be enumerated"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1790
 msgid ""
 "Whether any of autodetected trusted domains should be enumerated. The "
 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2111,19 +2265,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1813
 msgid "entry_cache_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672
+#: sssd.conf.5.xml:1816
 msgid ""
 "How many seconds should nss_sss consider entries valid before asking the "
 "backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1820
 msgid ""
 "The cache expiration timestamps are stored as attributes of individual "
 "objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2134,151 +2288,151 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1689
+#: sssd.conf.5.xml:1833
 msgid "Default: 5400"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1695
+#: sssd.conf.5.xml:1839
 msgid "entry_cache_user_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1698
+#: sssd.conf.5.xml:1842
 msgid ""
 "How many seconds should nss_sss consider user entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1702 sssd.conf.5.xml:1715 sssd.conf.5.xml:1728
-#: sssd.conf.5.xml:1741 sssd.conf.5.xml:1754 sssd.conf.5.xml:1768
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1846 sssd.conf.5.xml:1859 sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1885 sssd.conf.5.xml:1898 sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1926
 msgid "Default: entry_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1708
+#: sssd.conf.5.xml:1852
 msgid "entry_cache_group_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1711
+#: sssd.conf.5.xml:1855
 msgid ""
 "How many seconds should nss_sss consider group entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1721
+#: sssd.conf.5.xml:1865
 msgid "entry_cache_netgroup_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1868
 msgid ""
 "How many seconds should nss_sss consider netgroup entries valid before "
 "asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1878
 msgid "entry_cache_service_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1881
 msgid ""
 "How many seconds should nss_sss consider service entries valid before asking "
 "the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1891
 msgid "entry_cache_sudo_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1750
+#: sssd.conf.5.xml:1894
 msgid ""
 "How many seconds should sudo consider rules valid before asking the backend "
 "again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1760
+#: sssd.conf.5.xml:1904
 msgid "entry_cache_autofs_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1763
+#: sssd.conf.5.xml:1907
 msgid ""
 "How many seconds should the autofs service consider automounter maps valid "
 "before asking the backend again"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1774
+#: sssd.conf.5.xml:1918
 msgid "entry_cache_ssh_host_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1921
 msgid ""
 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 "the host key for."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1932
 msgid "refresh_expired_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1791
+#: sssd.conf.5.xml:1935
 msgid ""
 "Specifies how many seconds SSSD has to wait before triggering a background "
 "refresh task which will refresh all expired or nearly expired records."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1796
+#: sssd.conf.5.xml:1940
 msgid ""
 "The background refresh will process users, groups and netgroups in the cache."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1944
 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1804 sssd-ldap.5.xml:746 sssd-ipa.5.xml:247
+#: sssd.conf.5.xml:1948 sssd-ldap.5.xml:746 sssd-ipa.5.xml:248
 msgid "Default: 0 (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1810
+#: sssd.conf.5.xml:1954
 msgid "cache_credentials (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1957
 msgid "Determines if user credentials are also cached in the local LDB cache"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1961
 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1827
+#: sssd.conf.5.xml:1971
 msgid "cache_credentials_minimal_first_factor_length (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1830
+#: sssd.conf.5.xml:1974
 msgid ""
 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 "this value determines the minimal length the first authentication factor "
@@ -2286,24 +2440,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1981
 msgid ""
 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 "the cache which would make them easy targets for brute-force attacks."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1986
 msgid "Default: 8"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1992
 msgid "account_cache_expiration (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1995
 msgid ""
 "Number of days entries are left in cache after last successful login before "
 "being removed during a cleanup of the cache. 0 means keep forever.  The "
@@ -2312,17 +2466,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1858
+#: sssd.conf.5.xml:2002
 msgid "Default: 0 (unlimited)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:2007
 msgid "pwd_expiration_warning (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1874
+#: sssd.conf.5.xml:2018
 msgid ""
 "Please note that the backend server has to provide information about the "
 "expiration time of the password.  If this information is missing, sssd "
@@ -2331,33 +2485,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1881
+#: sssd.conf.5.xml:2025
 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:2031
 msgid "id_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2034
 msgid ""
 "The identification provider used for the domain.  Supported ID providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1894
+#: sssd.conf.5.xml:2038
 msgid "<quote>proxy</quote>: Support a legacy NSS provider"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897 sssd.conf.5.xml:2034
+#: sssd.conf.5.xml:2041 sssd.conf.5.xml:2178
 msgid "<quote>local</quote>: SSSD internal provider for local users"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:2045
 msgid ""
 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2365,8 +2519,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1909 sssd.conf.5.xml:2014 sssd.conf.5.xml:2069
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2053 sssd.conf.5.xml:2158 sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2276
 msgid ""
 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2375,8 +2529,8 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1918 sssd.conf.5.xml:2023 sssd.conf.5.xml:2078
-#: sssd.conf.5.xml:2141
+#: sssd.conf.5.xml:2062 sssd.conf.5.xml:2167 sssd.conf.5.xml:2222
+#: sssd.conf.5.xml:2285
 msgid ""
 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2384,19 +2538,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2073
 msgid "use_fully_qualified_names (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:2076
 msgid ""
 "Use the full name and domain (as formatted by the domain's full_name_format) "
 "as the user's login name reported to NSS."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2081
 msgid ""
 "If set to TRUE, all requests to this domain must use fully qualified names. "
 "For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2405,7 +2559,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1945
+#: sssd.conf.5.xml:2089
 msgid ""
 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 "include nested netgroups without qualified names. For netgroups, all domains "
@@ -2413,22 +2567,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1952
+#: sssd.conf.5.xml:2096
 msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2102
 msgid "ignore_group_members (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1961
+#: sssd.conf.5.xml:2105
 msgid "Do not return group members for group lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2108
 msgid ""
 "If set to TRUE, the group membership attribute is not requested from the "
 "ldap server, and group members are not returned when processing group lookup "
@@ -2440,7 +2594,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1982
+#: sssd.conf.5.xml:2126
 msgid ""
 "Enabling this option can also make access provider checks for group "
 "membership significantly faster, especially for groups containing many "
@@ -2448,19 +2602,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1993
+#: sssd.conf.5.xml:2137
 msgid "auth_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1996
+#: sssd.conf.5.xml:2140
 msgid ""
 "The authentication provider used for the domain.  Supported auth providers "
 "are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000 sssd.conf.5.xml:2062
+#: sssd.conf.5.xml:2144 sssd.conf.5.xml:2206
 msgid ""
 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2468,7 +2622,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2007
+#: sssd.conf.5.xml:2151
 msgid ""
 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2476,30 +2630,30 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2175
 msgid ""
 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2182
 msgid "<quote>none</quote> disables authentication explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2041
+#: sssd.conf.5.xml:2185
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "authentication requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2191
 msgid "access_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2194
 msgid ""
 "The access control provider used for the domain.  There are two built-in "
 "access providers (in addition to any included in installed backends)  "
@@ -2507,19 +2661,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
+#: sssd.conf.5.xml:2200
 msgid ""
 "<quote>permit</quote> always allow access. It's the only permitted access "
 "provider for a local domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059
+#: sssd.conf.5.xml:2203
 msgid "<quote>deny</quote> always deny access."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2086
+#: sssd.conf.5.xml:2230
 msgid ""
 "<quote>simple</quote> access control based on access or deny lists. See "
 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2528,7 +2682,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2093
+#: sssd.conf.5.xml:2237
 msgid ""
 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -2536,29 +2690,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2244
 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2247
 msgid "Default: <quote>permit</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2108
+#: sssd.conf.5.xml:2252
 msgid "chpass_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2111
+#: sssd.conf.5.xml:2255
 msgid ""
 "The provider which should handle change password operations for the domain.  "
 "Supported change password providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2116
+#: sssd.conf.5.xml:2260
 msgid ""
 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2566,7 +2720,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2124
+#: sssd.conf.5.xml:2268
 msgid ""
 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2574,35 +2728,35 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2149
+#: sssd.conf.5.xml:2293
 msgid ""
 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2153
+#: sssd.conf.5.xml:2297
 msgid "<quote>none</quote> disallows password changes explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2300
 msgid ""
 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 "change password requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2163
+#: sssd.conf.5.xml:2307
 msgid "sudo_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2166
+#: sssd.conf.5.xml:2310
 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2314
 msgid ""
 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2610,32 +2764,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2178
+#: sssd.conf.5.xml:2322
 msgid ""
 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2326
 msgid ""
 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 "settings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2186
+#: sssd.conf.5.xml:2330
 msgid "<quote>none</quote> disables SUDO explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189 sssd.conf.5.xml:2267 sssd.conf.5.xml:2308
-#: sssd.conf.5.xml:2333
+#: sssd.conf.5.xml:2333 sssd.conf.5.xml:2411 sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2501
 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2337
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2646,12 +2800,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2210
+#: sssd.conf.5.xml:2354
 msgid "selinux_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2357
 msgid ""
 "The provider which should handle loading of selinux settings. Note that this "
 "provider will be called right after access provider ends.  Supported selinux "
@@ -2659,7 +2813,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2219
+#: sssd.conf.5.xml:2363
 msgid ""
 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2667,31 +2821,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2227
+#: sssd.conf.5.xml:2371
 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2230
+#: sssd.conf.5.xml:2374
 msgid ""
 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 "selinux loading requests."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2380
 msgid "subdomains_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2383
 msgid ""
 "The provider which should handle fetching of subdomains. This value should "
 "be always the same as id_provider.  Supported subdomain providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2245
+#: sssd.conf.5.xml:2389
 msgid ""
 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2699,7 +2853,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2254
+#: sssd.conf.5.xml:2398
 msgid ""
 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2708,23 +2862,54 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2263
+#: sssd.conf.5.xml:2407
 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2417
+msgid "session_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2420
+msgid ""
+"The provider which configures and manages user session related tasks. The "
+"only user session task currently provided is the integration with Fleet "
+"Commander, which works only with IPA.  Supported session providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2427
+msgid "<quote>ipa</quote> to allow performing user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2431
+msgid ""
+"<quote>none</quote> does not perform any kind of user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2435
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can perform "
+"session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2442
 msgid "autofs_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2445
 msgid ""
 "The autofs provider used for the domain.  Supported autofs providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2449
 msgid ""
 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2732,7 +2917,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2288
+#: sssd.conf.5.xml:2456
 msgid ""
 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2740,7 +2925,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2296
+#: sssd.conf.5.xml:2464
 msgid ""
 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2748,24 +2933,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2305
+#: sssd.conf.5.xml:2473
 msgid "<quote>none</quote> disables autofs explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2483
 msgid "hostid_provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2486
 msgid ""
 "The provider used for retrieving host identity information.  Supported "
 "hostid providers are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2322
+#: sssd.conf.5.xml:2490
 msgid ""
 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2773,12 +2958,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2330
+#: sssd.conf.5.xml:2498
 msgid "<quote>none</quote> disables hostid explicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2343
+#: sssd.conf.5.xml:2511
 msgid ""
 "Regular expression for this domain that describes how to parse the string "
 "containing user name and domain into these components.  The \"domain\" can "
@@ -2788,7 +2973,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2520
 msgid ""
 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2797,29 +2982,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2525
 msgid "username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2528
 msgid "username@domain.name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2363
+#: sssd.conf.5.xml:2531
 msgid "domain\\username"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2366
+#: sssd.conf.5.xml:2534
 msgid ""
 "While the first two correspond to the general default the third one is "
 "introduced to allow easy integration of users from Windows domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2371
+#: sssd.conf.5.xml:2539
 msgid ""
 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 "which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2827,7 +3012,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2377
+#: sssd.conf.5.xml:2545
 msgid ""
 "PLEASE NOTE: the support for non-unique named subpatterns is not available "
 "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2835,137 +3020,145 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2384
+#: sssd.conf.5.xml:2552
 msgid ""
 "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
 "P&lt;name&gt;) to label subpatterns."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2431
+#: sssd.conf.5.xml:2599
 msgid "Default: <quote>%1$s@%2$s</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2437
+#: sssd.conf.5.xml:2605
 msgid "lookup_family_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2440
+#: sssd.conf.5.xml:2608
 msgid ""
 "Provides the ability to select preferred address family to use when "
 "performing DNS lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2444
+#: sssd.conf.5.xml:2612
 msgid "Supported values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2447
+#: sssd.conf.5.xml:2615
 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2450
+#: sssd.conf.5.xml:2618
 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2621
 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2456
+#: sssd.conf.5.xml:2624
 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2459
+#: sssd.conf.5.xml:2627
 msgid "Default: ipv4_first"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2633
 msgid "dns_resolver_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2468
+#: sssd.conf.5.xml:2636
 msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
+"Defines the amount of time (in seconds) to wait for a reply from the "
+"internal fail over service before assuming that the service is unreachable. "
+"If this timeout is reached, the domain will continue to operate in offline "
+"mode."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2474 sssd-ldap.5.xml:1251 sssd-ldap.5.xml:1293
-#: sssd-ldap.5.xml:1311 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2643
+msgid ""
+"Please see the section <quote>FAILOVER</quote> for more information about "
+"the service resolution."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2648 sssd-ldap.5.xml:1278 sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1338 sssd-krb5.5.xml:248
 msgid "Default: 6"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2654
 msgid "dns_discovery_domain (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2483
+#: sssd.conf.5.xml:2657
 msgid ""
 "If service discovery is used in the back end, specifies the domain part of "
 "the service discovery DNS query."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2661
 msgid "Default: Use the domain part of machine's hostname"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2493
+#: sssd.conf.5.xml:2667
 msgid "override_gid (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2496
+#: sssd.conf.5.xml:2670
 msgid "Override the primary GID value with the one specified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2502
+#: sssd.conf.5.xml:2676
 msgid "case_sensitive (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2510
+#: sssd.conf.5.xml:2684
 msgid "True"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2513
+#: sssd.conf.5.xml:2687
 msgid "Case sensitive. This value is invalid for AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2519
+#: sssd.conf.5.xml:2693
 msgid "False"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2695
 msgid "Case insensitive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2525
+#: sssd.conf.5.xml:2699
 msgid "Preserving"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2528
+#: sssd.conf.5.xml:2702
 msgid ""
 "Same as False (case insensitive), but does not lowercase names in the result "
 "of NSS operations. Note that name aliases (and in case of services also "
@@ -2973,7 +3166,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2505
+#: sssd.conf.5.xml:2679
 msgid ""
 "Treat user and group names as case sensitive. At the moment, this option is "
 "not supported in the local provider. Possible option values are: "
@@ -2981,17 +3174,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2540
+#: sssd.conf.5.xml:2714
 msgid "Default: True (False for AD provider)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2546
+#: sssd.conf.5.xml:2720
 msgid "subdomain_inherit (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2549
+#: sssd.conf.5.xml:2723
 msgid ""
 "Specifies a list of configuration parameters that should be inherited by a "
 "subdomain. Please note that only selected parameters can be inherited.  "
@@ -2999,34 +3192,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2729
 msgid "ignore_group_members"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2558
+#: sssd.conf.5.xml:2732
 msgid "ldap_purge_cache_timeout"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2561 sssd-ldap.5.xml:1084
+#: sssd.conf.5.xml:2735 sssd-ldap.5.xml:1111
 msgid "ldap_use_tokengroups"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2564
+#: sssd.conf.5.xml:2738
 msgid "ldap_user_principal"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2567
+#: sssd.conf.5.xml:2741
 msgid ""
 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 "is not set explicitly)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2573
+#: sssd.conf.5.xml:2747
 #, no-wrap
 msgid ""
 "subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3034,32 +3227,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2571 sssd-secrets.5.xml:381
+#: sssd.conf.5.xml:2745 sssd-secrets.5.xml:448
 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2580
+#: sssd.conf.5.xml:2754
 msgid "Note: This option only works with the IPA and AD provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2587
+#: sssd.conf.5.xml:2761
 msgid "subdomain_homedir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2772
 msgid "%F"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2599
+#: sssd.conf.5.xml:2773
 msgid "flat (NetBIOS) name of a subdomain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2764
 msgid ""
 "Use this homedir as default value for all subdomains within this domain in "
 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
@@ -3069,34 +3262,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:2778
 msgid ""
 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:2782
 msgid "Default: <filename>/home/%d/%u</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2613
+#: sssd.conf.5.xml:2787
 msgid "realmd_tags (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2616
+#: sssd.conf.5.xml:2790
 msgid ""
 "Various tags stored by the realmd configuration service for this domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2622
+#: sssd.conf.5.xml:2796
 msgid "cached_auth_timeout (int)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2625
+#: sssd.conf.5.xml:2799
 msgid ""
 "Specifies time in seconds since last successful online authentication for "
 "which user will be authenticated using cached credentials while SSSD is in "
@@ -3104,12 +3297,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2805
 msgid "Special value 0 implies that this feature is disabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2635
+#: sssd.conf.5.xml:2809
 msgid ""
 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3117,7 +3310,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1670
 msgid ""
 "These configuration options can be present in a domain configuration "
 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3125,29 +3318,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2653
+#: sssd.conf.5.xml:2827
 msgid "proxy_pam_target (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2656
+#: sssd.conf.5.xml:2830
 msgid "The proxy target PAM proxies to."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2659
+#: sssd.conf.5.xml:2833
 msgid ""
 "Default: not set by default, you have to take an existing pam configuration "
 "or create a new one and add the service name here."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2841
 msgid "proxy_lib_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2670
+#: sssd.conf.5.xml:2844
 msgid ""
 "The name of the NSS library to use in proxy domains. The NSS functions "
 "searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3155,12 +3348,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2680
+#: sssd.conf.5.xml:2854
 msgid "proxy_fast_alias (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2683
+#: sssd.conf.5.xml:2857
 msgid ""
 "When a user or group is looked up by name in the proxy provider, a second "
 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3169,12 +3362,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2697
+#: sssd.conf.5.xml:2871
 msgid "proxy_max_children (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2700
+#: sssd.conf.5.xml:2874
 msgid ""
 "This option specifies the number of pre-forked proxy children. It is useful "
 "for high-load SSSD environments where sssd may run out of available child "
@@ -3182,19 +3375,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2823
 msgid ""
 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 "\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2890
 msgid "Application domains"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2892
 msgid ""
 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3211,7 +3404,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2738
+#: sssd.conf.5.xml:2912
 msgid ""
 "Please note that the application domain must still be explicitly enabled in "
 "the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3219,17 +3412,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2744
+#: sssd.conf.5.xml:2918
 msgid "Application domain parameters"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2746
+#: sssd.conf.5.xml:2920
 msgid "inherit_from (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2749
+#: sssd.conf.5.xml:2923
 msgid ""
 "The SSSD POSIX-type domain the application domain inherits all settings "
 "from. The application domain can moreover add its own settings to the "
@@ -3238,18 +3431,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2937
 msgid ""
 "The following example illustrates the use of an application domain. In this "
 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
-"through the NSS responder. In addition, the application domains also "
-"requests the telephoneNumber attribute, stores it as the phone attribute in "
-"the cache and makes the phone attribute reachable through the D-Bus "
-"interface."
+"through the NSS responder. In addition, the application domain also requests "
+"the telephoneNumber attribute, stores it as the phone attribute in the cache "
+"and makes the phone attribute reachable through the D-Bus interface."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:2771
+#: sssd.conf.5.xml:2945
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3269,12 +3461,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2963
 msgid "The local domain section"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2791
+#: sssd.conf.5.xml:2965
 msgid ""
 "This section contains settings for domain that stores users and groups in "
 "SSSD native database, that is, a domain that uses "
@@ -3282,73 +3474,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2798
+#: sssd.conf.5.xml:2972
 msgid "default_shell (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2975
 msgid "The default shell for users created with SSSD userspace tools."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2805
+#: sssd.conf.5.xml:2979
 msgid "Default: <filename>/bin/bash</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2810
+#: sssd.conf.5.xml:2984
 msgid "base_directory (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2987
 msgid ""
 "The tools append the login name to <replaceable>base_directory</replaceable> "
 "and use that as the home directory."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2992
 msgid "Default: <filename>/home</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2823
+#: sssd.conf.5.xml:2997
 msgid "create_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:3000
 msgid ""
 "Indicate if a home directory should be created by default for new users.  "
 "Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830 sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:3004 sssd.conf.5.xml:3016
 msgid "Default: TRUE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2835
+#: sssd.conf.5.xml:3009
 msgid "remove_homedir (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2838
+#: sssd.conf.5.xml:3012
 msgid ""
 "Indicate if a home directory should be removed by default for deleted "
 "users.  Can be overridden on command line."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2847
+#: sssd.conf.5.xml:3021
 msgid "homedir_umask (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2850
+#: sssd.conf.5.xml:3024
 msgid ""
 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3356,17 +3548,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2858
+#: sssd.conf.5.xml:3032
 msgid "Default: 077"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:3037
 msgid "skel_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2866
+#: sssd.conf.5.xml:3040
 msgid ""
 "The skeleton directory, which contains files and directories to be copied in "
 "the user's home directory, when the home directory is created by "
@@ -3375,17 +3567,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2876
+#: sssd.conf.5.xml:3050
 msgid "Default: <filename>/etc/skel</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2881
+#: sssd.conf.5.xml:3055
 msgid "mail_dir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2884
+#: sssd.conf.5.xml:3058
 msgid ""
 "The mail spool directory. This is needed to manipulate the mailbox when its "
 "corresponding user account is modified or deleted.  If not specified, a "
@@ -3393,17 +3585,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2891
+#: sssd.conf.5.xml:3065
 msgid "Default: <filename>/var/mail</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:3070
 msgid "userdel_cmd (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2899
+#: sssd.conf.5.xml:3073
 msgid ""
 "The command that is run after a user is removed.  The command us passed the "
 "username of the user being removed as the first and only parameter. The "
@@ -3411,86 +3603,85 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2905
+#: sssd.conf.5.xml:3079
 msgid "Default: None, no command is run"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2915
+#: sssd.conf.5.xml:3089
 msgid "TRUSTED DOMAIN SECTION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:3091
 msgid ""
 "Some options used in the domain section can also be used in the trusted "
 "domain section, that is, in a section called <quote>[domain/"
 "<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
-"replaceable>]</quote>.  Currently supported options in the trusted domain "
-"section are:"
+"replaceable>]</quote>.  Where DOMAIN_NAME is the actual joined-to base "
+"domain. Please refer to examples below for explanation.  Currently supported "
+"options in the trusted domain section are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2922
+#: sssd.conf.5.xml:3098
 msgid "ldap_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:3099
 msgid "ldap_user_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2924
+#: sssd.conf.5.xml:3100
 msgid "ldap_group_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2925
+#: sssd.conf.5.xml:3101
 msgid "ldap_netgroup_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:3102
 msgid "ldap_service_search_base,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2927
+#: sssd.conf.5.xml:3103
 msgid "ad_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2928
+#: sssd.conf.5.xml:3104
 msgid "ad_backup_server,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2929
+#: sssd.conf.5.xml:3105
 msgid "ad_site,"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2930
+#: sssd.conf.5.xml:3106
 msgid "use_fully_qualified_names"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2932
+#: sssd.conf.5.xml:3108
 msgid ""
 "For more details about these options see their individual description in the "
 "manual page."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2938 sssd-ldap.5.xml:2662 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:673 sssd-ad.5.xml:1018 sssd-krb5.5.xml:570
-#: sss_rpcidmapd.5.xml:98 sssd-files.5.xml:71
-msgid "EXAMPLE"
+#: sssd.conf.5.xml:3114 idmap_sss.8.xml:43
+msgid "EXAMPLES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2944
+#: sssd.conf.5.xml:3120
 #, no-wrap
 msgid ""
 "[sssd]\n"
@@ -3520,14 +3711,33 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2940
+#: sssd.conf.5.xml:3116
 msgid ""
-"The following example shows a typical SSSD config. It does not describe "
+"1. The following example shows a typical SSSD config. It does not describe "
 "configuration of the domains themselves - refer to documentation on "
 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 "id=\"0\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:3153
+#, no-wrap
+msgid ""
+"[domain/ipa.com/child.ad.com]\n"
+"use_fully_qualified_names = false\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3147
+msgid ""
+"2. The following example shows configuration of IPA AD trust where the AD "
+"forest consists of two domains in a parent-child structure.  Suppose IPA "
+"domain (ipa.com) has trust with AD domain(ad.com).  ad.com has child domain "
+"(child.ad.com). To enable shortnames in the child domain the following "
+"configuration should be used.  <placeholder type=\"programlisting\" id=\"0\"/"
+">"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
 msgid "sssd-ldap"
@@ -3568,7 +3778,7 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:75 sssd-ad.5.xml:99
 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
-#: sssd-secrets.5.xml:94 sssd-kcm.8.xml:141
+#: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
 msgid "CONFIGURATION OPTIONS"
 msgstr ""
 
@@ -3588,7 +3798,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:197
+#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:264
 msgid "The format of the URI must match the format defined in RFC 2732:"
 msgstr ""
 
@@ -3868,7 +4078,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:893
+#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:920
 msgid "Default: gidNumber"
 msgstr ""
 
@@ -3946,7 +4156,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:919
+#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:946
 msgid ""
 "Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
 "IPA"
@@ -3965,7 +4175,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:961
 msgid "Default: objectSid for ActiveDirectory, not set for other servers."
 msgstr ""
 
@@ -3975,14 +4185,14 @@ msgid "ldap_user_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:944 sssd-ldap.5.xml:1167
+#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:971 sssd-ldap.5.xml:1194
 msgid ""
 "The LDAP attribute that contains timestamp of the last modification of the "
 "parent object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:948 sssd-ldap.5.xml:1174
+#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:975 sssd-ldap.5.xml:1201
 msgid "Default: modifyTimestamp"
 msgstr ""
 
@@ -4377,8 +4587,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1199
-#: sssd-ldap.5.xml:2240 sssd-ipa.5.xml:544
+#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1152 sssd-ldap.5.xml:1226
+#: sssd-ldap.5.xml:2276 sssd-ipa.5.xml:588
 msgid "Default: cn"
 msgstr ""
 
@@ -4465,132 +4675,165 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ldap.5.xml:833
-msgid "ldap_user_certificate (string)"
+msgid "ldap_user_authorized_rhost (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ldap.5.xml:836
+msgid ""
+"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
+"presence of the rhost attribute in the user's LDAP entry to determine access "
+"privilege. Similarly to host verification process."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:843
+msgid ""
+"An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
+"explicit allow (rhost) and finally for allow_all (*)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:848
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>rhost</quote> in order for the "
+"ldap_user_authorized_rhost option to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:855
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: rhost"
+msgstr "默认： 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:861
+msgid "ldap_user_certificate (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
 msgid "Name of the LDAP attribute containing the X509 certificate of the user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:840
-msgid "Default: no set in the general case, userCertificate;binary for IPA"
+#: sssd-ldap.5.xml:868
+msgid "Default: userCertificate;binary"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:847
+#: sssd-ldap.5.xml:874
 msgid "ldap_user_email (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:850
+#: sssd-ldap.5.xml:877
 msgid "Name of the LDAP attribute containing the email address of the user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-ldap.5.xml:881
 msgid "Default: mail"
-msgstr "默认： 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:860
+#: sssd-ldap.5.xml:887
 msgid "ldap_group_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:890
 msgid "The object class of a group entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:893
 msgid "Default: posixGroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:872
+#: sssd-ldap.5.xml:899
 msgid "ldap_group_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:875
+#: sssd-ldap.5.xml:902
 msgid "The LDAP attribute that corresponds to the group name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:879
+#: sssd-ldap.5.xml:906
 msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:886
+#: sssd-ldap.5.xml:913
 msgid "ldap_group_gid_number (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:916
 msgid "The LDAP attribute that corresponds to the group's id."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:926
 msgid "ldap_group_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:902
+#: sssd-ldap.5.xml:929
 msgid "The LDAP attribute that contains the names of the group's members."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:933
 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:939
 msgid "ldap_group_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:942
 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:953
 msgid "ldap_group_objectsid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:929
+#: sssd-ldap.5.xml:956
 msgid ""
 "The LDAP attribute that contains the objectSID of an LDAP group object. This "
 "is usually only necessary for ActiveDirectory servers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:968
 msgid "ldap_group_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:981
 msgid "ldap_group_type (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:957
+#: sssd-ldap.5.xml:984
 msgid ""
 "The LDAP attribute that contains an integer value indicating the type of the "
 "group and maybe other flags."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:962
+#: sssd-ldap.5.xml:989
 msgid ""
 "This attribute is currently only used by the AD provider to determine if a "
 "group is a domain local groups and has to be filtered out for trusted "
@@ -4598,34 +4841,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:968
+#: sssd-ldap.5.xml:995
 msgid "Default: groupType in the AD provider, otherwise not set"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:975
+#: sssd-ldap.5.xml:1002
 msgid "ldap_group_external_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:978
+#: sssd-ldap.5.xml:1005
 msgid ""
 "The LDAP attribute that references group members that are defined in an "
 "external domain. At the moment, only IPA's external members are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:1011
 msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1018
 msgid "ldap_group_nesting_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1021
 msgid ""
 "If ldap_schema is set to a schema format that supports nested groups (e.g. "
 "RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -4633,7 +4876,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
+#: sssd-ldap.5.xml:1028
 msgid ""
 "Note: This option specifies the guaranteed level of nested groups to be "
 "processed for any lookup. However, nested groups beyond this limit "
@@ -4643,7 +4886,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1037
 msgid ""
 "If ldap_group_nesting_level is set to 0 then no nested groups are processed "
 "at all. However, when connected to Active-Directory Server 2008 and later "
@@ -4653,17 +4896,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1046
 msgid "Default: 2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1025
+#: sssd-ldap.5.xml:1052
 msgid "ldap_groups_use_matching_rule_in_chain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1028
+#: sssd-ldap.5.xml:1055
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which may speed up group lookup operations on deployments with "
@@ -4671,14 +4914,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1034
+#: sssd-ldap.5.xml:1061
 msgid ""
 "In most common cases, it is best to leave this option disabled. It generally "
 "only provides a performance increase on very complex nestings."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039 sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1093
 msgid ""
 "If this option is enabled, SSSD will use it if it detects that the server "
 "supports it during initial connection. So \"True\" here essentially means "
@@ -4686,7 +4929,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1072
+#: sssd-ldap.5.xml:1072 sssd-ldap.5.xml:1099
 msgid ""
 "Note: This feature is currently known to work only with Active Directory "
 "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4695,12 +4938,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1057
+#: sssd-ldap.5.xml:1084
 msgid "ldap_initgroups_use_matching_rule_in_chain"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1087
 msgid ""
 "This option tells SSSD to take advantage of an Active Directory-specific "
 "feature which might speed up initgroups operations (most notably when "
@@ -4708,168 +4951,168 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1114
 msgid ""
 "This options enables or disables use of Token-Groups attribute when "
 "performing initgroup for users from Active Directory Server 2008 and later."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1092
+#: sssd-ldap.5.xml:1119
 msgid "Default: True for AD and IPA otherwise False."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1125
 msgid "ldap_netgroup_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1101
+#: sssd-ldap.5.xml:1128
 msgid "The object class of a netgroup entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1104
+#: sssd-ldap.5.xml:1131
 msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1108
+#: sssd-ldap.5.xml:1135
 msgid "Default: nisNetgroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1114
+#: sssd-ldap.5.xml:1141
 msgid "ldap_netgroup_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1117
+#: sssd-ldap.5.xml:1144
 msgid "The LDAP attribute that corresponds to the netgroup name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1121
+#: sssd-ldap.5.xml:1148
 msgid "In IPA provider, ipa_netgroup_name should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1131
+#: sssd-ldap.5.xml:1158
 msgid "ldap_netgroup_member (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1134
+#: sssd-ldap.5.xml:1161
 msgid "The LDAP attribute that contains the names of the netgroup's members."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1165
 msgid "In IPA provider, ipa_netgroup_member should be used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1142
+#: sssd-ldap.5.xml:1169
 msgid "Default: memberNisNetgroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1175
 msgid "ldap_netgroup_triple (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1178
 msgid ""
 "The LDAP attribute that contains the (host, user, domain) netgroup triples."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1155 sssd-ldap.5.xml:1171
+#: sssd-ldap.5.xml:1182 sssd-ldap.5.xml:1198
 msgid "This option is not available in IPA provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1158
+#: sssd-ldap.5.xml:1185
 msgid "Default: nisNetgroupTriple"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1191
 msgid "ldap_netgroup_modify_timestamp (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1207
 msgid "ldap_service_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1210
 msgid "The object class of a service entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1186
+#: sssd-ldap.5.xml:1213
 msgid "Default: ipService"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1192
+#: sssd-ldap.5.xml:1219
 msgid "ldap_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1195
+#: sssd-ldap.5.xml:1222
 msgid ""
 "The LDAP attribute that contains the name of service attributes and their "
 "aliases."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1205
+#: sssd-ldap.5.xml:1232
 msgid "ldap_service_port (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1235
 msgid "The LDAP attribute that contains the port managed by this service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1239
 msgid "Default: ipServicePort"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1245
 msgid "ldap_service_proto (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1248
 msgid ""
 "The LDAP attribute that contains the protocols understood by this service."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1252
 msgid "Default: ipServiceProtocol"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1231
+#: sssd-ldap.5.xml:1258
 msgid "ldap_service_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1236
+#: sssd-ldap.5.xml:1263
 msgid "ldap_search_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1266
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches are allowed to run "
 "before they are cancelled and cached results are returned (and offline mode "
@@ -4877,7 +5120,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1245
+#: sssd-ldap.5.xml:1272
 msgid ""
 "Note: this option is subject to change in future versions of the SSSD. It "
 "will likely be replaced at some point by a series of timeouts for specific "
@@ -4885,12 +5128,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1257
+#: sssd-ldap.5.xml:1284
 msgid "ldap_enumeration_search_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1260
+#: sssd-ldap.5.xml:1287
 msgid ""
 "Specifies the timeout (in seconds) that ldap searches for user and group "
 "enumerations are allowed to run before they are cancelled and cached results "
@@ -4898,12 +5141,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1273
+#: sssd-ldap.5.xml:1300
 msgid "ldap_network_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1303
 msgid ""
 "Specifies the timeout (in seconds) after which the <citerefentry> "
 "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4914,12 +5157,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1326
 msgid "ldap_opt_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1329
 msgid ""
 "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
 "will abort if no response is received. Also controls the timeout when "
@@ -4928,12 +5171,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1344
 msgid "ldap_connection_expire_timeout (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1347
 msgid ""
 "Specifies a timeout (in seconds) that a connection to an LDAP server will be "
 "maintained. After this time, the connection will be re-established. If used "
@@ -4942,34 +5185,34 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1328 sssd-ldap.5.xml:2397
+#: sssd-ldap.5.xml:1355 sssd-ldap.5.xml:2433
 msgid "Default: 900 (15 minutes)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1361
 msgid "ldap_page_size (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1364
 msgid ""
 "Specify the number of records to retrieve from LDAP in a single request. "
 "Some LDAP servers enforce a maximum limit per-request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1342
+#: sssd-ldap.5.xml:1369
 msgid "Default: 1000"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1375
 msgid "ldap_disable_paging (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1378
 msgid ""
 "Disable the LDAP paging control. This option should be used if the LDAP "
 "server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4977,14 +5220,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1384
 msgid ""
 "Example: OpenLDAP servers with the paging control module installed on the "
 "server but not enabled will report it in the RootDSE but be unable to use it."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1363
+#: sssd-ldap.5.xml:1390
 msgid ""
 "Example: 389 DS has a bug where it can only support a one paging control at "
 "a time on a single connection. On busy clients, this can result in some "
@@ -4992,17 +5235,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1375
+#: sssd-ldap.5.xml:1402
 msgid "ldap_disable_range_retrieval (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1378
+#: sssd-ldap.5.xml:1405
 msgid "Disable Active Directory range retrieval."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1381
+#: sssd-ldap.5.xml:1408
 msgid ""
 "Active Directory limits the number of members to be retrieved in a single "
 "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -5012,12 +5255,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1396
+#: sssd-ldap.5.xml:1423
 msgid "ldap_sasl_minssf (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1426
 msgid ""
 "When communicating with an LDAP server using SASL, specify the minimum "
 "security level necessary to establish the connection. The values of this "
@@ -5025,17 +5268,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1432
 msgid "Default: Use the system default (usually specified by ldap.conf)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1439
 msgid "ldap_deref_threshold (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1415
+#: sssd-ldap.5.xml:1442
 msgid ""
 "Specify the number of group members that must be missing from the internal "
 "cache in order to trigger a dereference lookup. If less members are missing, "
@@ -5043,13 +5286,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1448
 msgid ""
 "You can turn off dereference lookups completely by setting the value to 0."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1452
 msgid ""
 "A dereference lookup is a means of fetching all group members in a single "
 "LDAP call.  Different LDAP servers may implement different dereference "
@@ -5058,7 +5301,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1433
+#: sssd-ldap.5.xml:1460
 msgid ""
 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 "filter, then the dereference lookup performance enhancement will be disabled "
@@ -5066,26 +5309,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1473
 msgid "ldap_tls_reqcert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1449
+#: sssd-ldap.5.xml:1476
 msgid ""
 "Specifies what checks to perform on server certificates in a TLS session, if "
 "any. It can be specified as one of the following values:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1482
 msgid ""
 "<emphasis>never</emphasis> = The client will not request or check any server "
 "certificate."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1486
 msgid ""
 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5093,7 +5336,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466
+#: sssd-ldap.5.xml:1493
 msgid ""
 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 "certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5101,7 +5344,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1472
+#: sssd-ldap.5.xml:1499
 msgid ""
 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 "certificate is provided, or a bad certificate is provided, the session is "
@@ -5109,41 +5352,41 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1478
+#: sssd-ldap.5.xml:1505
 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1509
 msgid "Default: hard"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1515
 msgid "ldap_tls_cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1518
 msgid ""
 "Specifies the file that contains certificates for all of the Certificate "
 "Authorities that <command>sssd</command> will recognize."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1496 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1523 sssd-ldap.5.xml:1541 sssd-ldap.5.xml:1582
 msgid ""
 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 "conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1530
 msgid "ldap_tls_cacertdir (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1533
 msgid ""
 "Specifies the path of a directory that contains Certificate Authority "
 "certificates in separate individual files. Typically the file names need to "
@@ -5152,32 +5395,32 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1548
 msgid "ldap_tls_cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1524
+#: sssd-ldap.5.xml:1551
 msgid "Specifies the file that contains the certificate for the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1534
+#: sssd-ldap.5.xml:1561
 msgid "ldap_tls_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1564
 msgid "Specifies the file that contains the client's key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1573
 msgid "ldap_tls_cipher_suite (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1576
 msgid ""
 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -5185,24 +5428,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1589
 msgid "ldap_id_use_start_tls (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1565
+#: sssd-ldap.5.xml:1592
 msgid ""
 "Specifies that the id_provider connection must also use <systemitem class="
 "\"protocol\">tls</systemitem> to protect the channel."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1602
 msgid "ldap_id_mapping (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1605
 msgid ""
 "Specifies that SSSD should attempt to map user and group IDs from the "
 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -5210,17 +5453,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1584
+#: sssd-ldap.5.xml:1611
 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1621
 msgid "ldap_min_id, ldap_max_id (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1624
 msgid ""
 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 "set to true the allowed ID range for ldap_user_uid_number and "
@@ -5231,29 +5474,29 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1636
 msgid "Default: not set (both options are set to 0)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1642
 msgid "ldap_sasl_mech (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1645
 msgid ""
 "Specify the SASL mechanism to use.  Currently only GSSAPI is tested and "
 "supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1655
 msgid "ldap_sasl_authid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1658
 msgid ""
 "Specify the SASL authorization id to use.  When GSSAPI is used, this "
 "represents the Kerberos principal used for authentication to the directory.  "
@@ -5262,17 +5505,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1666
 msgid "Default: host/hostname@REALM"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1672
 msgid "ldap_sasl_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1648
+#: sssd-ldap.5.xml:1675
 msgid ""
 "Specify the SASL realm to use. When not specified, this option defaults to "
 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
@@ -5280,49 +5523,49 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1681
 msgid "Default: the value of krb5_realm."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1687
 msgid "ldap_sasl_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1663
+#: sssd-ldap.5.xml:1690
 msgid ""
 "If set to true, the LDAP library would perform a reverse lookup to "
 "canonicalize the host name during a SASL bind."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1668
+#: sssd-ldap.5.xml:1695
 msgid "Default: false;"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1701
 msgid "ldap_krb5_keytab (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1677
+#: sssd-ldap.5.xml:1704
 msgid "Specify the keytab to use when using SASL/GSSAPI."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1680
+#: sssd-ldap.5.xml:1707
 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1686
+#: sssd-ldap.5.xml:1713
 msgid "ldap_krb5_init_creds (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1689
+#: sssd-ldap.5.xml:1716
 msgid ""
 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 "action is performed only if SASL is used and the mechanism selected is "
@@ -5330,27 +5573,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1728
 msgid "ldap_krb5_ticket_lifetime (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1704
+#: sssd-ldap.5.xml:1731
 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1708 sssd-ad.5.xml:914
+#: sssd-ldap.5.xml:1735 sssd-ad.5.xml:914
 msgid "Default: 86400 (24 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1714 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1741 sssd-krb5.5.xml:74
 msgid "krb5_server, krb5_backup_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1717
+#: sssd-ldap.5.xml:1744
 msgid ""
 "Specifies the comma-separated list of IP addresses or hostnames of the "
 "Kerberos servers to which SSSD should connect in the order of preference. "
@@ -5362,7 +5605,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1756 sssd-krb5.5.xml:89
 msgid ""
 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -5370,7 +5613,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1761 sssd-krb5.5.xml:94
 msgid ""
 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 "While the legacy name is recognized for the time being, users are advised to "
@@ -5378,39 +5621,39 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1743 sssd-ipa.5.xml:418 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1770 sssd-ipa.5.xml:432 sssd-krb5.5.xml:103
 msgid "krb5_realm (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1746
+#: sssd-ldap.5.xml:1773
 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1749
+#: sssd-ldap.5.xml:1776
 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1755 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1782 sssd-krb5.5.xml:462
 msgid "krb5_canonicalize (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1785
 msgid ""
 "Specifies if the host principal should be canonicalized when connecting to "
 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1770 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1797 sssd-krb5.5.xml:477
 msgid "krb5_use_kdcinfo (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1773 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1800 sssd-krb5.5.xml:480
 msgid ""
 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 "which KDCs to use. This option is on by default, if you disable it, you need "
@@ -5420,7 +5663,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1811 sssd-krb5.5.xml:491
 msgid ""
 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -5428,26 +5671,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1825
 msgid "ldap_pwd_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1828
 msgid ""
 "Select the policy to evaluate the password expiration on the client side. "
 "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1806
+#: sssd-ldap.5.xml:1833
 msgid ""
 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 "cannot disable server-side password policies."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1811
+#: sssd-ldap.5.xml:1838
 msgid ""
 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -5455,7 +5698,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1817
+#: sssd-ldap.5.xml:1844
 msgid ""
 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 "to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5463,31 +5706,31 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1826
+#: sssd-ldap.5.xml:1853
 msgid ""
 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 "side, it always takes precedence over policy set with this option."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1861
 msgid "ldap_referrals (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1864
 msgid "Specifies whether automatic referral chasing should be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1868
 msgid ""
 "Please note that sssd only supports referral chasing when it is compiled "
 "with OpenLDAP version 2.4.13 or higher."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1873
 msgid ""
 "Chasing referrals may incur a performance penalty in environments that use "
 "them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5496,56 +5739,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1887
 msgid "ldap_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1890
 msgid "Specifies the service name to use when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1894
 msgid "Default: ldap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1900
 msgid "ldap_chpass_dns_service_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1876
+#: sssd-ldap.5.xml:1903
 msgid ""
 "Specifies the service name to use to find an LDAP server which allows "
 "password changes when service discovery is enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1881
+#: sssd-ldap.5.xml:1908
 msgid "Default: not set, i.e. service discovery is disabled"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1887
+#: sssd-ldap.5.xml:1914
 msgid "ldap_chpass_update_last_change (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1890
+#: sssd-ldap.5.xml:1917
 msgid ""
 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 "days since the Epoch after a password change operation."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1902
+#: sssd-ldap.5.xml:1929
 msgid "ldap_access_filter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1932
 msgid ""
 "If using access_provider = ldap and ldap_access_order = filter (default), "
 "this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -5561,12 +5804,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1952
 msgid "Example:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1928
+#: sssd-ldap.5.xml:1955
 #, no-wrap
 msgid ""
 "access_provider = ldap\n"
@@ -5575,14 +5818,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1959
 msgid ""
 "This example means that access to this host is restricted to users whose "
 "employeeType attribute is set to \"admin\"."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1964
 msgid ""
 "Offline caching for this feature is limited to determining whether the "
 "user's last online login was granted access permission. If they were granted "
@@ -5591,24 +5834,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1945 sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:1972 sssd-ldap.5.xml:2029
 msgid "Default: Empty"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1951
+#: sssd-ldap.5.xml:1978
 msgid "ldap_account_expire_policy (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1981
 msgid ""
 "With this option a client side evaluation of access control attributes can "
 "be enabled."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1958
+#: sssd-ldap.5.xml:1985
 msgid ""
 "Please note that it is always recommended to use server side access control, "
 "i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5616,19 +5859,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1965
+#: sssd-ldap.5.xml:1992
 msgid "The following values are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1995
 msgid ""
 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 "determine if the account is expired."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1973
+#: sssd-ldap.5.xml:2000
 msgid ""
 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 "ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5637,7 +5880,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:2007
 msgid ""
 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5645,7 +5888,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1986
+#: sssd-ldap.5.xml:2013
 msgid ""
 "<emphasis>nds</emphasis>: the values of "
 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5654,7 +5897,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2022
 msgid ""
 "Please note that the ldap_access_order configuration option <emphasis>must</"
 "emphasis> include <quote>expire</quote> in order for the "
@@ -5662,22 +5905,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2035
 msgid "ldap_access_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2011
+#: sssd-ldap.5.xml:2038
 msgid "Comma separated list of access control options.  Allowed values are:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2042
 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2045
 msgid ""
 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5687,14 +5930,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2028
+#: sssd-ldap.5.xml:2055
 msgid ""
 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 "quote> option and might be removed in a future release.  </emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2062
 msgid ""
 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5707,12 +5950,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2052
+#: sssd-ldap.5.xml:2079
 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2056
+#: sssd-ldap.5.xml:2083
 msgid ""
 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5722,7 +5965,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2093
 msgid ""
 "The difference between these options is the action taken if user password is "
 "expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5732,49 +5975,63 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2101
 msgid ""
 "Note If user password is expired no explicit message is prompted by SSSD."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2105
 msgid ""
 "Please note that 'access_provider = ldap' must be set for this feature to "
 "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2083
+#: sssd-ldap.5.xml:2110
 msgid ""
 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 "to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2115
 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2092
+#: sssd-ldap.5.xml:2119
+msgid ""
+"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
+"remote host can access"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2123
+msgid ""
+"Please note, rhost field in pam is set by application, it is better to check "
+"what the application sends to pam, before enabling this access control option"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2128
 msgid "Default: filter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2095
+#: sssd-ldap.5.xml:2131
 msgid ""
 "Please note that it is a configuration error if a value is used more than "
 "once."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2102
+#: sssd-ldap.5.xml:2138
 msgid "ldap_pwdlockout_dn (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2105
+#: sssd-ldap.5.xml:2141
 msgid ""
 "This option specifies the DN of password policy entry on LDAP server. Please "
 "note that absence of this option in sssd.conf in case of enabled account "
@@ -5783,74 +6040,74 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2113
+#: sssd-ldap.5.xml:2149
 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2152
 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2122
+#: sssd-ldap.5.xml:2158
 msgid "ldap_deref (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2125
+#: sssd-ldap.5.xml:2161
 msgid ""
 "Specifies how alias dereferencing is done when performing a search. The "
 "following options are allowed:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2130
+#: sssd-ldap.5.xml:2166
 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2134
+#: sssd-ldap.5.xml:2170
 msgid ""
 "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
 "the base object, but not in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2139
+#: sssd-ldap.5.xml:2175
 msgid ""
 "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
 "the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2144
+#: sssd-ldap.5.xml:2180
 msgid ""
 "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
 "in locating the base object of the search."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2149
+#: sssd-ldap.5.xml:2185
 msgid ""
 "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
 "client libraries)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2157
+#: sssd-ldap.5.xml:2193
 msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2196
 msgid ""
 "Allows to retain local users as members of an LDAP group for servers that "
 "use the RFC2307 schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2200
 msgid ""
 "In some environments where the RFC2307 schema is used, local users are made "
 "members of LDAP groups by adding their names to the memberUid attribute.  "
@@ -5861,7 +6118,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2175
+#: sssd-ldap.5.xml:2211
 msgid ""
 "This option falls back to checking if local users are referenced, and caches "
 "them so that later initgroups() calls will augment the local users with the "
@@ -5869,24 +6126,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187 sssd-ifp.5.xml:136
-msgid "wildcart_limit (integer)"
+#: sssd-ldap.5.xml:2223 sssd-ifp.5.xml:136
+msgid "wildcard_limit (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2226
 msgid ""
 "Specifies an upper limit on the number of entries that are downloaded during "
 "a wildcard lookup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2194
+#: sssd-ldap.5.xml:2230
 msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2234
 msgid "Default: 1000 (often the size of one page)"
 msgstr ""
 
@@ -5901,12 +6158,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2244
 msgid "SUDO OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2210
+#: sssd-ldap.5.xml:2246
 msgid ""
 "The detailed instructions for configuration of sudo_provider are in the "
 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5914,208 +6171,208 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2221
+#: sssd-ldap.5.xml:2257
 msgid "ldap_sudorule_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2260
 msgid "The object class of a sudo rule entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2227
+#: sssd-ldap.5.xml:2263
 msgid "Default: sudoRole"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2233
+#: sssd-ldap.5.xml:2269
 msgid "ldap_sudorule_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2272
 msgid "The LDAP attribute that corresponds to the sudo rule name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2246
+#: sssd-ldap.5.xml:2282
 msgid "ldap_sudorule_command (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2249
+#: sssd-ldap.5.xml:2285
 msgid "The LDAP attribute that corresponds to the command name."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2253
+#: sssd-ldap.5.xml:2289
 msgid "Default: sudoCommand"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2259
+#: sssd-ldap.5.xml:2295
 msgid "ldap_sudorule_host (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2262
+#: sssd-ldap.5.xml:2298
 msgid ""
 "The LDAP attribute that corresponds to the host name (or host IP address, "
 "host IP network, or host netgroup)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2303
 msgid "Default: sudoHost"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2273
+#: sssd-ldap.5.xml:2309
 msgid "ldap_sudorule_user (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2276
+#: sssd-ldap.5.xml:2312
 msgid ""
 "The LDAP attribute that corresponds to the user name (or UID, group name or "
 "user's netgroup)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2316
 msgid "Default: sudoUser"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2286
+#: sssd-ldap.5.xml:2322
 msgid "ldap_sudorule_option (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2289
+#: sssd-ldap.5.xml:2325
 msgid "The LDAP attribute that corresponds to the sudo options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2329
 msgid "Default: sudoOption"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2335
 msgid "ldap_sudorule_runasuser (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2302
+#: sssd-ldap.5.xml:2338
 msgid ""
 "The LDAP attribute that corresponds to the user name that commands may be "
 "run as."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2306
+#: sssd-ldap.5.xml:2342
 msgid "Default: sudoRunAsUser"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2312
+#: sssd-ldap.5.xml:2348
 msgid "ldap_sudorule_runasgroup (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2351
 msgid ""
 "The LDAP attribute that corresponds to the group name or group GID that "
 "commands may be run as."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2319
+#: sssd-ldap.5.xml:2355
 msgid "Default: sudoRunAsGroup"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2361
 msgid "ldap_sudorule_notbefore (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2328
+#: sssd-ldap.5.xml:2364
 msgid ""
 "The LDAP attribute that corresponds to the start date/time for when the sudo "
 "rule is valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2332
+#: sssd-ldap.5.xml:2368
 msgid "Default: sudoNotBefore"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2338
+#: sssd-ldap.5.xml:2374
 msgid "ldap_sudorule_notafter (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2341
+#: sssd-ldap.5.xml:2377
 msgid ""
 "The LDAP attribute that corresponds to the expiration date/time, after which "
 "the sudo rule will no longer be valid."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2346
+#: sssd-ldap.5.xml:2382
 msgid "Default: sudoNotAfter"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2352
+#: sssd-ldap.5.xml:2388
 msgid "ldap_sudorule_order (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2391
 msgid "The LDAP attribute that corresponds to the ordering index of the rule."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2359
+#: sssd-ldap.5.xml:2395
 msgid "Default: sudoOrder"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2365
+#: sssd-ldap.5.xml:2401
 msgid "ldap_sudo_full_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2368
+#: sssd-ldap.5.xml:2404
 msgid ""
 "How many seconds SSSD will wait between executing a full refresh of sudo "
 "rules (which downloads all rules that are stored on the server)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2373
+#: sssd-ldap.5.xml:2409
 msgid ""
 "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
 "emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2378
+#: sssd-ldap.5.xml:2414
 msgid "Default: 21600 (6 hours)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2420
 msgid "ldap_sudo_smart_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387
+#: sssd-ldap.5.xml:2423
 msgid ""
 "How many seconds SSSD has to wait before executing a smart refresh of sudo "
 "rules (which downloads all rules that have USN higher than the highest USN "
@@ -6123,101 +6380,101 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2429
 msgid ""
 "If USN attributes are not supported by the server, the modifyTimestamp "
 "attribute is used instead."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2403
+#: sssd-ldap.5.xml:2439
 msgid "ldap_sudo_use_host_filter (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2406
+#: sssd-ldap.5.xml:2442
 msgid ""
 "If true, SSSD will download only rules that are applicable to this machine "
 "(using the IPv4 or IPv6 host/network addresses and hostnames)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2417
+#: sssd-ldap.5.xml:2453
 msgid "ldap_sudo_hostnames (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2420
+#: sssd-ldap.5.xml:2456
 msgid ""
 "Space separated list of hostnames or fully qualified domain names that "
 "should be used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2425
+#: sssd-ldap.5.xml:2461
 msgid ""
 "If this option is empty, SSSD will try to discover the hostname and the "
 "fully qualified domain name automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2430 sssd-ldap.5.xml:2453 sssd-ldap.5.xml:2471
-#: sssd-ldap.5.xml:2489
+#: sssd-ldap.5.xml:2466 sssd-ldap.5.xml:2489 sssd-ldap.5.xml:2507
+#: sssd-ldap.5.xml:2525
 msgid ""
 "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
 "emphasis> then this option has no effect."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2435 sssd-ldap.5.xml:2458
+#: sssd-ldap.5.xml:2471 sssd-ldap.5.xml:2494
 msgid "Default: not specified"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2477
 msgid "ldap_sudo_ip (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2444
+#: sssd-ldap.5.xml:2480
 msgid ""
 "Space separated list of IPv4 or IPv6 host/network addresses that should be "
 "used to filter the rules."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2449
+#: sssd-ldap.5.xml:2485
 msgid ""
 "If this option is empty, SSSD will try to discover the addresses "
 "automatically."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2464
+#: sssd-ldap.5.xml:2500
 msgid "ldap_sudo_include_netgroups (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2467
+#: sssd-ldap.5.xml:2503
 msgid ""
 "If true then SSSD will download every rule that contains a netgroup in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2482
+#: sssd-ldap.5.xml:2518
 msgid "ldap_sudo_include_regexp (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2485
+#: sssd-ldap.5.xml:2521
 msgid ""
 "If true then SSSD will download every rule that contains a wildcard in "
 "sudoHost attribute."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2501
+#: sssd-ldap.5.xml:2537
 msgid ""
 "This manual page only describes attribute name mapping.  For detailed "
 "explanation of sudo related attribute semantics, see <citerefentry> "
@@ -6226,111 +6483,111 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2547
 msgid "AUTOFS OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2513
+#: sssd-ldap.5.xml:2549
 msgid ""
 "Some of the defaults for the parameters below are dependent on the LDAP "
 "schema."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2555
 msgid "ldap_autofs_map_master_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2522
+#: sssd-ldap.5.xml:2558
 msgid "The name of the automount master map in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2525
+#: sssd-ldap.5.xml:2561
 msgid "Default: auto.master"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2532
+#: sssd-ldap.5.xml:2568
 msgid "ldap_autofs_map_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2535
+#: sssd-ldap.5.xml:2571
 msgid "The object class of an automount map entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2538
+#: sssd-ldap.5.xml:2574
 msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2546
+#: sssd-ldap.5.xml:2582
 msgid "ldap_autofs_map_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2549
+#: sssd-ldap.5.xml:2585
 msgid "The name of an automount map entry in LDAP."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2552
+#: sssd-ldap.5.xml:2588
 msgid ""
 "Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2596
 msgid "ldap_autofs_entry_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2563
+#: sssd-ldap.5.xml:2599
 msgid ""
 "The object class of an automount entry in LDAP. The entry usually "
 "corresponds to a mount point."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2568
+#: sssd-ldap.5.xml:2604
 msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2576
+#: sssd-ldap.5.xml:2612
 msgid "ldap_autofs_entry_key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2579 sssd-ldap.5.xml:2594
+#: sssd-ldap.5.xml:2615 sssd-ldap.5.xml:2630
 msgid ""
 "The key of an automount entry in LDAP. The entry usually corresponds to a "
 "mount point."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2583
+#: sssd-ldap.5.xml:2619
 msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2627
 msgid "ldap_autofs_entry_value (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2598
+#: sssd-ldap.5.xml:2634
 msgid ""
 "Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
 "automountInformation"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2517
+#: sssd-ldap.5.xml:2553
 msgid ""
 "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
 "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -6339,56 +6596,56 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2609
+#: sssd-ldap.5.xml:2645
 msgid "ADVANCED OPTIONS"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2616
+#: sssd-ldap.5.xml:2652
 msgid "ldap_netgroup_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2621
+#: sssd-ldap.5.xml:2657
 msgid "ldap_user_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2626
+#: sssd-ldap.5.xml:2662
 msgid "ldap_group_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2631
+#: sssd-ldap.5.xml:2667
 msgid "<note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2633
+#: sssd-ldap.5.xml:2669
 msgid ""
-"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
+"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
 "against Active Directory will not be restricted and return all groups "
 "memberships, even with no GID mapping. It is recommended to disable this "
 "feature, if group names are not being displayed correctly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2640
+#: sssd-ldap.5.xml:2676
 msgid "</note>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2642
+#: sssd-ldap.5.xml:2678
 msgid "ldap_sudo_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2647
+#: sssd-ldap.5.xml:2683
 msgid "ldap_autofs_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2611
+#: sssd-ldap.5.xml:2647
 msgid ""
 "These options are supported by LDAP domains, but they should be used with "
 "caution. Please include them in your configuration only if you know what you "
@@ -6396,8 +6653,15 @@ msgid ""
 "\"variablelist\" id=\"1\"/>"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2698 sssd-simple.5.xml:131 sssd-ipa.5.xml:717
+#: sssd-ad.5.xml:1018 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+msgid "EXAMPLE"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2664
+#: sssd-ldap.5.xml:2700
 msgid ""
 "The following example assumes that SSSD is correctly configured and LDAP is "
 "set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -6405,7 +6669,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2670
+#: sssd-ldap.5.xml:2706
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -6418,26 +6682,27 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2669 sssd-ldap.5.xml:2687 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:681 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 include/ldap_id_mapping.xml:105
+#: sssd-ldap.5.xml:2705 sssd-ldap.5.xml:2723 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: include/ldap_id_mapping.xml:105
 msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2681
+#: sssd-ldap.5.xml:2717
 msgid "LDAP ACCESS FILTER EXAMPLE"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2683
+#: sssd-ldap.5.xml:2719
 msgid ""
 "The following example assumes that SSSD is correctly configured and to use "
 "the ldap_access_order=lockout."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2688
+#: sssd-ldap.5.xml:2724
 #, no-wrap
 msgid ""
 "[domain/LDAP]\n"
@@ -6453,13 +6718,13 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2703 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2739 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
 #: sssd-ad.5.xml:1041 sssd.8.xml:195 sss_seed.8.xml:163
 msgid "NOTES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2705
+#: sssd-ldap.5.xml:2741
 msgid ""
 "The descriptions of some of the configuration options in this manual page "
 "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -6960,9 +7225,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 #: sss-certmap.5.xml:45
 msgid ""
-"The rules are process by priority while the number '0' (zero)  indicates the "
-"highest priority. The higher the number the lower is the priority. A missing "
-"value indicates the lowest priority."
+"The rules are processed by priority while the number '0' (zero)  indicates "
+"the highest priority. The higher the number the lower is the priority. A "
+"missing value indicates the lowest priority."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
@@ -7046,7 +7311,7 @@ msgstr ""
 #: sss-certmap.5.xml:112
 msgid ""
 "This option can be used to specify which key usage values the certificate "
-"should have. The following value can be used in a comma separate list:"
+"should have. The following values can be used in a comma separated list:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
@@ -7423,7 +7688,7 @@ msgid ""
 "exception is the proxy provider which is not of relevance here). Because of "
 "this the mapping rule is based on LDAP search filter syntax with templates "
 "to add certificate content to the filter. It is expected that the filter "
-"will only contain the specific data needed for the mapping an that the "
+"will only contain the specific data needed for the mapping and that the "
 "caller will embed it in another filter to do the actual search. Because of "
 "this the filter string should start and stop with '(' and ')' respectively."
 msgstr ""
@@ -7443,8 +7708,8 @@ msgid ""
 "This should be preferred to read user specific data from the certificate "
 "like e.g. an email address and search for it in the LDAP server. The reason "
 "is that the user specific data in LDAP might change for various reasons "
-"would would break the mapping. On the other hand it would be hard to break "
-"the mapping on purpose for a specific user."
+"would break the mapping. On the other hand it would be hard to break the "
+"mapping on purpose for a specific user."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -7538,7 +7803,7 @@ msgstr ""
 msgid ""
 "This template will add the Kerberos principal which is taken either from the "
 "SAN used by pkinit or the one used by AD. The 'short_name' component "
-"represent the first part of the principal before the '@' sign."
+"represents the first part of the principal before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7556,8 +7821,8 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:459
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by pkinit. The 'short_name' component represent the first part of the "
+"This template will add the Kerberos principal which is given by the SAN used "
+"by pkinit. The 'short_name' component represents the first part of the "
 "principal before the '@' sign."
 msgstr ""
 
@@ -7576,9 +7841,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 #: sss-certmap.5.xml:473
 msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by AD. The 'short_name' component represent the first part of the "
-"principal before the '@' sign."
+"This template will add the Kerberos principal which is given by the SAN used "
+"by AD. The 'short_name' component represent the first part of the principal "
+"before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -7591,7 +7856,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the rfc822Name "
 "component of the SAN, typically an email address. The 'short_name' component "
-"represent the first part of the address before the '@' sign."
+"represents the first part of the address before the '@' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7611,7 +7876,7 @@ msgstr ""
 msgid ""
 "This template will add the string which is stored in the dNSName component "
 "of the SAN, typically a fully-qualified host name.  The 'short_name' "
-"component represent the first part of the name before the first '.' sign."
+"component represents the first part of the name before the first '.' sign."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7727,7 +7992,7 @@ msgstr ""
 #: sss-certmap.5.xml:367
 msgid ""
 "The templates to add certificate data to the search filter are based on "
-"Python-style formatting strings. They consists of a keyword in curly braces "
+"Python-style formatting strings. They consist of a keyword in curly braces "
 "with an optional sub-component specifier separated by a '.' or an optional "
 "conversion/formatting option separated by a '!'.  Allowed values are: "
 "<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -7847,16 +8112,17 @@ msgstr ""
 #: sssd-ipa.5.xml:113
 msgid ""
 "Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
+"fully qualified name used in the IPA domain to identify this host.  The "
+"hostname must be fully qualified."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121 sssd-ad.5.xml:843
+#: sssd-ipa.5.xml:122 sssd-ad.5.xml:843
 msgid "dyndns_update (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:125
 msgid ""
 "Optional. This option tells SSSD to automatically update the DNS server "
 "built into FreeIPA with the IP address of this client. The update is secured "
@@ -7866,14 +8132,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:133 sssd-ad.5.xml:857
+#: sssd-ipa.5.xml:134 sssd-ad.5.xml:857
 msgid ""
 "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
 "the default Kerberos realm must be set properly in /etc/krb5.conf"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:139
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_update</"
@@ -7881,12 +8147,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:150 sssd-ad.5.xml:868
+#: sssd-ipa.5.xml:151 sssd-ad.5.xml:868
 msgid "dyndns_ttl (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:153 sssd-ad.5.xml:871
+#: sssd-ipa.5.xml:154 sssd-ad.5.xml:871
 msgid ""
 "The TTL to apply to the client DNS record when updating it.  If "
 "dyndns_update is false this has no effect. This will override the TTL "
@@ -7894,7 +8160,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:159
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
@@ -7902,17 +8168,17 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:164
+#: sssd-ipa.5.xml:165
 msgid "Default: 1200 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:170 sssd-ad.5.xml:882
+#: sssd-ipa.5.xml:171 sssd-ad.5.xml:882
 msgid "dyndns_iface (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173 sssd-ad.5.xml:885
+#: sssd-ipa.5.xml:174 sssd-ad.5.xml:885
 msgid ""
 "Optional. Applicable only when dyndns_update is true. Choose the interface "
 "or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -7921,7 +8187,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180
+#: sssd-ipa.5.xml:181
 msgid ""
 "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
 "emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -7929,24 +8195,24 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:186
+#: sssd-ipa.5.xml:187
 msgid ""
 "Default: Use the IP addresses of the interface which is used for IPA LDAP "
 "connection"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:190 sssd-ad.5.xml:896
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:896
 msgid "Example: dyndns_iface = em1, vnet1, vnet2"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196 sssd-ad.5.xml:947
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:947
 msgid "dyndns_auth (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199 sssd-ad.5.xml:950
+#: sssd-ipa.5.xml:200 sssd-ad.5.xml:950
 msgid ""
 "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
 "updates with the DNS server, insecure updates can be sent by setting this "
@@ -7954,24 +8220,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:205 sssd-ad.5.xml:956
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:956
 msgid "Default: GSS-TSIG"
-msgstr "默认： 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:212
 msgid "ipa_enable_dns_sites (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:197
+#: sssd-ipa.5.xml:215 sssd-ad.5.xml:197
 msgid "Enables DNS sites - location based service discovery."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:218
+#: sssd-ipa.5.xml:219
 msgid ""
 "If true and service discovery (see Service Discovery paragraph at the bottom "
 "of the man page)  is enabled, then the SSSD will first attempt location "
@@ -7983,12 +8247,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:237 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:238 sssd-ad.5.xml:902
 msgid "dyndns_refresh_interval (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:240
+#: sssd-ipa.5.xml:241
 msgid ""
 "How often should the back end perform periodic DNS update in addition to the "
 "automatic update performed when the back end goes online.  This option is "
@@ -7996,234 +8260,276 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:920
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:920
 msgid "dyndns_update_ptr (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:923
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:923
 msgid ""
 "Whether the PTR record should also be explicitly updated when updating the "
 "client's DNS records.  Applicable only when dyndns_update is true."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:261
+#: sssd-ipa.5.xml:262
 msgid ""
 "This option should be False in most IPA deployments as the IPA server "
 "generates the PTR records automatically when forward records are changed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:268
 msgid "Default: False (disabled)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273 sssd-ad.5.xml:934
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:934
 msgid "dyndns_force_tcp (bool)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276 sssd-ad.5.xml:937
+#: sssd-ipa.5.xml:277 sssd-ad.5.xml:937
 msgid ""
 "Whether the nsupdate utility should default to using TCP for communicating "
 "with the DNS server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:941
+#: sssd-ipa.5.xml:281 sssd-ad.5.xml:941
 msgid "Default: False (let nsupdate choose the protocol)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:286 sssd-ad.5.xml:962
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:962
 msgid "dyndns_server (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:289 sssd-ad.5.xml:965
+#: sssd-ipa.5.xml:290 sssd-ad.5.xml:965
 msgid ""
 "The DNS server to use when performing a DNS update. In most setups, it's "
 "recommended to leave this option unset."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:294 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:295 sssd-ad.5.xml:970
 msgid ""
 "Setting this option makes sense for environments where the DNS server is "
 "different from the identity server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:299 sssd-ad.5.xml:975
+#: sssd-ipa.5.xml:300 sssd-ad.5.xml:975
 msgid ""
 "Please note that this option will be only used in fallback attempt when "
 "previous attempt using autodetected settings failed."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:304 sssd-ad.5.xml:980
+#: sssd-ipa.5.xml:305 sssd-ad.5.xml:980
 msgid "Default: None (let nsupdate choose the server)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:310
-msgid "ipa_hbac_search_base (string)"
+#: sssd-ipa.5.xml:311
+msgid "ipa_deskprofile_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Optional. Use the given string as search base for HBAC related objects."
+#: sssd-ipa.5.xml:314
+msgid ""
+"Optional. Use the given string as search base for Desktop Profile related "
+"objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:317
+#: sssd-ipa.5.xml:318 sssd-ipa.5.xml:331
 msgid "Default: Use base DN"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:324
+msgid "ipa_hbac_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:327
+msgid "Optional. Use the given string as search base for HBAC related objects."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:337
 msgid "ipa_host_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:326
+#: sssd-ipa.5.xml:340
 msgid "Optional. Use the given string as search base for host objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:330 sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 sssd-ipa.5.xml:387
-#: sssd-ipa.5.xml:406
+#: sssd-ipa.5.xml:344 sssd-ipa.5.xml:363 sssd-ipa.5.xml:382 sssd-ipa.5.xml:401
+#: sssd-ipa.5.xml:420
 msgid ""
 "See <quote>ldap_search_base</quote> for information about configuring "
 "multiple search bases."
 msgstr ""
 
 #. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:335 sssd-ipa.5.xml:354 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 include/ldap_search_bases.xml:27
 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:356
 msgid "ipa_selinux_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:345
+#: sssd-ipa.5.xml:359
 msgid "Optional. Use the given string as search base for SELinux user maps."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:375
 msgid "ipa_subdomains_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364
+#: sssd-ipa.5.xml:378
 msgid "Optional. Use the given string as search base for trusted domains."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:373
+#: sssd-ipa.5.xml:387
 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:380
+#: sssd-ipa.5.xml:394
 msgid "ipa_master_domain_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:383
+#: sssd-ipa.5.xml:397
 msgid "Optional. Use the given string as search base for master domain object."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:406
 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:399
+#: sssd-ipa.5.xml:413
 msgid "ipa_views_search_base (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:402
+#: sssd-ipa.5.xml:416
 msgid "Optional. Use the given string as search base for views containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:411
+#: sssd-ipa.5.xml:425
 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:435
 msgid ""
 "The name of the Kerberos realm. This is optional and defaults to the value "
 "of <quote>ipa_domain</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:425
+#: sssd-ipa.5.xml:439
 msgid ""
 "The name of the Kerberos realm has a special meaning in IPA - it is "
 "converted into the base DN to use for performing LDAP operations."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:433 sssd-ad.5.xml:989
+#: sssd-ipa.5.xml:447 sssd-ad.5.xml:989
 msgid "krb5_confd_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:436 sssd-ad.5.xml:992
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:992
 msgid ""
 "Absolute path of a directory where SSSD should place Kerberos configuration "
 "snippets."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:440 sssd-ad.5.xml:996
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:996
 msgid ""
 "To disable the creation of the configuration snippets set the parameter to "
 "'none'."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:444 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1000
 msgid ""
 "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:465
+msgid "ipa_deskprofile_refresh (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:468
 msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server. This will reduce the latency and load on the IPA server if there "
+"are many desktop profiles requests made in a short period."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ipa.5.xml:477 sssd-ad.5.xml:408
+#: sssd-ipa.5.xml:475 sssd-ipa.5.xml:505 sssd-ipa.5.xml:521 sssd-ad.5.xml:408
 msgid "Default: 5 (seconds)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:481
+msgid "ipa_deskprofile_request_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:484
+msgid ""
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server in case the last request did not return any rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:489
+msgid "Default: 60 (minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:495
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:498
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:511
 msgid "ipa_hbac_selinux (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:470
+#: sssd-ipa.5.xml:514
 msgid ""
 "The amount of time between lookups of the SELinux maps against the IPA "
 "server. This will reduce the latency and load on the IPA server if there are "
@@ -8231,192 +8537,192 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:527
 msgid "ipa_server_mode (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:486
+#: sssd-ipa.5.xml:530
 msgid ""
 "This option will be set by the IPA installer (ipa-server-install) "
 "automatically and denotes if SSSD is running on an IPA server or not."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:535
 msgid ""
 "On an IPA server SSSD will lookup users and groups from trusted domains "
 "directly while on a client it will ask an IPA server."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:502
+#: sssd-ipa.5.xml:546
 msgid "ipa_automount_location (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:505
+#: sssd-ipa.5.xml:549
 msgid "The automounter location this IPA client will be using"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508
+#: sssd-ipa.5.xml:552
 msgid "Default: The location named \"default\""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:516
+#: sssd-ipa.5.xml:560
 msgid "VIEWS AND OVERRIDES"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:525
+#: sssd-ipa.5.xml:569
 msgid "ipa_view_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:572
 msgid "Objectclass of the view container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:575
 msgid "Default: nsContainer"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:537
+#: sssd-ipa.5.xml:581
 msgid "ipa_view_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:540
+#: sssd-ipa.5.xml:584
 msgid "Name of the attribute holding the name of the view."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:550
+#: sssd-ipa.5.xml:594
 msgid "ipa_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:597
 msgid "Objectclass of the override objects."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:556
+#: sssd-ipa.5.xml:600
 msgid "Default: ipaOverrideAnchor"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:606
 msgid "ipa_anchor_uuid (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:565
+#: sssd-ipa.5.xml:609
 msgid ""
 "Name of the attribute containing the reference to the original object in a "
 "remote domain."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:613
 msgid "Default: ipaAnchorUUID"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:619
 msgid "ipa_user_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:578
+#: sssd-ipa.5.xml:622
 msgid ""
 "Name of the objectclass for user overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:583
+#: sssd-ipa.5.xml:627
 msgid "User overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:586
+#: sssd-ipa.5.xml:630
 msgid "ldap_user_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:589
+#: sssd-ipa.5.xml:633
 msgid "ldap_user_uid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:592
+#: sssd-ipa.5.xml:636
 msgid "ldap_user_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:595
+#: sssd-ipa.5.xml:639
 msgid "ldap_user_gecos"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:598
+#: sssd-ipa.5.xml:642
 msgid "ldap_user_home_directory"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:601
+#: sssd-ipa.5.xml:645
 msgid "ldap_user_shell"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:604
+#: sssd-ipa.5.xml:648
 msgid "ldap_user_ssh_public_key"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:653
 msgid "Default: ipaUserOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:615
+#: sssd-ipa.5.xml:659
 msgid "ipa_group_override_object_class (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:618
+#: sssd-ipa.5.xml:662
 msgid ""
 "Name of the objectclass for group overrides. It is used to determine if the "
 "found override object is related to a user or a group."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:623
+#: sssd-ipa.5.xml:667
 msgid "Group overrides can contain attributes given by"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:626
+#: sssd-ipa.5.xml:670
 msgid "ldap_group_name"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:629
+#: sssd-ipa.5.xml:673
 msgid "ldap_group_gid_number"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
+#: sssd-ipa.5.xml:678
 msgid "Default: ipaGroupOverride"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:518
+#: sssd-ipa.5.xml:562
 msgid ""
 "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
 "later version. Since all paths and objectclasses are fixed on the server "
@@ -8426,19 +8732,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:646
+#: sssd-ipa.5.xml:690
 msgid "SUBDOMAINS PROVIDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:692
 msgid ""
 "The IPA subdomains provider behaves slightly differently if it is configured "
 "explicitly or implicitly."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:652
+#: sssd-ipa.5.xml:696
 msgid ""
 "If the option 'subdomains_provider = ipa' is found in the domain section of "
 "sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -8446,7 +8752,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:658
+#: sssd-ipa.5.xml:702
 msgid ""
 "If the option 'subdomains_provider' is not set in the domain section of sssd."
 "conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -8458,7 +8764,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:675
+#: sssd-ipa.5.xml:719
 msgid ""
 "The following example assumes that SSSD is correctly configured and example."
 "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -8466,7 +8772,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:682
+#: sssd-ipa.5.xml:726
 #, no-wrap
 msgid ""
 "[domain/example.com]\n"
@@ -9342,10 +9648,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 #: sssd-ad.5.xml:819
-#, fuzzy
-#| msgid "Default: 3"
 msgid "Default: 30 days"
-msgstr "默认： 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 #: sssd-ad.5.xml:825
@@ -9356,10 +9660,10 @@ msgstr ""
 #: sssd-ad.5.xml:828
 msgid ""
 "This option should only be used to test the machine account renewal task. "
-"The option expect 2 integers seperated by a colon (':'). The first integer "
+"The option expects 2 integers separated by a colon (':'). The first integer "
 "defines the interval in seconds how often the task is run. The second "
-"specifies the inital timeout in seconds before the task is run for the first "
-"time after startup."
+"specifies the initial timeout in seconds before the task is run for the "
+"first time after startup."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -9463,8 +9767,8 @@ msgid ""
 "are included in the default Active Directory schema."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
+#. type: Content of: <reference><refentry><refmeta><refentrytitle>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
 msgid "sssd-sudo"
 msgstr ""
 
@@ -9787,12 +10091,12 @@ msgid "Run in the foreground, don't become a daemon."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117 sss_debuglevel.8.xml:42
+#: sssd.8.xml:117
 msgid "<option>-c</option>,<option>--config</option>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121 sss_debuglevel.8.xml:46
+#: sssd.8.xml:121
 msgid ""
 "Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
 "conf</filename>. For reference on the config file syntax and options, "
@@ -10218,10 +10522,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: sss_override.8.xml:261 sssctl.8.xml:50
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "COMMON OPTIONS"
-msgstr "选项"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_override.8.xml:263 sssctl.8.xml:52
@@ -10230,14 +10532,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_override.8.xml:268 sssctl.8.xml:57
-#, fuzzy
-#| msgid ""
-#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-#| "replaceable>"
 msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
 msgstr ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
 #: sss_useradd.8.xml:10 sss_useradd.8.xml:15
@@ -11429,16 +11725,10 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:186
-#, fuzzy
-#| msgid ""
-#| "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-#| "replaceable>"
 msgid ""
 "<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
 "replaceable>"
 msgstr ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:191
@@ -11447,14 +11737,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: sss_cache.8.xml:197
-#, fuzzy
-#| msgid ""
-#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-#| "replaceable>"
 msgid "<option>-R</option>,<option>--sudo-rules</option>"
 msgstr ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: sss_cache.8.xml:201
@@ -11482,7 +11766,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: sss_debuglevel.8.xml:16
-msgid "change debug level while SSSD is running"
+msgid "[DEPRECATED] change debug level while SSSD is running"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
@@ -11496,14 +11780,9 @@ msgstr ""
 #. type: Content of: <reference><refentry><refsect1><para>
 #: sss_debuglevel.8.xml:32
 msgid ""
-"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
-"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
-"running."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_debuglevel.8.xml:59
-msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl "
+"debug-level command. Please refer to the <command>sssctl</command> man page "
+"for more information on sssctl usage."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
@@ -11900,7 +12179,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <refsect1><title>
-#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:182 include/seealso.xml:2
+#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:180 include/seealso.xml:2
 msgid "SEE ALSO"
 msgstr "另见"
 
@@ -12073,7 +12352,7 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 #: idmap_sss.8.xml:16
-msgid "SSSSD's idmap_sss Backend for Winbind"
+msgid "SSSD's idmap_sss Backend for Winbind"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
@@ -12085,10 +12364,8 @@ msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
 #: idmap_sss.8.xml:29
-#, fuzzy
-#| msgid "OPTIONS"
 msgid "IDMAP OPTIONS"
-msgstr "选项"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 #: idmap_sss.8.xml:33
@@ -12102,11 +12379,6 @@ msgid ""
 "authoritative."
 msgstr ""
 
-#. type: Content of: <reference><refentry><refsect1><title>
-#: idmap_sss.8.xml:43
-msgid "EXAMPLES"
-msgstr ""
-
 #. type: Content of: <reference><refentry><refsect1><para>
 #: idmap_sss.8.xml:45
 msgid ""
@@ -12272,20 +12544,53 @@ msgid ""
 "nested."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:69
+msgid "secrets"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:70
+msgid "secrets for general usage"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:73
+msgid "kcm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:75
+msgid ""
+"used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:61
+msgid ""
+"Since the secrets responder can be used both externally to store general "
+"secrets, as described in the rest of this man page, but also internally by "
+"other SSSD components to store their secret material, some configuration "
+"options, like quotas can be configured per <quote>hive</quote> in a "
+"configuration subsection named after the hive. The currently supported hives "
+"are: <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:63
+#: sssd-secrets.5.xml:89
 msgid "USING THE SECRETS RESPONDER"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:65
+#: sssd-secrets.5.xml:91
 msgid ""
 "The UNIX socket the SSSD responder listens on is located at <filename>/var/"
 "run/secrets.socket</filename>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:84 sssd-kcm.8.xml:132
+#: sssd-secrets.5.xml:110
 #, no-wrap
 msgid ""
 "systemctl start sssd-secrets.socket\n"
@@ -12295,7 +12600,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:69
+#: sssd-secrets.5.xml:95
 msgid ""
 "The secrets responder is socket-activated by <citerefentry> "
 "<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </"
@@ -12310,7 +12615,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:96
+#: sssd-secrets.5.xml:122
 msgid ""
 "The generic SSSD responder options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the secrets responder.  Please refer "
@@ -12319,18 +12624,27 @@ msgid ""
 "there are some secrets-specific options as well."
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:132
+msgid ""
+"The secrets responder is configured with a global <quote>[secrets]</quote> "
+"section and an optional per-user <quote>[secrets/users/$uid]</quote> section "
+"in <filename>sssd.conf</filename>. Please note that some options, notably as "
+"the provider type, can only be specified in the per-user subsections."
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:107
+#: sssd-secrets.5.xml:141
 msgid "provider (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:120
+#: sssd-secrets.5.xml:157
 msgid "local"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:123
+#: sssd-secrets.5.xml:160
 msgid ""
 "The secrets are stored in a local database, encrypted at rest with a master "
 "key. The local provider does not have any additional config options at the "
@@ -12338,149 +12652,190 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:131
+#: sssd-secrets.5.xml:168
 msgid "proxy"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:134
+#: sssd-secrets.5.xml:171
 msgid ""
 "The secrets responder forwards the requests to a Custodia server. The proxy "
 "provider supports several additional options (see below)."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:110
+#: sssd-secrets.5.xml:144
 msgid ""
 "This option specifies where should the secrets be stored. The secrets "
-"responder can configure a per-user subsections that define which provider "
-"store the secrets for this particular user. The per-user subsections should "
-"contain all options for that user's provider. If a per-user section does not "
-"exist, the global settings from the secret responder's section are used.  "
-"The following providers are supported: <placeholder type=\"variablelist\" id="
-"\"0\"/>"
+"responder can configure a per-user subsections (e.g. <quote>[secrets/"
+"users/123]</quote> - see bottom of this manual page for a full example using "
+"Custodia for a particular user) that define which provider store the secrets "
+"for this particular user. The per-user subsections should contain all "
+"options for that user's provider. Please note that currently the global "
+"provider is always local, the proxy provider can only be specified in a per-"
+"user section. The following providers are supported: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:143
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-secrets.5.xml:180
 msgid "Default: local"
-msgstr "默认： 3"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:186
+msgid ""
+"The following options affect only the secrets <quote>hive</quote> and "
+"therefore should be set in a per-hive subsection. Setting the option to 0 "
+"means \"unlimited\"."
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:148
+#: sssd-secrets.5.xml:192
 msgid "containers_nest_level (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:151
+#: sssd-secrets.5.xml:195
 msgid "This option specifies the maximum allowed number of nested containers."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:155
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-secrets.5.xml:199
 msgid "Default: 4"
-msgstr "默认： 3"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:160
+#: sssd-secrets.5.xml:204
 msgid "max_secrets (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:163
-msgid "This option specifies the maximum number of secrets that can be stored."
+#: sssd-secrets.5.xml:207
+msgid ""
+"This option specifies the maximum number of secrets that can be stored in "
+"the hive."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:167
-#, fuzzy
-#| msgid "Default: 3"
-msgid "Default: 1024"
-msgstr "默认： 3"
+#: sssd-secrets.5.xml:211
+msgid "Default: 1024 (secrets hive), 256 (kcm hive)"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:172
+#: sssd-secrets.5.xml:216
+msgid "max_uid_secrets (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:219
+msgid ""
+"This option specifies the maximum number of secrets that can be stored per-"
+"UID in the hive."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:223
+msgid "Default: 256 (secrets hive), 64 (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:228
 msgid "max_payload_size (integer)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:175
+#: sssd-secrets.5.xml:231
 msgid ""
 "This option specifies the maximum payload size allowed for a secret payload "
 "in kilobytes."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:179
-#, fuzzy
-#| msgid "Default: 3"
-msgid "Default: 16"
-msgstr "默认： 3"
+#: sssd-secrets.5.xml:235
+msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-secrets.5.xml:244
+#, no-wrap
+msgid ""
+"[secrets/secrets]\n"
+"max_payload_size = 128\n"
+"\n"
+"[secrets/kcm]\n"
+"max_payload_size = 256\n"
+"            "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:241
+msgid ""
+"For example, to adjust quotas differently for both the <quote>secrets</"
+"quote> and the <quote>kcm</quote> hives, configure the following: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:185
+#: sssd-secrets.5.xml:252
 msgid ""
 "The following options are only applicable for configurations that use the "
 "<quote>proxy</quote> provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:190
+#: sssd-secrets.5.xml:257
 msgid "proxy_url (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:193
+#: sssd-secrets.5.xml:260
 msgid ""
 "The URL the Custodia server is listening on. At the moment, http and https "
 "protocols are supported."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:200
+#: sssd-secrets.5.xml:267
 msgid "http[s]://&lt;host&gt;[:port]"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:203
+#: sssd-secrets.5.xml:270
 msgid "Example: http://localhost:8080"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:208
+#: sssd-secrets.5.xml:275
 msgid "auth_type (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:211
+#: sssd-secrets.5.xml:278
 msgid ""
 "The method to use when authenticating to a Custodia server. The following "
 "authentication methods are supported:"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:216
+#: sssd-secrets.5.xml:283
 msgid "basic_auth"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:219
+#: sssd-secrets.5.xml:286
 msgid ""
 "Authenticate with a username and a password as set in the <quote>username</"
 "quote> and <quote>password</quote> options."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:226
+#: sssd-secrets.5.xml:293
 msgid "header"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:229
+#: sssd-secrets.5.xml:296
 msgid ""
 "Authenticate with HTTP header value as defined in the "
 "<quote>auth_header_name</quote> and <quote>auth_header_value</quote> "
@@ -12488,12 +12843,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:240
+#: sssd-secrets.5.xml:307
 msgid "auth_header_name (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:243
+#: sssd-secrets.5.xml:310
 msgid ""
 "If set, the secrets responder would put a header with this name into the "
 "HTTP request with the value defined in the <quote>auth_header_value</quote> "
@@ -12501,81 +12856,81 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:248
+#: sssd-secrets.5.xml:315
 msgid "Example: MYSECRETNAME"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:253
+#: sssd-secrets.5.xml:320
 msgid "auth_header_value (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:256
+#: sssd-secrets.5.xml:323
 msgid ""
 "The value sssd-secrets would use for the <quote>auth_header_name</quote>."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:260
+#: sssd-secrets.5.xml:327
 msgid "Example: mysecret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:265
+#: sssd-secrets.5.xml:332
 msgid "forward_headers (list of strings)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:268
+#: sssd-secrets.5.xml:335
 msgid ""
 "The list of HTTP headers to forward to the Custodia server together with the "
 "request."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:277
+#: sssd-secrets.5.xml:344
 msgid "verify_peer (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:280
+#: sssd-secrets.5.xml:347
 msgid ""
 "Whether peer's certificate should be verified and valid if HTTPS protocol is "
 "used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:289
+#: sssd-secrets.5.xml:356
 msgid "verify_host (boolean)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:292
+#: sssd-secrets.5.xml:359
 msgid ""
 "Whether peer's hostname must match with hostname in its certificate if HTTPS "
 "protocol is used with the proxy provider."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:302
+#: sssd-secrets.5.xml:369
 msgid "capath (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:305
+#: sssd-secrets.5.xml:372
 msgid ""
 "Path to directory containing stored certificate authority certificates. "
 "System default path is used if this option is not set."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:315
+#: sssd-secrets.5.xml:382
 msgid "cacert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:318
+#: sssd-secrets.5.xml:385
 msgid ""
 "Path to file containing server's certificate authority certificate. If this "
 "option is not set then the CA's certificate is looked up in <quote>capath</"
@@ -12583,12 +12938,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:328
+#: sssd-secrets.5.xml:395
 msgid "cert (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:331
+#: sssd-secrets.5.xml:398
 msgid ""
 "Path to file containing client's certificate if required by the server. This "
 "file may also contain private key or the private key may be in separate file "
@@ -12596,22 +12951,22 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:342
+#: sssd-secrets.5.xml:409
 msgid "key (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:345
+#: sssd-secrets.5.xml:412
 msgid "Path to file containing client's private key."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:355
+#: sssd-secrets.5.xml:422
 msgid "USING THE REST API"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:357
+#: sssd-secrets.5.xml:424
 msgid ""
 "This section lists the available commands and includes examples using the "
 "<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> "
@@ -12626,19 +12981,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:374
+#: sssd-secrets.5.xml:441
 msgid "Listing secrets"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:377
+#: sssd-secrets.5.xml:444
 msgid ""
 "To list the available secrets, send a HTTP GET request with a trailing slash "
 "appended to the container path."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:383
+#: sssd-secrets.5.xml:450
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12648,19 +13003,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:391
+#: sssd-secrets.5.xml:458
 msgid "Retrieving a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:394
+#: sssd-secrets.5.xml:461
 msgid ""
 "To read a value of a single secret, send a HTTP GET request without a "
 "trailing slash. The last portion of the URI is the name of the secret."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:401
+#: sssd-secrets.5.xml:468
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12670,7 +13025,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:406
+#: sssd-secrets.5.xml:473
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -12680,19 +13035,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:399
+#: sssd-secrets.5.xml:466
 msgid ""
 "Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
 "\"programlisting\" id=\"1\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:414
+#: sssd-secrets.5.xml:481
 msgid "Setting a secret"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:417
+#: sssd-secrets.5.xml:484
 msgid ""
 "To set a secret using the <quote>application/json</quote> type, send a HTTP "
 "PUT request with a JSON payload that includes type and value. The type "
@@ -12701,14 +13056,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:425
+#: sssd-secrets.5.xml:492
 msgid ""
 "The <quote>application/json</quote> type just sends the secret as the "
 "message payload."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:434
+#: sssd-secrets.5.xml:501
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12719,7 +13074,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:440
+#: sssd-secrets.5.xml:507
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -12730,7 +13085,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:429
+#: sssd-secrets.5.xml:496
 msgid ""
 "The following example sets a secret named 'foo' to a value of 'foosecret' "
 "and a secret named 'bar' to a value of 'barsecret' using a different Content "
@@ -12739,12 +13094,12 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:449
+#: sssd-secrets.5.xml:516
 msgid "Creating a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:452
+#: sssd-secrets.5.xml:519
 msgid ""
 "Containers provide an additional namespace for this user's secrets. To "
 "create a container, send a HTTP POST request, whose URI ends with the "
@@ -12752,7 +13107,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:462
+#: sssd-secrets.5.xml:529
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12762,14 +13117,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:459
+#: sssd-secrets.5.xml:526
 msgid ""
 "The following example creates a container named 'mycontainer': <placeholder "
 "type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:471
+#: sssd-secrets.5.xml:538
 #, no-wrap
 msgid ""
 "http://localhost/secrets/mycontainer/mysecret\n"
@@ -12777,26 +13132,26 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:468
+#: sssd-secrets.5.xml:535
 msgid ""
 "To manipulate secrets under this container, just nest the secrets underneath "
 "the container path: <placeholder type=\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:477
+#: sssd-secrets.5.xml:544
 msgid "Deleting a secret or a container"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:480
+#: sssd-secrets.5.xml:547
 msgid ""
 "To delete a secret or a container, send a HTTP DELETE request with a path to "
 "the secret or the container."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:486
+#: sssd-secrets.5.xml:553
 #, no-wrap
 msgid ""
 "curl -H \"Content-Type: application/json\" \\\n"
@@ -12806,19 +13161,19 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:484
+#: sssd-secrets.5.xml:551
 msgid ""
 "The following example deletes a secret named 'foo'.  <placeholder type="
 "\"programlisting\" id=\"0\"/>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:496
+#: sssd-secrets.5.xml:563
 msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:498
+#: sssd-secrets.5.xml:565
 msgid ""
 "For testing the proxy provider, you need to set up a Custodia server to "
 "proxy requests to. Please always consult the Custodia documentation, the "
@@ -12826,7 +13181,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:509
+#: sssd-secrets.5.xml:576
 #, no-wrap
 msgid ""
 "[global]\n"
@@ -12856,7 +13211,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:503
+#: sssd-secrets.5.xml:570
 msgid ""
 "This configuration will set up a Custodia server listening on http://"
 "localhost:8080, allowing anyone with header named MYSECRETNAME set to "
@@ -12866,14 +13221,14 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:535
+#: sssd-secrets.5.xml:602
 msgid ""
 "Then run the <replaceable>custodia</replaceable> command, pointing it at the "
 "config file as a command line argument."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:539
+#: sssd-secrets.5.xml:606
 msgid ""
 "Please note that currently it's not possible to proxy all requests globally "
 "to a Custodia instance. Instead, per-user subsections for user IDs that "
@@ -12884,7 +13239,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><programlisting>
-#: sssd-secrets.5.xml:547
+#: sssd-secrets.5.xml:614
 #, no-wrap
 msgid ""
 "[secrets]\n"
@@ -12899,6 +13254,73 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-session-recording.5.xml:16
+msgid "sssd-session-recording"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-session-recording.5.xml:17
+msgid "Configuring session recording with SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:23
+msgid ""
+"This manual page describes how to configure <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to "
+"implement user session recording on text terminals.  For a detailed "
+"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> "
+"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:41
+msgid ""
+"SSSD can be set up to enable recording of everything specific users see or "
+"type during their sessions on text terminals. E.g.  when users log in on the "
+"console, or via SSH. SSSD itself doesn't record anything, but makes sure "
+"tlog-rec-session is started upon user login, so it can record according to "
+"its configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:48
+msgid ""
+"For users with session recording enabled, SSSD replaces the user shell with "
+"tlog-rec-session in NSS responses, and adds a variable specifying the "
+"original shell to the user environment, upon PAM session setup. This way "
+"tlog-rec-session can be started in place of the user shell, and know which "
+"actual shell to start, once it set up the recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:60
+#, fuzzy
+#| msgid "These options can be used to configure any service."
+msgid "These options can be used to configure the session recording."
+msgstr "这些选项可被用于配置任何服务。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:146
+msgid ""
+"The following snippet of sssd.conf enables session recording for users "
+"\"contractor1\" and \"contractor2\", and group \"students\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-session-recording.5.xml:151
+#, no-wrap
+msgid ""
+"[session_recording]\n"
+"scope = some\n"
+"users = contractor1, contractor2\n"
+"groups = students\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
 #: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
 msgid "sssd-kcm"
 msgstr ""
@@ -13015,7 +13437,6 @@ msgstr ""
 msgid ""
 "systemctl start sssd-kcm.socket\n"
 "systemctl enable sssd-kcm.socket\n"
-"systemctl enable sssd-kcm.service\n"
 "            "
 msgstr ""
 
@@ -13032,12 +13453,21 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-kcm.8.xml:123
+#: sssd-kcm.8.xml:122
 msgid "THE CREDENTIAL CACHE STORAGE"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:131
+#, no-wrap
+msgid ""
+"systemctl start sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.socket\n"
+"            "
+msgstr ""
+
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:125
+#: sssd-kcm.8.xml:124
 msgid ""
 "The credential caches are stored in the SSSD secrets service (see "
 "<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
@@ -13048,7 +13478,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:143
+#: sssd-kcm.8.xml:141
 msgid ""
 "The KCM service is configured in the <quote>kcm</quote> section of the sssd."
 "conf file. Please note that currently, is it not sufficient to restart the "
@@ -13061,7 +13491,7 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:157
+#: sssd-kcm.8.xml:155
 msgid ""
 "The generic SSSD service options such as <quote>debug_level</quote> or "
 "<quote>fd_limit</quote> are accepted by the kcm service.  Please refer to "
@@ -13071,28 +13501,408 @@ msgid ""
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-kcm.8.xml:168
+#: sssd-kcm.8.xml:166
 msgid "socket_path (string)"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:171
+#: sssd-kcm.8.xml:169
 msgid "The socket the KCM service will listen on."
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:174
+#: sssd-kcm.8.xml:172
 msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
 msgstr ""
 
 #. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:184
+#: sssd-kcm.8.xml:182
 msgid ""
 "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
 "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
 "refentrytitle><manvolnum>5</manvolnum> </citerefentry>,"
 msgstr ""
 
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
+msgid "sssd-systemtap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-systemtap.5.xml:17
+msgid "SSSD systemtap information"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:23
+msgid ""
+"This manual page provides information about the systemtap functionality in "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:32
+msgid ""
+"SystemTap Probe points have been added into various locations in SSSD code "
+"to assist in troubleshooting and analyzing performance related issues."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:40
+msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:46
+msgid ""
+"Probes and miscellaneous functions are defined in /usr/share/systemtap/"
+"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp "
+"respectively."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-systemtap.5.xml:57
+msgid "PROBE POINTS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:341
+msgid ""
+"The information below lists the probe points and arguments available in the "
+"following format:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:64
+msgid "probe $name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:67
+msgid "Description of probe point"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:70
+#, no-wrap
+msgid ""
+"variable1:datatype\n"
+"variable2:datatype\n"
+"variable3:datatype\n"
+"...\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:80
+msgid "Database Transaction Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:84
+msgid "probe sssd_transaction_start"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:87
+msgid ""
+"Start of a sysdb transaction, probes the sysdb_transaction_start() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118
+#: sssd-systemtap.5.xml:131
+#, no-wrap
+msgid ""
+"nesting:integer\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:97
+msgid "probe sssd_transaction_cancel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:100
+msgid ""
+"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel()  "
+"function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:111
+msgid "probe sssd_transaction_commit_before"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:114
+msgid "Probes the sysdb_transaction_commit_before()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:124
+msgid "probe sssd_transaction_commit_after"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:127
+msgid "Probes the sysdb_transaction_commit_after()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:141
+msgid "LDAP Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:145
+msgid "probe sdap_search_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:148
+msgid "Probes the sdap_get_generic_ext_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:152 sssd-systemtap.5.xml:167 sssd-systemtap.5.xml:196
+#, no-wrap
+msgid ""
+"base:string\n"
+"scope:integer\n"
+"filter:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:160
+msgid "probe sdap_search_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:163
+msgid "Probes the sdap_get_generic_ext_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:175
+msgid "probe sdap_deref_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:178
+msgid "Probes the sdap_deref_search_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:182
+#, no-wrap
+msgid ""
+"base_dn:string\n"
+"deref_attr:string\n"
+"probestr:string\n"
+"                        "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:189
+msgid "probe sdap_deref_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:192
+msgid "Probes the sdap_deref_search_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:208
+msgid "LDAP Account Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:212
+msgid "probe sdap_acct_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:215
+msgid "Probes the sdap_acct_req_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:219 sssd-systemtap.5.xml:234
+#, no-wrap
+msgid ""
+"entry_type:int\n"
+"filter_type:int\n"
+"filter_value:string\n"
+"extra_value:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:227
+msgid "probe sdap_acct_req_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:230
+msgid "Probes the sdap_acct_req_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:246
+msgid "LDAP User Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:250
+msgid "probe sdap_search_user_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:253
+msgid "Probes the sdap_search_user_send()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
+#: sssd-systemtap.5.xml:293
+#, no-wrap
+msgid ""
+"filter:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:262
+msgid "probe sdap_search_user_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:265
+msgid "Probes the sdap_search_user_recv()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:274
+msgid "probe sdap_search_user_save_begin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:277
+msgid "Probes the sdap_search_user_save_begin()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:286
+msgid "probe sdap_search_user_save_end"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:289
+msgid "Probes the sdap_search_user_save_end()  function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:302
+msgid "Data Provider Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:306
+msgid "probe dp_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:309
+msgid "A Data Provider request is submitted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:312
+#, no-wrap
+msgid ""
+"dp_req_domain:string\n"
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:320
+msgid "probe dp_req_done"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:323
+msgid "A Data Provider request is completed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:326
+#, no-wrap
+msgid ""
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"dp_ret:int\n"
+"dp_errorstr:string\n"
+"                       "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:339
+msgid "MISCELLANEOUS FUNCTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:346
+msgid "function acct_req_desc(entry_type)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:349
+msgid "Convert entry_type to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:354
+msgid ""
+"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
+"filter_value, extra_value)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:358
+msgid "Create probe string based on filter type"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:363
+msgid "function dp_target_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:366
+msgid "Convert target to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:371
+msgid "function dp_method_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:374
+msgid "Convert method to string and return string"
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/service_discovery.xml:2
 msgid "SERVICE DISCOVERY"
@@ -13242,6 +14052,67 @@ msgid ""
 "offline mode, and then attempts to reconnect every 30 seconds."
 msgstr ""
 
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:53
+msgid "Failover time outs and tuning"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:55
+msgid ""
+"Resolving a server to connect to can be as simple as running a single DNS "
+"query or can involve several steps, such as finding the correct site or "
+"trying out multiple host names in case some of the configured servers are "
+"not reachable. The more complex scenarios can take some time and SSSD needs "
+"to balance between providing enough time to finish the resolution process "
+"but on the other hand, not trying for too long before falling back to "
+"offline mode. If the SSSD debug logs show that the server resolution is "
+"timing out before a live server is contacted, you can consider changing the "
+"time outs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:76
+msgid "dns_resolver_op_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:80
+msgid "How long would SSSD talk to a single DNS server."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:86
+msgid "dns_resolver_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:90
+msgid ""
+"How long would SSSD try to resolve a failover service. This service "
+"resolution internally might include several steps, such as resolving DNS SRV "
+"queries or locating the site."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:67
+msgid ""
+"This section lists the available tunables. Please refer to their description "
+"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, manual page.  <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:100
+msgid ""
+"For LDAP-based providers, the resolve operation is performed as part of an "
+"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"quote> timeout should be set to a larger value than "
+"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
+"value than <quote>dns_resolver_op_timeout</quote>."
+msgstr ""
+
 #. type: Content of: <refsect1><title>
 #: include/ldap_id_mapping.xml:2
 msgid "ID MAPPING"
@@ -13821,34 +14692,37 @@ msgid ""
 "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
 "citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> "
 "<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+"citerefentry>, </phrase> <citerefentry> <refentrytitle>sssd-session-"
+"recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, "
+"<citerefentry> <refentrytitle>sss_cache</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
-"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
+"\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
 "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
 "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
 "refentrytitle><manvolnum>8</manvolnum> </citerefentry>.  <citerefentry> "
 "<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
+"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
+"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> </phrase>"
 msgstr ""
 
 #. type: Content of: <listitem><para>
@@ -14139,42 +15013,37 @@ msgstr ""
 msgid "ldap_user_auth_type = ipaUserAuthType"
 msgstr ""
 
-#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:88
-msgid "ldap_user_certificate = userCertificate;binary"
-msgstr ""
-
 #. type: Content of: <refsect1><refsect2><title>
-#: include/ipa_modified_defaults.xml:94
+#: include/ipa_modified_defaults.xml:89
 msgid "LDAP Provider - Group options"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:98
+#: include/ipa_modified_defaults.xml:93
 msgid "ldap_group_object_class = ipaUserGroup"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:103
+#: include/ipa_modified_defaults.xml:98
 msgid "ldap_group_object_class_alt = posixGroup"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:108
+#: include/ipa_modified_defaults.xml:103
 msgid "ldap_group_member = member"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:113
+#: include/ipa_modified_defaults.xml:108
 msgid "ldap_group_uuid = ipaUniqueID"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:118
+#: include/ipa_modified_defaults.xml:113
 msgid "ldap_group_objectsid = ipaNTSecurityIdentifier"
 msgstr ""
 
 #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:123
+#: include/ipa_modified_defaults.xml:118
 msgid "ldap_group_external_member = ipaExternalMember"
 msgstr ""